Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024)


🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 207 vulnerabilities disclosed in 200 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-759 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 72
Unpatched 135

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 188
High Severity 10
Critical Severity 9

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 114
Cross-Site Request Forgery (CSRF) 40
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 20
Unrestricted Upload of File with Dangerous Type 9
Missing Authorization 6
Exposure of Sensitive Information to an Unauthorized Actor 4
Authentication Bypass Using an Alternate Path or Channel 2
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 2
Improper Control of Generation of Code (‘Code Injection’) 2
Authorization Bypass Through User-Controlled Key 1
External Control of File Name or Path 1
Improper Access Control 1
Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Insertion of Sensitive Information into Log File 1
Missing Authentication for Critical Function 1
Server-Side Request Forgery (SSRF) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
74

Gab
21
14
9
8
8
8
6
4
4
4
4
3
3
3
3
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
(dp) AddThis dp-addthis
3D Presentation 3d-presentation
Aajoda Testimonials aajoda-testimonials
Accordion title for Elementor accordion-title-for-elementor
Addressbook addressbook
Admin SMS Alert admin-sms-alert
Administrator Z administrator-z
Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager
Advanced PDF Generator advanced-pdf-generator
affiliate-toolkit affiliate-toolkit-starter
AI Power: Complete AI Pack gpt3-ai-content-generator
All Post Contact Form allpost-contactform
Alley Elementor Widget alley-elementor-widget
AmaDiscount Plugin amadiscount
amazing neo icon font for elementor amazing-neo-icon-font-for-elementor
Amazon Associate Filter amazon-associate-filter
AMP Img Shortcode amp-img-shortcode
Ancient World Linked Data for WordPress ancient-world-linked-data-for-wordpress
APK Downloader apk-downloader
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
Appointmind appointmind
Arconix Shortcodes arconix-shortcodes
aThemes Addons for Elementor athemes-addons-for-elementor-lite
Audio Comparison Lite audio-comparison-lite
Awesome Progress Bar awesome-progess-bar
Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis
AwesomePress awesomepress
BBP Core – Expand bbPress powered forums with useful features bbp-core
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beds24 Online Booking beds24-online-booking
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing betterlinks
Bigmart Elements bigmart-elements
Black Widgets For Elementor black-widgets
Blrt WP Embed blrt-wp-embed
Bonway Static Block Editor bonway-static-block-editor
bpmn.io bpmnio
Bricksable for Bricks Builder bricksable
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg 5-stars-rating-funnel
Classy Addons for Elementor classy-addons-for-elementor
Clever Addons for Elementor cafe-lite
Clyp clyp
CM Table Of Contents – WordPress TOC Plugin cm-table-of-content
Code Explorer code-explorer
Cresta Addons for Elementor cresta-addons-for-elementor
Crypto Tool crypto
Custom Admin Menu custom-admin-menu
Custom Author URL author-slug
Custom post type templates for Elementor custom-post-type-templates-for-elementor
DataMentor – Best DataTables Plugin for Elementor datamentor
Definitive Addons for Elementor definitive-addons-for-elementor
Delisho – Recipe Widgets and Blocks dr-widgets-blocks
Display Terms Shortcode display-terms-shortcode
Domain Sharding domain-sharding
Download Monitor download-monitor
Download-Mirror-Counter wp-download-mirror-counter
Dynamic Widgets dynamic-widgets
e-shopsカート2 e-shops-cart2
Easy Accordion Gutenberg Block easy-accordion-block
Easy Gallery simple-gallery-odihost
Easy SVG Upload easy-svg-upload
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
Elementary Addons elementary-addons
Elo Rating Shortcode elo-rating-shortcode
Emoji Shortcode emoji-shortcode
Enable Shortcodes inside Widgets,Comments and Experts enable-shortcodes-inside-widgetscomments-and-experts
EndomondoWP endomondowp
Events Manager Pro – extended events-manager-pro-extended
Exclusive Addons for Elementor exclusive-addons-for-elementor
Extender All In One For Elementor extender-all-in-one-for-elementor
EzyOnlineBookings Online Booking System Widget ezyonlinebookings-online-booking-system
Featured Posts Scroll featured-posts-scroll
FileOrganizer – Manage WordPress and Website Files fileorganizer
Flash Show And Hide Box flash-show-and-hide-box
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification
GDReseller gdreseller
Genoo genoo
Get Quote For Woocommerce – Request A Quote For Woocommerce get-a-quote-for-woocommerce
