Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:
All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
Pending report limits are increased for all
It’s possible to earn up to $31,200 for high impact vulnerabilities!
Last week, there were 223 vulnerabilities disclosed in 207 WordPress Plugins and 4 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
WAF-RULE-756 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status
Number of Vulnerabilities
Patched
97
Unpatched
126
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating
Number of Vulnerabilities
Medium Severity
152
High Severity
39
Critical Severity
32
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE
Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
100
Cross-Site Request Forgery (CSRF)
32
Unrestricted Upload of File with Dangerous Type
17
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
15
Missing Authorization
12
Deserialization of Untrusted Data
10
Exposure of Sensitive Information to an Unauthorized Actor
7
Improper Control of Generation of Code (‘Code Injection’)
5
Authentication Bypass Using an Alternate Path or Channel
4
Authorization Bypass Through User-Controlled Key
4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
4
Incorrect Privilege Assignment
4
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
3
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
1
Improper Check or Handling of Exceptional Conditions
1
Improper Privilege Management
1
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
1
Server-Side Request Forgery (SSRF)
1
Weak Password Recovery Mechanism for Forgotten Password
1
Researchers That Contributed to WordPress Security Last Week
Researcher Name
Number of Vulnerabilities
24
22
18
16
13
12
8
6
6
6
6
5
4
4
4
4
4
4
4
3
3
3
3
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name
Software Slug
AADMY – Add Auto Date Month Year Into Posts
auto-date-year-month
AB Categories Search Widget
ab-categories-search-widget
Accordion Slider
accordion-slider
Ad Inserter – Ad Manager & AdSense Ads
ad-inserter
Add Categories Post Footer
add-categories-post-footer
Add Widget After Content
add-widget-after-content
Adding drop down roles in registration
user-drop-down-roles-in-registration
ADIF Log Search Widget
adif-log-search-widget
Admin Management Xtended
admin-management-xtended
Advanced Advertising System
advanced-advertising-system
Advanced Category and Custom Taxonomy Image
advanced-category-and-custom-taxonomy-image
Advanced Custom Fields
advanced-custom-fields
Advanced Custom Fields Pro
advanced-custom-fields-pro
Affiliator
affiliator-lite
Ahime Image Printer
ahime-image-printer
Ahmeti Wp Timeline
ahmeti-wp-timeline
Ajax Custom CSS/JS
ajax-awesome-css
Ajax Rating with Custom Login
ajax-rating-with-custom-login
ajax-extend
ajax-extend
Akismet htaccess writer
akismet-htaccess-writer
Analyse Uploads
analyse-uploads
Animator – Scroll Triggered Animations
scroll-triggered-animations
Apa Banner Slider
apa-banner-slider
APA Register Newsletter Form
apa-register-newsletter-form
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
simply-schedule-appointments
AppPresser – Mobile App Framework
apppresser
Arconix Shortcodes
arconix-shortcodes
Arkhe Blocks
arkhe-blocks
Author Discussion
author-discussion
Awesome Contact Form7 for Elementor
awesome-contact-form7-for-elementor
Azz Anonim Posting
azz-anonim-posting
Back Link Tracker
back-link-tracker
Better Author Bio
better-author-bio
Booking.com Banner Creator
bookingcom-banner-creator
Branding
branding
BuddyPress Better Registration
better-bp-registration
Bulk images optimizer: Resize, optimize, convert to webp, rename …
bulk-image-resizer
bVerse Convert
bverse-convert
Calculated Fields Form
calculated-fields-form
CJ Change Howdy
cj-change-howdy
Click to Chat – WP Support All-in-One Floating Widget
support-chat
Clio Grow Form
clio-grow-form
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
publishpress-authors
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App
peepso-core
Community Lite Video Chat
avchat-3
Contact Form by Supsystic
contact-form-by-supsystic
Contact Forms, Live Support, CRM, Video Messages
live-support-tickets
Cooked Pro
cooked-pro
Cookie Scanner – automated cookie list
cookie-scanner
Country Flags for Elementor
country-flags-for-elementor
Crazy Call To Action Box
crazy-call-to-action-box
cSlider
cslider
CSV Product Import Export for WooCommerce
csv-wc-product-import-export
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x
woo-multi-currency
Custom Add to Cart Button Label and Link
woo-custom-cart-button
Customer Email Verification for WooCommerce
emails-verification-for-woocommerce
Da Reactions
da-reactions
Debrandify · Remove or Replace WordPress Branding
debrandify
Digital Lottery
digital-lottery
Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons
woo-discount-rules
DPD Baltic Shipping
woo-shipping-dpd-baltic
Duplicate Title Validate
duplicate-title-validate
Dynamic Elementor Addons
dynamic-elementor-addons
Easy Addons for Elementor
easy-addons-for-elementor
Easy Menu Manager | WPZest
easy-menu-manager-wpzest
Edit WooCommerce Templates
woo-edit-templates
Edwiser Bridge – WordPress Moodle LMS Integration
edwiser-bridge
El mejor Cluster
mejorcluster
Elemenda
elemenda
ElementInvader Addons for Elementor
elementinvader-addons-for-elementor
Elementor Website Builder – More than Just a Page Builder
elementor
ElementsReady Addons for Elementor
element-ready-lite
Email Template Customizer for WooCommerce
email-template-customizer-for-woo
Encyclopedia / Glossary / Wiki
encyclopedia-lexicon-glossary-wiki-dictionary
Endless Posts Navigation
endless-posts-navigation
EventON Pro
eventon
Events Addon for Elementor
events-addon-for-elementor
Exclusive Addons for Elementor
exclusive-addons-for-elementor
Feed Comments Number
feed-comments-number
FERMA.ru.net
ferma-ru-net-checkout
File Manager Pro
wp-file-manager-pro
Flat UI Button
flat-ui-button
Flexmls® IDX Plugin
flexmls-idx
Fonto – Custom Web Fonts Manager
fonto
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator
FREE DOWNLOAD MANAGER
free-download-manager
Free Stock Photos Foter
free-stock-photos-foter
G Meta Keywords
g-meta-keywords
Gantry 4 Framework
gantry
GERRYWORKS Post by Mail
gerryworks-post-by-mail
GetResponse Forms by Optin Cat
getresponse
Giveaway Boost
giveaway-boost
GiveWP – Donation Plugin and Fundraising Platform
give
Google Map Locations
google-map-locations
