Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:
- All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
- Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
- Pending report limits are increased for all
- It’s possible to earn up to $31,200 for high impact vulnerabilities!
Last week, there were 234 vulnerabilities disclosed in 206 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-757 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-758 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 134 |
| Unpatched | 100 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 165 |
| High Severity | 35 |
| Critical Severity | 34 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 116 |
| Missing Authorization | 37 |
| Unrestricted Upload of File with Dangerous Type | 18 |
| Authentication Bypass Using an Alternate Path or Channel | 13 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 9 |
| Cross-Site Request Forgery (CSRF) | 8 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 7 |
| Exposure of Sensitive Information to an Unauthorized Actor | 6 |
| Improper Control of Generation of Code (‘Code Injection’) | 5 |
| Deserialization of Untrusted Data | 3 |
| Improper Authentication | 2 |
| Improper Authorization | 2 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Improper Restriction of XML External Entity Reference | 1 |
| Incorrect Privilege Assignment | 1 |
| Weak Password Recovery Mechanism for Forgotten Password | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 25 | |
| 23 | |
| 22 | |
| 22 | |
| 13 | |
| 10 | |
| 8 | |
| 8 | |
| 7 | |
| 7 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 1-Click Login: Passwordless Authentication | swoop-password-free-authentication |
| 10Web Social Post Feed | wd-facebook-feed |
| 3D Work In Progress | renee-work-in-progress |
| Accept Stripe Donation and Payments – AidWP | wp-stripe-donation |
| ACL Floating Cart for WooCommerce | acl-floating-cart-for-woocommerce |
| Acnoo Flutter API | acnoo-flutter-api |
| aDirectory – Directory Listing WordPress Plugin | adirectory |
| Ads.txt & App-ads.txt Manager for WordPress | app-ads-txt |
| Advanced Online Ordering and Delivery Platform | advanced-online-ordering-and-delivery-platform |
| Advanced Sermons | advanced-sermons |
| Affiliate Platform | smdp-affiliate-platform |
| AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates | affiliatex |
| Agile Video Player Lite | agile-video-player |
| AI Image Generator for Your Content & Featured Images – AI Postpix | ai-postpix |
| Ajar in5 Embed | ajar-productions-in5-embed |
| All-in-One WP Migration and Backup | all-in-one-wp-migration |
| Amilia Store | amilia-store |
| AMP for WP – Accelerated Mobile Pages | accelerated-mobile-pages |
| Anchor Episodes Index (Spotify for Podcasters) | anchor-episodes-index |
| App Builder – Create Native Android & iOS Apps On The Flight | app-builder |
| AR For WordPress | ar-for-wordpress |
| Astra Widgets | astra-widgets |
| Auto Login using a secure tokenized url. Role wise login restriction. | token-login |
| Automatic Translation | automatic-translation |
| Awesome buttons | wp-awesome-buttons |
| Backup and Staging by WP Time Capsule | wp-time-capsule |
| Bamazoo – Button Generator | bamazoo-button-generator |
| Banner Slider | banner-slider |
| Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
| Beek Widget Extention | beek-widget-extention |
| Bet WC 2018 Russia | bet-wc-2018-russia |
| Bold Page Builder | bold-page-builder |
| Booking Plugin for Your WordPress Appointments – Time Slot | timeslot |
| BP Member Type Manager | bp-member-type-manager |
| Breeze – WordPress Cache Plugin | breeze |
| Bstone Demo Importer | bstone-demo-importer |
| BuddyPress | buddypress |
| BuddyPress Greeting Message | bp-greeting-message |
| Call / Contact Button | button-contact-vr |
| Campus Explorer Widget | campus-explorer-widget |
| Category and Taxonomy Image | wp-custom-taxonomy-image |
| Category and Taxonomy Meta Fields | wp-custom-taxonomy-meta |
| chatplusjp | chatplusjp |
| Church Admin | church-admin |
| Clever Addons for Elementor | cafe-lite |
| Client Power Tools Portal | client-power-tools |
| Code Generate | code-generator |
| CodePen Embedded Pens Shortcode | codepen-embedded-pen-shortcode |
| Comments – wpDiscuz | wpdiscuz |
| Compact WP Audio Player | compact-wp-audio-player |
| Conditional Fields for Contact Form 7 | cf7-conditional-fields |
| Contact Form 7 + Telegram | cf7-telegram |
| Contact Form 7 – Repeatable Fields | cf7-repeatable-fields |
| Coub | coub |
| Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library | cozy-addons |
| Custom Icons for Elementor | custom-icons-for-elementor |
| Custom Twitter Feeds – A Tweets Widget or X Feed Widget | custom-twitter-feeds |
| CWD 3D Image Gallery | cwd-3d-image-gallery |
| DarkMySite – Advanced Dark Mode Plugin for WordPress | darkmysite |
| Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | 3d-flipbook-dflip-lite |
| DocumentPress | documentpress-display-any-document-on-your-site |
| Download Monitor | download-monitor |
| Download Plugin | download-plugin |
| Editor Custom Color Palette | editor-custom-color-palette |
| Editorial Assistant by Sovrn | zemanta |
| EKC Tournament Manager | ekc-tournament-manager |
| ElementsKit Elementor addons | elementskit-lite |
| EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor | embedpress |
| Envo’s Elementor Templates & Widgets for WooCommerce | envo-elementor-for-woocommerce |
| Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin | mage-eventpress |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Exam Matrix | exam-matrix |
| Extensions by HocWP Team | sb-core |
| Extra Privacy for Elementor | extra-privacy-for-elementor |
| Extra Product Options Builder for WooCommerce | additional-product-fields-for-woocommerce |
| File Upload Types by WPForms | file-upload-types |
| Firelight Lightbox | easy-fancybox |
| FormFacade – WordPress plugin for Google Forms | formfacade |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | mailchimp-wp |