GoogleDrive folder list
googledrive-folder-list
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file
htaccess-file-editor
Hyperlink Group Block
hyperlink-group-block
IdeaPush
ideapush
Infinite-Scroll
infinite-scroll
Jetpack – WP Security, Backup, Speed, & Growth
jetpack
JiangQie Free Mini Program
jiangqie-free-mini-program
Job Board Manager for WordPress
jemployee
Kama SpamBlock
kama-spamblock
Leyka
leyka
Lightbox slider – Responsive Lightbox Gallery
simple-lightbox-gallery
Limb Gallery | Create Beautiful Image & Video Galleries
limb-gallery
Linked Variation for WooCommerce
linked-variation-for-woocommerce
Locatoraid Store Locator
locatoraid
Maan Addons For Elementor
maan-elementor-addons
MAS Companies For WP Job Manager
mas-wp-job-manager-company
MAS Elementor
mas-addons-for-elementor
Mighty Builder – Drag & Drop WordPress Page Builder
mighty-builder
Miniorange OTP Verification with Firebase
miniorange-firebase-sms-otp-verification
Mitm Bug Tracker
mitm-bug-tracker
Most And Least Read Posts Widget
most-and-least-read-posts-widget
Multiline files upload for contact form 7
multiline-files-for-contact-form-7
My Favorites
my-favorites
My Reading Library
my-reading-library
MyTweetLinks
mytweetlinks
Nextend Social Login Pro
nextend-social-login-pro
Nice Backgrounds
nicebackgrounds
Omnipress
omnipress
Parallax Image
parallax-image
Parcel Pro
woo-parcel-pro
PeproDev Ultimate Invoice
pepro-ultimate-invoice
Photo Gallery Builder
photo-gallery-builder
Photo Gallery Slideshow & Masonry Tiled Gallery
wp-responsive-photo-gallery
photokit
photokit
Pinpoint Booking System – #1 WordPress Booking Plugin
booking-system
Plexx Elementor Extension
plexx-elementor-extension
Plugin Name: Sovratec Case Management
sovratec-case-management
Point Maker
point-maker
Post From Frontend
post-from-frontend
Primary Addon for Elementor
primary-addon-for-elementor
Product Customizer Light
product-customizer-light
Product Website Showcase
product-websites-showcase
ProfileGrid – User Profiles, Groups and Communities
profilegrid-user-profiles-groups-and-communities
Property Lot Management System
plms
Rate Own Post
rate-own-post
Recently – Viewed, Most Viewed and Sold Products for WooCommerce
recently-viewed-most-viewed-and-sold-products-for-woocommerce
ReDi Restaurant Reservation
redi-restaurant-reservation
Responsive Lightbox & Gallery
responsive-lightbox
Responsive Pricing Table Builder – wpPricing Builder
wppricing-builder-lite-responsive-pricing-table-builder
Royal Elementor Addons and Templates
royal-elementor-addons
RS-Members
rs-members
RSS Feed Widget
rss-feed-widget
SafetyForms – Create forms with Real-time Email Validation
safetymails-forms
Secure Custom Fields
advanced-custom-fields
SendGrid for WordPress
wp-sendgrid-mailer
SendPulse Free Web Push
sendpulse-web-push
SEO Manager
seo-manager
SermonAudio Widgets
sermonaudio-widgets
Shipyaari Shipping Management
shipyaari-shipping-managment
Simple Code Insert Shortcode
simple-code-insert-shortcode
Simple Custom Post Order
simple-custom-post-order
Simple Testimonials Showcase
simple-testimonials-showcase
Simple User Registration
wp-registration
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
sina-extension-for-elementor
SiteBuilder Dynamic Components
sitebuilder-dynamic-components
SlimStat Analytics
wp-slimstat
Smart Blocks
smart-blocks
Smart Online Order for Clover
clover-online-orders
Social Auto Poster
social-auto-poster
Social Link Groups
social-link-groups
Social Share With Floating Bar
social-share-with-floating-bar
StreamWeasels Twitch Integration
streamweasels-twitch-integration
Suki Sites Import
suki-sites-import
Surfer – WordPress Plugin
surferseo
SW Contact Form
sw-contact-form
Table of Contents Plus
table-of-contents-plus
TAKETIN To WP Membership
taketin-to-wp-membership
The Ultimate WordPress Toolkit – WP Extended
wpextended
Themesflat Addons For Elementor
themesflat-addons-for-elementor
Time Clock Pro
time-clock-pro
Time Clock – A WordPress Employee & Volunteer Time Clock Plugin
time-clock
Tito
tito
Ultimate AI
Ultimate_AI
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
ultraaddons-elementor-lite
Unlimited Addon For Elementor
unlimited-addon-for-elementor
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
unlimited-elements-for-elementor
VKontakte Wall Post
vkontakte-wall-post
VOD Infomaniak
vod-infomaniak
Woo Manage Fraud Orders
woo-manage-fraud-orders
WooCommerce
woocommerce
Woostagram Connect
woostagram-connect
WordPress Image SEO
wp-image-seo
WordPress Portfolio Builder – Portfolio Gallery
uber-grid
WordPress Social Share Buttons
share-button
WordPress Video
wordpress-video
WP 2FA with Telegram
two-factor-login-telegram
WP Content Copy Protection & No Right Click
wp-content-copy-protector
WP Dropbox Dropins
wp-dropbox-dropins
WP Easy Post Types
easy-post-types
WP Education – Education WordPress Plugin for Elementor
wp-education
WP Photo Album Plus
wp-photo-album-plus
WP Popup Builder – Popup Forms and Marketing Lead Generation
wp-popup-builder
WP REST API FNS Plugin
rest-api-fns
WP SendFox
wp-sendfox
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
timetics
WP ULike – All-in-One Engagement Toolkit
wp-ulike
WP VR – 360 Panorama and Virtual Tour Builder For WordPress
wpvr
WP-Spreadplugin
wp-spreadplugin
WPIDE – File Manager & Code Editor
wpide
Wsify widget
wsify-widget
Zita Elementor Site Library
zita-site-library
Zoho CRM Lead Magnet
zoho-crm-forms
افزونه پیامک ووکامرس Persian WooCommerce SMS
persian-woocommerce-sms
WordPress Themes with Reported Vulnerabilities Last Week
Software Name
Software Slug
Digitally
digitally
Disconnected
disconnected
my flatonica
my-flatonica
my wooden under construction
my-wooden-under-construction
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49217
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49624
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49326
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49245
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49254
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49253
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49257
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49247
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49291
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49242
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49216
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49332
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9634