| Futurio Extra | futurio-extra |
| GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | geodirectory |
| Google Docs RSVP, WordPress Plugin | google-docs-rsvp-guestlist |
| Great Restaurant Menu WP | best-restaurant-menu-by-pricelisto |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| GRÜN spendino Spendenformular – Mehr Spenden! Weniger Arbeit! | spendino |
| HD Quiz – Save Results Light | hd-quiz-save-results-light |
| HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | hurrytimer |
| ID-SK Toolkit | idsk-toolkit |
| Image Map Pro – Drag-and-drop Builder for Interactive Images | image-map-pro |
| Import and export users and customers | import-users-from-csv-with-meta |
| INK Official | ink-official |
| Interactive World Map | interactive-world-map |
| Kata Plus – Addons for Elementor – Widgets, Extensions and Templates | kata-plus |
| Kodex Posts likes | kodex-posts-likes |
| Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages | landing-page-cat |
| LaTeX2HTML | latex2html |
| League of Legends Shortcodes | league-of-legends-shortcodes |
| leenk.me | leenkme |
| Local Business Addons For Elementor (Formally Waze Map) | map-addons-for-elementor-waze-map |
| MaanStore API | maanstore-api |
| Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | magazine-blocks |
| Mapster WP Maps | mapster-wp-maps |
| Marketing Automation by AZEXO | marketing-automation-by-azexo |
| MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
| Meetup | meetup |
| Mega Elements – Addons for Elementor | mega-elements-addons-for-elementor |
| Monitor.chat – Monitor WordPress with Instant Messages | monitor-chat |
| Monkee-Boy Essentials | monkee-boy-wp-essentials |
| Multi Purpose Mail Form | multi-purpose-mail-form |
| Multi Step Form | multi-step-form |
| MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution | dc-woocommerce-multi-vendor |
| My Wp Brand – Hide menu & Hide Plugin | my-wp-brand |
| myCred Elementor | mycred-for-elementor |
| Namaste! LMS | namaste-lms |
| News Kit Elementor Addons | news-kit-elementor-addons |
| Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates | the-plus-addons-for-block-editor |
| Order Notification for Telegram | order-notification-for-telegram |
| PDF Generator Addon for Elementor Page Builder | pdf-generator-addon-for-elementor-page-builder |
| PDF Invoices & Packing Slips for WooCommerce | woocommerce-pdf-invoices-packing-slips |
| PegaPoll | pegapoll |
| Photo Gallery, Images, Slider in Rbs Image Gallery | robo-gallery |
| Plugin Name: iBryl Switch User | ibryl-switch-user |
| Plugin Propagator | wp-propagator |
| Poll Maker – Versus Polls, Anonymous Polls, Image Polls | poll-maker |
| Portfolleo | portfolleo |
| Post Grid and Gutenberg Blocks | post-grid |
| Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX | ultimate-post |
| Premium SEO Pack – WP SEO Plugin | premium-seo-pack |
| PriPre | pripre |
| Product Filter by WBW | woo-product-filter |
| ProfilePress Pro | profilepress-pro |
| Qi Addons For Elementor | qi-addons-for-elementor |
| Qi Blocks | qi-blocks |
| Qode Essential Addons | qode-essential-addons |
| Raptor Editor | wp-raptor |
| Realty Workstation | realty-workstation |
| Risk Warning Bar | risk-warning-bar |
| Rover IDX | rover-idx |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | wp-rss-aggregator |
| RSVP ME | rsvp-me |
| Schema & Structured Data for WP & AMP | schema-and-structured-data-for-wp |
| School Management System – WPSchoolPress | wpschoolpress |
| Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin | scrollbar-by-webxapp |
| Selection Lite | selection-lite |
| SEOPress – On-site SEO | wp-seopress |
| Shoutcast Icecast HTML5 Radio Player | shoutcast-icecast-html5-radio-player |
| Signup Page | signup-page |
| Simple Custom Admin | simple-custom-admin |
| Simple Load More | simple-load-more |
| Simple Membership | simple-membership |
| Simple News | simple-news |
| Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) | sky-elementor-addons |
| Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder | stacks-mobile-app-builder |
| Sudan Payment Gateway for WooCommerce | wc-sudan-payment-gateway |
| Sunshine Photo Cart: Free Client Photo Galleries for Photographers | sunshine-photo-cart |
| Survey Maker | survey-maker |
| SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity | surveyjs |
| SVG Captcha | svg-captcha |
| Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! | templately |
| TeploBot – Telegram Bot for WP | green-wp-telegram-bot-by-teplitsa |
| Terms descriptions | terms-descriptions |
| Textboxes | textboxes |
| The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) | the-pack-addon |
| Themes4WP YouTube External Subtitles | themes4wp-youtube-external-subtitles |
| Tida URL Screenshot | tida-url-screenshot |
| Todo Custom Field | todo-custom-field |
| Transients Manager | transients-manager |
| Trip Plan | tripplan |
| uCAT – Next Story | ucat-next-story |
| Uix Shortcodes – Compatible with Gutenberg | uix-shortcodes |
| User Toolkit | user-toolkit |
| Verbalize WP | verbalize-wp |
| WatchTowerHQ | watchtowerhq |
| Web Bricks Addons for Elementor: Elite-Designed Elementor & eCommerce Widgets | webbricks-addons |
| Whitelist | fifthsegment-whitelist |
| WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager | smart-manager-for-wp-e-commerce |
| Woocommerce Custom Profile Picture | woo-custom-profile-picture |
| WooCommerce Maintenance Mode (Free) | woocommerce-maintenance-mode |
| WooCommerce Order Proposal | wooCommerce-order-proposal |
| Woocommerce Product Design | woo-product-design |
| Woocommerce Quote Calculator | woo-quote-calculator-order |
| WooCommerce UPS Shipping – Live Rates and Access Points | flexible-shipping-ups |
| WordPress eCommerce – ScottCart | scottcart |
| WordPress Post Grid Layouts with Pagination – Sogrid | sogrid |
| WP Abstracts | wp-abstracts-manuscripts-manager |
| WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer | adminify |
| WP Awesome Login | wp-awesome-login |
| WP Booking System – Booking Calendar | wp-booking-system |
| WP Crowdfunding | wp-crowdfunding |
| WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | erp |
| WP Flow Plus | wp-imageflow2 |
| WP Query Console | wp-query-console |
| WP Recipe Maker | wp-recipe-maker |
| WP Sessions Time Monitoring Full Automatic | activitytime |
| WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
| WP show more | wp-show-more |
| Wp Social Login and Register Social Counter | wp-social |
| WP VR – 360 Panorama and Virtual Tour Builder For WordPress | wpvr |
| WP-Members Membership Plugin | wp-members |
| WPC Shop as a Customer for WooCommerce | wpc-shop-as-customer |
| WPKoi Templates for Elementor | wpkoi-templates-for-elementor |
| WPS Telegram Chat | wps-telegram-chat |
| Wux Blog Editor | wux-blog-editor |
| YITH WooCommerce Product Add-Ons | yith-woocommerce-product-add-ons |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Clean Retina | clean-retina |
| Js Paper | js-paper |
| Mags | mags |
| Meta News | meta-news |
| NewsCard | newscard |
| Nioland – SaaS & Software Startup Tech WordPress Theme | nioland |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-50478
CVE-2024-50478
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
1-Click Login: Passwordless Authentication
1-Click Login: Passwordless Authentication
Researcher
CVE-ID
CVE-2024-50486
CVE-2024-50486
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Acnoo Flutter API
Acnoo Flutter API
Researcher
CVE-ID
CVE-2024-50420
CVE-2024-50420
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
aDirectory – Directory Listing WordPress Plugin
aDirectory – Directory Listing WordPress Plugin
Researcher
CVE-ID
CVE-2024-50497
CVE-2024-50497
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Advanced Online Ordering and Delivery Platform
Advanced Online Ordering and Delivery Platform
Researcher
CVE-ID
CVE-2024-50473
CVE-2024-50473
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Ajar in5 Embed
Ajar in5 Embed
Researcher
CVE-ID
CVE-2024-50496
CVE-2024-50496
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
AR For WordPress
AR For WordPress
Researcher
CVE-ID
CVE-2024-50493
CVE-2024-50493
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Automatic Translation
Automatic Translation
Researcher
CVE-ID
CVE-2024-50436
CVE-2024-50436
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Clean Retina
Clean Retina
Researcher
CVE-ID
CVE-2024-9488
CVE-2024-9488
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Comments – wpDiscuz
Comments – wpDiscuz
Researcher
CVE-ID
CVE-2024-50485
CVE-2024-50485
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Exam Matrix
Exam Matrix
Researcher
CVE-ID
CVE-2024-9930
CVE-2024-9930
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Extensions by HocWP Team
Extensions by HocWP Team
Researcher
CVE-ID
CVE-2024-50476
CVE-2024-50476
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
GRÜN spendino Spendenformular – Mehr Spenden! Weniger Arbeit!
GRÜN spendino Spendenformular – Mehr Spenden! Weniger Arbeit!
Researcher
CVE-ID
CVE-2024-50487
CVE-2024-50487
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
MaanStore API
MaanStore API
Researcher
CVE-ID
CVE-2024-49701
CVE-2024-49701
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Mags
Mags
Researcher
CVE-ID
CVE-2024-50435
CVE-2024-50435
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Meta News
Meta News
Researcher
CVE-ID
CVE-2024-50484
CVE-2024-50484
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Multi Purpose Mail Form
Multi Purpose Mail Form
Researcher
CVE-ID
CVE-2024-50434
CVE-2024-50434
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
NewsCard
NewsCard
Researcher
CVE-ID
CVE-2024-50495
CVE-2024-50495
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Plugin Propagator
Plugin Propagator
Researcher
CVE-ID
CVE-2024-49653
CVE-2024-49653
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Portfolleo
Portfolleo
Researcher
CVE-ID
CVE-2024-50489
CVE-2024-50489
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Realty Workstation
Realty Workstation
Researcher
CVE-ID
CVE-2024-50492
CVE-2024-50492
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WordPress eCommerce – ScottCart
WordPress eCommerce – ScottCart
Researcher
CVE-ID
CVE-2024-50475
CVE-2024-50475
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Signup Page
Signup Page
Researcher
CVE-ID
CVE-2024-50477
CVE-2024-50477
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Researcher
CVE-ID
CVE-2024-50494
CVE-2024-50494
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Sudan Payment Gateway for WooCommerce
Sudan Payment Gateway for WooCommerce
Researcher
CVE-ID
CVE-2024-49668
CVE-2024-49668
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Verbalize WP
Verbalize WP
Researcher
WatchTowerHQ <= 3.10.1 – Authentication Bypass to Administrator due to Missing Empty Value Check
9.8
CVE-ID
CVE-2024-9933
CVE-2024-9933
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WatchTowerHQ
WatchTowerHQ
Researcher
CVE-ID
CVE-2024-49658
CVE-2024-49658
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Woocommerce Custom Profile Picture
Woocommerce Custom Profile Picture
Researcher
CVE-ID
CVE-2024-50482
CVE-2024-50482
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Woocommerce Product Design
Woocommerce Product Design
Researcher
CVE-ID
CVE-2024-50498
CVE-2024-50498
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WP Query Console
WP Query Console
Researcher
CVE-ID
CVE-2024-9501
CVE-2024-9501
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Wp Social Login and Register Social Counter
Wp Social Login and Register Social Counter
Researcher
CVE-ID
CVE-2024-9931
CVE-2024-9931
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Wux Blog Editor
Wux Blog Editor
Researcher
CVE-ID
CVE-2024-9932
CVE-2024-9932
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Wux Blog Editor
Wux Blog Editor
Researcher
CVE-ID
CVE-2024-49657
CVE-2024-49657
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
3D Work In Progress
3D Work In Progress