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49314
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49322
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9863
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9862
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49318
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9893
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49610
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49611
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49218
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49626
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49604
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49625
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49324
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9105
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49327
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49607
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49328
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49329
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9263
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49622
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49621
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49617
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9215
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49623
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49243
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49620
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-8507
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49227
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49608
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49251
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49618
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49330
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49317
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49616
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49219
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49615
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49614
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49613
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49619
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49612
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49226
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49260
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9687
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10079
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
High (8.3)
CVE-ID
CVE-2024-9593
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-9305
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-9861
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-49246
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-49305
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-8746
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-49315
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
High (7.4)
CVE-ID
CVE-2024-8918
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9837
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9061
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-49331
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9184
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9548
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-49271
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-49609
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-49244
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-49258
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-9820
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-49297
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9582
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49307
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9425
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9703
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49261
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49319
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49265
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9452
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49228
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10055
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49289
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49262
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49236
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49296
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49255
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9674
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49631
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9366
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49312
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49232
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9373
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9444
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49264
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49292
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10014
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8920
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49301
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49279
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49280
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49233
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-48049
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49263
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49278
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9898
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49298
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49234
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49259
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9848
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49282
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10057
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9521
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49270
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9895
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9897
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8916
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49310
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49241
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49277
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49267
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49302
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49231
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10080
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49630
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49225
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8921
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-10078
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49240
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49248
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49239
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49238
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49237
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49230
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49316
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49308
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49605
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49223
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49276
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49220
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49221
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49283
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49309
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49268
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9350
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10049
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49320
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8719
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9382
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8740
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49606
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49335
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9647
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9652
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9206
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49224
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49269
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9383
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9213
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49304
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9240
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8787
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8790
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9347
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49313
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9937
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9951
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9219
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-48048
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (5.6)
CVE-ID
CVE-2024-9104
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-49266
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-49229
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9873
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9888
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9940
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-49235
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10040
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9689
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9944
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-49284
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9546
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2019-25218
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-49299
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (4.7)
CVE-ID
CVE-2024-8541
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-9892
Patch Status
Patched
Published
Oct 17, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-49593
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-7877
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-7876
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-48046
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-49288
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-49295
Patch Status
Unpatched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9361
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49290
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9889
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6757
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49629
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6243
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9352
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9351
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49256
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49275
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49252
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-48047
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49628
Patch Status
Patched
Published
Oct 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9891
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49325
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49273
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-7417
Patch Status
Patched
Published
Oct 16, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9364
Patch Status
Unpatched
Published
Oct 17, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49321
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9540
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49272
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49250
Patch Status
Unpatched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49274
Patch Status
Patched
Published
Oct 14, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49627
Patch Status
Unpatched
Published
Oct 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49306
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9649
Patch Status
Patched
Published
Oct 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49293
Patch Status
Patched
Published
Oct 15, 2024
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024) appeared first on Wordfence.