Researcher
CVE-ID
CVE-2024-49652
CVE-2024-49652
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
3D Work In Progress
3D Work In Progress
Researcher
CVE-ID
CVE-2024-49671
CVE-2024-49671
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
AI Image Generator for Your Content & Featured Images – AI Postpix
AI Image Generator for Your Content & Featured Images – AI Postpix
Researcher
CVE-ID
CVE-2024-9598
CVE-2024-9598
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
AMP for WP – Accelerated Mobile Pages
AMP for WP – Accelerated Mobile Pages
Researcher
CVE-ID
CVE-2024-50481
CVE-2024-50481
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Bstone Demo Importer
Bstone Demo Importer
Researcher
CVE-ID
CVE-2024-49674
CVE-2024-49674
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
EKC Tournament Manager
EKC Tournament Manager
Researcher
iBryl Switch User <= 1.0.1 – Authenticated (Subscriber+) Privilege Escalation via Account Takeover
8.8
CVE-ID
CVE-2024-49675
CVE-2024-49675
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Plugin Name: iBryl Switch User
Plugin Name: iBryl Switch User
Researcher
CVE-ID
CVE-2024-49669
CVE-2024-49669
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
INK Official
INK Official
Researcher
CVE-ID
CVE-2024-9235
CVE-2024-9235
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Mapster WP Maps
Mapster WP Maps
Researcher
CVE-ID
CVE-2024-50480
CVE-2024-50480
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Marketing Automation by AZEXO
Marketing Automation by AZEXO
Researcher
CVE-ID
CVE-2024-50408
CVE-2024-50408
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Namaste! LMS
Namaste! LMS
Researcher
CVE-ID
CVE-2024-49690
CVE-2024-49690
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Qi Blocks
Qi Blocks
Researcher
CVE-ID
CVE-2024-50457
CVE-2024-50457
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Qode Essential Addons
Qode Essential Addons
Researcher
CVE-ID
CVE-2024-10002
CVE-2024-10002
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Rover IDX
Rover IDX
Researcher
CVE-ID
CVE-2024-9637
CVE-2024-9637
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
School Management System – WPSchoolPress
School Management System – WPSchoolPress
Researcher
CVE-ID
CVE-2024-50427
CVE-2024-50427
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Researcher
CVE-ID
CVE-2024-50453
CVE-2024-50453
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Researcher
CVE-ID
CVE-2024-50488
CVE-2024-50488
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Auto Login using a secure tokenized url. Role wise login restriction.
Auto Login using a secure tokenized url. Role wise login restriction.
Researcher
CVE-ID
CVE-2024-9890
CVE-2024-9890
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
User Toolkit
User Toolkit
Researcher
WPC Shop as a Customer for WooCommerce <= 1.2.6 – Authenticated (Subscriber+) PHP Object Injection
8.8
CVE-ID
CVE-2024-50416
CVE-2024-50416
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WPC Shop as a Customer for WooCommerce
WPC Shop as a Customer for WooCommerce
Researcher
CVE-ID
CVE-2024-9627
CVE-2024-9627
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
TeploBot – Telegram Bot for WP
TeploBot – Telegram Bot for WP
Researcher
CVE-ID
CVE-2024-9302
CVE-2024-9302
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
App Builder – Create Native Android & iOS Apps On The Flight
App Builder – Create Native Android & iOS Apps On The Flight
Researcher
CVE-ID
CVE-2024-10011
CVE-2024-10011
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
BuddyPress
BuddyPress
Researcher
CVE-ID
CVE-2024-9947
CVE-2024-9947
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
ProfilePress Pro
ProfilePress Pro
Researcher
CVE-ID
CVE-2024-10402
CVE-2024-10402
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher
CVE-ID
CVE-2024-50491
CVE-2024-50491
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
RSVP ME
RSVP ME
Researcher
CVE-ID
CVE-2024-50479
CVE-2024-50479
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Woocommerce Quote Calculator
Woocommerce Quote Calculator
Researcher
CVE-ID
CVE-2024-49681
CVE-2024-49681
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WP Sessions Time Monitoring Full Automatic
WP Sessions Time Monitoring Full Automatic
Researcher
CVE-ID
CVE-2024-9772
CVE-2024-9772
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Uix Shortcodes – Compatible with Gutenberg
Uix Shortcodes – Compatible with Gutenberg
Researcher
CVE-ID
CVE-2024-50450
CVE-2024-50450
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2024-9162
CVE-2024-9162
Patch Status
Patched
Patched
Published
Oct 27, 2024
Oct 27, 2024
Affected Software
All-in-One WP Migration and Backup
All-in-One WP Migration and Backup
Researcher
CVE-ID
CVE-2024-49684
CVE-2024-49684
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Backup and Staging by WP Time Capsule
Backup and Staging by WP Time Capsule
Researcher
CVE-ID
CVE-2024-49676
CVE-2024-49676
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Custom Icons for Elementor
Custom Icons for Elementor
Researcher
CVE-ID
CVE-2024-9927
CVE-2024-9927
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
WooCommerce Order Proposal
WooCommerce Order Proposal
Researcher
CVE-ID
CVE-2024-8392
CVE-2024-8392
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WordPress Post Grid Layouts with Pagination – Sogrid
WordPress Post Grid Layouts with Pagination – Sogrid
Researcher
CVE-ID
CVE-2024-9829
CVE-2024-9829
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
Download Plugin
Download Plugin
Researchers
League of Legends Shortcodes <= 1.0.1 – Authenticated (Contributor+) SQL Injection via Shortcode
6.5
CVE-ID
CVE-2024-10341
CVE-2024-10341
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
League of Legends Shortcodes
League of Legends Shortcodes
Researcher
CVE-ID
CVE-2024-50465
CVE-2024-50465
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Premium SEO Pack – WP SEO Plugin
Premium SEO Pack – WP SEO Plugin
Researcher
CVE-ID
CVE-2024-9650
CVE-2024-9650
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
WP Recipe Maker
WP Recipe Maker
Researcher
CVE-ID
CVE-2024-50458
CVE-2024-50458
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Advanced Sermons
Advanced Sermons
Researcher
CVE-ID
CVE-2024-49692
CVE-2024-49692
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates
AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates
Researcher
CVE-ID
CVE-2024-50472
CVE-2024-50472
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Amilia Store
Amilia Store
Researcher
CVE-ID
CVE-2024-10189
CVE-2024-10189
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Anchor Episodes Index (Spotify for Podcasters)
Anchor Episodes Index (Spotify for Podcasters)
Researcher
CVE-ID
CVE-2024-50439
CVE-2024-50439
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Astra Widgets
Astra Widgets
Researcher
Awesome buttons <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode
6.4
CVE-ID
CVE-2024-10148
CVE-2024-10148
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Awesome buttons
Awesome buttons
Researcher
CVE-ID
CVE-2024-10150
CVE-2024-10150
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Bamazoo – Button Generator
Bamazoo – Button Generator
Researcher
CVE-ID
CVE-2024-50430
CVE-2024-50430
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
CVE-ID
CVE-2024-10343
CVE-2024-10343
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Beek Widget Extention
Beek Widget Extention
Researcher
CodePen Embedded Pens Shortcode <= 1.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-50440
CVE-2024-50440
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
CodePen Embedded Pens Shortcode
CodePen Embedded Pens Shortcode
Researcher
CVE-ID
CVE-2024-10176
CVE-2024-10176
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
Compact WP Audio Player
Compact WP Audio Player
Researcher
CVE-ID
CVE-2024-10180
CVE-2024-10180
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
Contact Form 7 – Repeatable Fields
Contact Form 7 – Repeatable Fields
Researcher
CVE-ID
CVE-2024-50441
CVE-2024-50441
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
CVE-ID
CVE-2024-50502
CVE-2024-50502
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
CVE-ID
CVE-2024-9642
CVE-2024-9642
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Editor Custom Color Palette
Editor Custom Color Palette
Researcher
CVE-ID
CVE-2024-10091
CVE-2024-10091
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
ElementsKit Elementor addons
ElementsKit Elementor addons
Researcher
CVE-ID
CVE-2024-50461
CVE-2024-50461
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
CVE-ID
CVE-2024-50447
CVE-2024-50447
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Envo’s Elementor Templates & Widgets for WooCommerce
Envo’s Elementor Templates & Widgets for WooCommerce
Researcher
Event Manager for WooCommerce <= 4.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-49703
CVE-2024-49703
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
CVE-ID
CVE-2024-10016
CVE-2024-10016
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
File Upload Types by WPForms
File Upload Types by WPForms
Researcher
CVE-ID
CVE-2024-50460
CVE-2024-50460
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Firelight Lightbox
Firelight Lightbox
Researcher
CVE-ID
CVE-2024-50446
CVE-2024-50446
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Futurio Extra
Futurio Extra
Researcher
CVE-ID
CVE-2024-50437
CVE-2024-50437
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Researcher
ID-SK Toolkit <= 1.7.2 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9853
CVE-2024-9853
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
ID-SK Toolkit
ID-SK Toolkit
Researcher
CVE-ID
CVE-2024-9585
CVE-2024-9585
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Image Map Pro – Drag-and-drop Builder for Interactive Images
Image Map Pro – Drag-and-drop Builder for Interactive Images
Researcher
CVE-ID
CVE-2024-50462
CVE-2024-50462
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Interactive World Map
Interactive World Map
Researcher
CVE-ID
CVE-2024-50501
CVE-2024-50501
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Researcher
CVE-ID
CVE-2024-50464
CVE-2024-50464
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Kodex Posts likes
Kodex Posts likes
Researcher
CVE-ID
CVE-2024-10342
CVE-2024-10342
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
League of Legends Shortcodes
League of Legends Shortcodes
Researcher
CVE-ID
CVE-2024-49667
CVE-2024-49667
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Local Business Addons For Elementor (Formally Waze Map)
Local Business Addons For Elementor (Formally Waze Map)
Researcher
CVE-ID
CVE-2024-50429
CVE-2024-50429
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
CVE-ID
CVE-2024-49693
CVE-2024-49693
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Mega Elements – Addons for Elementor
Mega Elements – Addons for Elementor
Researcher
CVE-ID
CVE-2024-9116
CVE-2024-9116
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Monkee-Boy Essentials
Monkee-Boy Essentials
Researcher
CVE-ID
CVE-2024-49702
CVE-2024-49702
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
myCred Elementor
myCred Elementor
Researcher
CVE-ID
CVE-2024-50409
CVE-2024-50409
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Namaste! LMS
Namaste! LMS
Researcher
CVE-ID
CVE-2024-50410
CVE-2024-50410
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Namaste! LMS
Namaste! LMS
Researcher
CVE-ID
CVE-2024-50452
CVE-2024-50452
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
Researcher
CVE-ID
CVE-2024-50449
CVE-2024-50449
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
PDF Generator Addon for Elementor Page Builder
PDF Generator Addon for Elementor Page Builder
Researcher
Post Grid and Gutenberg Blocks <= 2.2.93 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-50432
CVE-2024-50432
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Post Grid and Gutenberg Blocks
Post Grid and Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-50443
CVE-2024-50443
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
CVE-ID
CVE-2024-9454
CVE-2024-9454
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
PriPre
PriPre
Researcher
CVE-ID
CVE-2024-50468
CVE-2024-50468
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Raptor Editor
Raptor Editor
Researcher
CVE-ID
CVE-2024-49696
CVE-2024-49696
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Photo Gallery, Images, Slider in Rbs Image Gallery
Photo Gallery, Images, Slider in Rbs Image Gallery
Researcher
CVE-ID
CVE-2024-50467
CVE-2024-50467
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin
Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin
Researcher
CVE-ID
CVE-2024-50445
CVE-2024-50445
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Selection Lite
Selection Lite
Researcher
CVE-ID
CVE-2024-8666
CVE-2024-8666
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Shoutcast Icecast HTML5 Radio Player
Shoutcast Icecast HTML5 Radio Player
Researcher
Simple News <= 2.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode
6.4
CVE-ID
CVE-2024-10112
CVE-2024-10112
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Simple News
Simple News
Researcher
CVE-ID
CVE-2024-50433
CVE-2024-50433
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
CVE-ID
CVE-2024-50470
CVE-2024-50470
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Themes4WP YouTube External Subtitles
Themes4WP YouTube External Subtitles
Researcher
CVE-ID
CVE-2024-50418
CVE-2024-50418
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Booking Plugin for Your WordPress Appointments – Time Slot
Booking Plugin for Your WordPress Appointments – Time Slot
Researcher
Web Bricks Addons for Elementor <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-49665
CVE-2024-49665
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Researcher
CVE-ID
CVE-2024-50451
CVE-2024-50451
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2024-8959
CVE-2024-8959
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
Researcher
WP Awesome Login <= 0.4.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-ID
CVE-2024-9456
CVE-2024-9456
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WP Awesome Login
WP Awesome Login
Researcher
CVE-ID
CVE-2024-10117
CVE-2024-10117
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WP Crowdfunding
WP Crowdfunding
Researcher
CVE-ID
CVE-2024-49695
CVE-2024-49695
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WP Flow Plus
WP Flow Plus
Researcher
CVE-ID
CVE-2024-9967
CVE-2024-9967
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
WP show more
WP show more
Researcher
CVE-ID
CVE-2024-10374
CVE-2024-10374
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WP-Members Membership Plugin
WP-Members Membership Plugin
Researcher
WPKoi Templates for Elementor <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-49679
CVE-2024-49679
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WPKoi Templates for Elementor
WPKoi Templates for Elementor
Researcher
CVE-ID
CVE-2024-9943
CVE-2024-9943
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Researcher
Rover IDX <= 3.0.0.2903 – Authenticated (Subscriber+) Missing Authorization via Multiple Functions
6.3
CVE-ID
CVE-2024-10003
CVE-2024-10003
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Rover IDX
Rover IDX
Researcher
CVE-ID
CVE-2024-50424
CVE-2024-50424
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Researcher
WPS Telegram Chat <= 4.6.0 – Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
6.3
CVE-ID
CVE-2024-9628
CVE-2024-9628
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WPS Telegram Chat
WPS Telegram Chat
Researcher
CVE-ID
CVE-2024-9607
CVE-2024-9607
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
10Web Social Post Feed
10Web Social Post Feed
Researcher
CVE-ID
CVE-2024-49640
CVE-2024-49640
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
ACL Floating Cart for WooCommerce
ACL Floating Cart for WooCommerce
Researcher
CVE-ID
CVE-2024-49645
CVE-2024-49645
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Affiliate Platform
Affiliate Platform
Researcher
CVE-ID
CVE-2024-49636
CVE-2024-49636
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Agile Video Player Lite
Agile Video Player Lite
Researcher
CVE-ID
CVE-2024-49635
CVE-2024-49635
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Banner Slider
Banner Slider
Researcher
CVE-ID
CVE-2024-49637
CVE-2024-49637
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Bet WC 2018 Russia
Bet WC 2018 Russia
Researcher
CVE-ID
CVE-2024-49634
CVE-2024-49634
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
BP Member Type Manager
BP Member Type Manager
Researcher
CVE-ID
CVE-2024-49650
CVE-2024-49650
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
BuddyPress Greeting Message
BuddyPress Greeting Message
Researcher
CVE-ID
CVE-2024-49660
CVE-2024-49660
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Campus Explorer Widget
Campus Explorer Widget
Researcher
CVE-ID
CVE-2024-49664
CVE-2024-49664
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
chatplusjp
chatplusjp
Researcher
CVE-ID
CVE-2024-50438
CVE-2024-50438
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2024-49670
CVE-2024-49670
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Client Power Tools Portal
Client Power Tools Portal
Researcher
CVE-ID
CVE-2024-49646
CVE-2024-49646
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Code Generate
Code Generate
Researcher
CVE-ID
CVE-2024-49632
CVE-2024-49632
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
CWD 3D Image Gallery
CWD 3D Image Gallery
Researcher
CVE-ID
CVE-2024-49656
CVE-2024-49656
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
DocumentPress
DocumentPress
Researcher
CVE-ID
CVE-2024-9864
CVE-2024-9864
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
EventPrime – Events Calendar, Bookings and Tickets
Researcher
CVE-ID
CVE-2024-9865
CVE-2024-9865
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
EventPrime – Events Calendar, Bookings and Tickets
Researcher
CVE-ID
CVE-2024-49654
CVE-2024-49654
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Extra Privacy for Elementor
Extra Privacy for Elementor
Researcher
CVE-ID
CVE-2024-9214
CVE-2024-9214
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
Extra Product Options Builder for WooCommerce
Extra Product Options Builder for WooCommerce
Researcher
CVE-ID
CVE-2024-9613
CVE-2024-9613
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
FormFacade – WordPress plugin for Google Forms
FormFacade – WordPress plugin for Google Forms
Researcher
CVE-ID
CVE-2024-8870
CVE-2024-8870
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Forms for Mailchimp by Optin Cat – Grow Your MailChimp List
Forms for Mailchimp by Optin Cat – Grow Your MailChimp List
Researcher
CVE-ID
CVE-2024-49672
CVE-2024-49672
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Google Docs RSVP, WordPress Plugin
Google Docs RSVP, WordPress Plugin
Researcher
CVE-ID
CVE-2024-49678
CVE-2024-49678
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Js Paper
Js Paper
Researcher
CVE-ID
CVE-2024-49673
CVE-2024-49673
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
LaTeX2HTML
LaTeX2HTML
Researcher
CVE-ID
CVE-2024-49661
CVE-2024-49661
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
leenk.me
leenk.me
Researcher
CVE-ID
CVE-2024-49639
CVE-2024-49639
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Monitor.chat – Monitor WordPress with Instant Messages
Monitor.chat – Monitor WordPress with Instant Messages
Researcher
CVE-ID
CVE-2024-50407
CVE-2024-50407
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Namaste! LMS
Namaste! LMS
Researcher
CVE-ID
CVE-2024-10250
CVE-2024-10250
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
Nioland – SaaS & Software Startup Tech WordPress Theme
Nioland – SaaS & Software Startup Tech WordPress Theme
Researcher
CVE-ID
CVE-2024-8717
CVE-2024-8717
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Researcher
CVE-ID
CVE-2024-49638
CVE-2024-49638
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Risk Warning Bar
Risk Warning Bar
Researcher
CVE-ID
CVE-2024-49647
CVE-2024-49647
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Simple Custom Admin
Simple Custom Admin
Researcher
CVE-ID
CVE-2024-49662
CVE-2024-49662
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Simple Load More
Simple Load More
Researcher
CVE-ID
CVE-2024-49682
CVE-2024-49682
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Simple Membership
Simple Membership
Researcher
CVE-ID
CVE-2024-50463
CVE-2024-50463
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Researcher
CVE-ID
CVE-2024-49648
CVE-2024-49648
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
SVG Captcha
SVG Captcha
Researcher
CVE-ID
CVE-2024-9374
CVE-2024-9374
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
Terms descriptions
Terms descriptions
Researcher
CVE-ID
CVE-2024-49641
CVE-2024-49641
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Tida URL Screenshot
Tida URL Screenshot
Researcher
CVE-ID
CVE-2024-49642
CVE-2024-49642
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Todo Custom Field
Todo Custom Field
Researcher
CVE-ID
CVE-2024-49663
CVE-2024-49663
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
uCAT – Next Story
uCAT – Next Story
Researcher
CVE-ID
CVE-2024-49651
CVE-2024-49651
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WooCommerce Maintenance Mode (Free)
WooCommerce Maintenance Mode (Free)
Researcher
CVE-ID
CVE-2024-47640
CVE-2024-47640
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Researcher
CVE-ID
CVE-2024-9231
CVE-2024-9231
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WP-Members Membership Plugin
WP-Members Membership Plugin
Researcher
CVE-ID
CVE-2024-50448
CVE-2024-50448
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
YITH WooCommerce Product Add-Ons
YITH WooCommerce Product Add-Ons
Researcher
CVE-ID
CVE-2024-50415
CVE-2024-50415
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Ads.txt & App-ads.txt Manager for WordPress
Ads.txt & App-ads.txt Manager for WordPress
Researcher
CVE-ID
CVE-2024-50414
CVE-2024-50414
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Call / Contact Button
Call / Contact Button
Researcher
CVE-ID
CVE-2024-9591
CVE-2024-9591
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Category and Taxonomy Image
Category and Taxonomy Image
Researcher
CVE-ID
CVE-2024-9589
CVE-2024-9589
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Category and Taxonomy Meta Fields
Category and Taxonomy Meta Fields
Researcher
Category and Taxonomy Meta Fields <= 1.0.0 – Authenticated (Editor+) Stored Cross-Site Scripting
5.5
CVE-ID
CVE-2024-9590
CVE-2024-9590
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Category and Taxonomy Meta Fields
Category and Taxonomy Meta Fields
Researcher
CVE-ID
CVE-2024-9462
CVE-2024-9462
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Researcher
Category and Taxonomy Meta Fields <= 1.0.0 – Cross-Site Request Forgery to Taxonomy Meta Add/Delete
5.4
CVE-ID
CVE-2024-9588
CVE-2024-9588
Patch Status
Unpatched
Unpatched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Category and Taxonomy Meta Fields
Category and Taxonomy Meta Fields
Researcher
CVE-ID
CVE-2024-9629
CVE-2024-9629
Patch Status
Patched
Patched
Published
Oct 27, 2024
Oct 27, 2024
Affected Software
Contact Form 7 + Telegram
Contact Form 7 + Telegram
Researcher
CVE-ID
CVE-2024-9584
CVE-2024-9584
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Image Map Pro – Drag-and-drop Builder for Interactive Images
Image Map Pro – Drag-and-drop Builder for Interactive Images
Researcher
CVE-ID
CVE-2024-50442
CVE-2024-50442
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-8500
CVE-2024-8500
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
CVE-ID
CVE-2024-9630
CVE-2024-9630
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WPS Telegram Chat
WPS Telegram Chat
Researcher
All-in-One WP Migration and Backup <= 7.86 – Unauthenticated Information Disclosure via Error Logs
5.3
CVE-ID
CVE-2024-8852
CVE-2024-8852
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
All-in-One WP Migration and Backup
All-in-One WP Migration and Backup
Researcher
CVE-ID
CVE-2024-50422
CVE-2024-50422
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Breeze – WordPress Cache Plugin
Breeze – WordPress Cache Plugin
Researcher
CVE-ID
CVE-2024-50419
CVE-2024-50419
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Greenshift – animation and page builder blocks
Greenshift – animation and page builder blocks
Researcher
CVE-ID
CVE-2024-50428
CVE-2024-50428
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Multi Step Form
Multi Step Form
Researcher
CVE-ID
CVE-2024-9686
CVE-2024-9686
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Order Notification for Telegram
Order Notification for Telegram
Researcher
CVE-ID
CVE-2024-49683
CVE-2024-49683
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Schema & Structured Data for WP & AMP
Schema & Structured Data for WP & AMP
Researcher
CVE-ID
CVE-2024-50454
CVE-2024-50454
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
SEOPress – On-site SEO
SEOPress – On-site SEO
Researcher
CVE-ID
CVE-2024-50421
CVE-2024-50421
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
PDF Invoices & Packing Slips for WooCommerce
PDF Invoices & Packing Slips for WooCommerce
Researcher
CVE-ID
CVE-2024-50459
CVE-2024-50459
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Accept Stripe Donation and Payments – AidWP
Accept Stripe Donation and Payments – AidWP
Researcher
CVE-ID
CVE-2024-9475
CVE-2024-9475
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Researcher
CVE-ID
CVE-2024-49691
CVE-2024-49691
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Product Filter by WBW
Product Filter by WBW
Researcher
CVE-ID
CVE-2024-50431
CVE-2024-50431
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Breeze – WordPress Cache Plugin
Breeze – WordPress Cache Plugin
Researcher
CVE-ID
CVE-2024-50412
CVE-2024-50412
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Conditional Fields for Contact Form 7
Conditional Fields for Contact Form 7
Researcher
CVE-ID
CVE-2024-50413
CVE-2024-50413
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Import and export users and customers
Import and export users and customers
Researcher
CVE-ID
CVE-2024-50426
CVE-2024-50426
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Survey Maker
Survey Maker
Researcher
CVE-ID
CVE-2024-50411
CVE-2024-50411
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WP Abstracts
WP Abstracts
Researcher
CVE-ID
CVE-2024-49698
CVE-2024-49698
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Great Restaurant Menu WP
Great Restaurant Menu WP
Researcher
CVE-ID
CVE-2024-50417
CVE-2024-50417
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2024-10357
CVE-2024-10357
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Clever Addons for Elementor
Clever Addons for Elementor
Researcher
CVE-ID
CVE-2024-49685
CVE-2024-49685
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Custom Twitter Feeds – A Tweets Widget or X Feed Widget
Custom Twitter Feeds – A Tweets Widget or X Feed Widget
Researcher
CVE-ID
CVE-2024-50466
CVE-2024-50466
Patch Status
Unpatched
Unpatched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
DarkMySite – Advanced Dark Mode Plugin for WordPress
DarkMySite – Advanced Dark Mode Plugin for WordPress
Researcher
CVE-ID
CVE-2024-10092
CVE-2024-10092
Patch Status
Patched
Patched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Download Monitor
Download Monitor
Researcher
CVE-ID
CVE-2024-9626
CVE-2024-9626
Patch Status
Unpatched
Unpatched
Published
Oct 25, 2024
Oct 25, 2024
Affected Software
Editorial Assistant by Sovrn
Editorial Assistant by Sovrn
Researcher
CVE-ID
CVE-2024-49689
CVE-2024-49689
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
HD Quiz – Save Results Light
HD Quiz – Save Results Light
Researcher
CVE-ID
CVE-2024-8667
CVE-2024-8667
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Affected Software
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2024-49686
CVE-2024-49686
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Researcher
CVE-ID
CVE-2024-9531
CVE-2024-9531
Patch Status
Patched
Patched
Published
Oct 23, 2024
Oct 23, 2024
Researcher
CVE-ID
CVE-2024-9541
CVE-2024-9541
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
News Kit Elementor Addons
News Kit Elementor Addons
Researcher
CVE-ID
CVE-2024-9530
CVE-2024-9530
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
Qi Addons For Elementor
Qi Addons For Elementor
Researcher
CVE-ID
CVE-2024-9583
CVE-2024-9583
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Researcher
CVE-ID
CVE-2024-50455
CVE-2024-50455
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
SEOPress – On-site SEO
SEOPress – On-site SEO
Researcher
CVE-ID
CVE-2024-50456
CVE-2024-50456
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
SEOPress – On-site SEO
SEOPress – On-site SEO
Researcher
CVE-ID
CVE-2024-49687
CVE-2024-49687
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager
WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager
Researcher
CVE-ID
CVE-2024-49697
CVE-2024-49697
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Researcher
CVE-ID
CVE-2024-10045
CVE-2024-10045
Patch Status
Patched
Patched
Published
Oct 22, 2024
Oct 22, 2024
Affected Software
Transients Manager
Transients Manager
Researcher
CVE-ID
CVE-2024-9109
CVE-2024-9109
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WooCommerce UPS Shipping – Live Rates and Access Points
WooCommerce UPS Shipping – Live Rates and Access Points
Researcher
CVE-ID
CVE-2024-50425
CVE-2024-50425
Patch Status
Patched
Patched
Published
Oct 24, 2024
Oct 24, 2024
Affected Software
WP Booking System – Booking Calendar
WP Booking System – Booking Calendar
Researcher
CVE-ID
CVE-2024-49680
CVE-2024-49680
Patch Status
Patched
Patched
Published
Oct 21, 2024
Oct 21, 2024
Affected Software
WP VR – 360 Panorama and Virtual Tour Builder For WordPress
WP VR – 360 Panorama and Virtual Tour Builder For WordPress
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024) appeared first on Wordfence.