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) gift-voucher
Gmap Point List gmap-point-list
Golf Tracker golf-tracker
Group Chat & Video Chat by AtomChat atomchat
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Header Footer Composer for Elementor header-footer-composer
Hoo Addons for Elementor hoo-addons-for-elementor
Hover Video Preview hover-video-preview
HT Builder – WordPress Theme Builder for Elementor ht-builder
HT Politic – For Political WordPress Themes / Website wp-politic
ID-SK Toolkit idsk-toolkit
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation zero-bs-crm
Jetpackcrm Ext Woo Connect jetpackcrm-ext-woo-connect
Jigoshop – Store Exporter jigoshop-exporter
JS Help Desk – The Ultimate Help Desk & Support Plugin js-support-ticket
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates kata-plus
Kento Ads Rotator kento-ads-rotator
Knowledge Base knowledgebase
LH QR Codes lh-qr-codes
Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) magical-addons-for-elementor
Manage User Columns manage-user-columns
Market 360 Viewer market-360-viewer
Marquee Elementor with Posts marquee-elementor
MasterBip para Elementor masterbip-for-elementor
Masteriyo LMS – eLearning and Online Course Builder for WordPress learning-management-system
MDR Webmaster Tools mdr-webmaster-tools
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools media-library-tools
Media Library Assistant media-library-assistant
Media Modal media-modal
Meta Store Elements meta-store-elements
ML Responsive Audio player with playlist Shortcode mlr-audio
Mobilize mobilize
Move Addons for Elementor move-addons
Multi Purpose Mail Form multi-purpose-mail-form
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MyCurator Content Curation mycurator
MyOrderDesk myorderdesk
Naver Blog naver-blog-api
Newsletters newsletters-lite
NMR Strava activities nmr-strava-activities
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
Paytium: Mollie payment forms & donations paytium
Platform.ly Official platformly
Plug your WooCommerce into the largest catalog of customized print products from Helloprint helloprint
Plugin Name: GMO Social Connection gmo-social-connection
Porsline porsline
Post Status Notifier post-status-notifier
Post Status Notifier Lite post-status-notifier-lite
Premium Addons for Elementor premium-addons-for-elementor
Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly pricer-ninja-pricing-tables
Pricing Tables WordPress Plugin – Easy Pricing Tables easy-pricing-tables
Quran Shortcode quran-shortcode
Random Featured Post random-featured-post-plugin
ReCaptcha Integration for WordPress wp-recaptcha-integration
Reftagger Shortcode reftagger-shortcode
Responsive Flickr Gallery responsive-flickr-gallery
Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor
RLM Elementor Widgets Pack rlm-elementor-widgets-pack
RSVP ME rsvp-me
RSVPMaker for Toastmasters rsvpmaker-for-toastmasters
Sales Page Addon – Elementor & Beaver Builder sales-page-addon
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates sastra-essential-addons-for-elementor
Selar.co Widget selar-co-widget
Seo Free seo-free
SEUR Oficial seur
SH Slideshow sh-slideshow
Show Visitor IP Address show-visitor-ip-address
Sided sided
Simple Business Manager simple-business-manager
Simple Goods simple-goods
Simple Job Manager simple-job-manager
Simple Page Specific Sidebars page-specific-sidebars
SIP Reviews Shortcode for WooCommerce sip-reviews-shortcode-woocommerce
Skip To skip-to
SKSDEV Toolkit sksdev-toolkit
Slicko slicko-for-elementor
Smart Mockups smart-mockups
SmartLink Dynamic URLs smartlink-dinamic-urls
SMS Alert Order Notifications – WooCommerce sms-alert
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder stacks-mobile-app-builder
Stars SMTP Mailer stars-smtp-mailer
Step by Step step-by-step
Sticky Social Bar sticky-social-bar
StreamWeasels Kick Integration streamweasels-kick-integration
StreamWeasels YouTube Integration streamweasels-youtube-integration
Subscribe to Comments subscribe-to-comments
Super Addons for Elementor super-addons-for-elementor
T(-) Countdown t-countdown
Themedy Toolbox themedy-toolbox
ThemeFuse Maintenance Mode themefuse-maintenance-mode
ThemeShark Templates & Widgets for Elementor themeshark-elementor
TradeMe widgets trademe-widget
Training – Courses training
Twitter @Anywhere Plus twitter-anywhere-plus
Ultimate TinyMCE ultimate-tinymce
UPDATE NOTIFICATIONS update-notifications
W3P SEO wp-perfect-plugin
W3SPEEDSTER w3speedster-wp
Webriti Custom Login webriti-custom-login-page
Website price calculator price-calculator-to-your-website
WeChat Subscribers Lite 微信公众订阅号插件 wechat-subscribers-lite
While Loading while-it-is-loading
Widget or Sidebar Shortcode widget-or-sidebar-per-shortcode
WM Zoom wm-zoom
Woo Manage Fraud Orders woo-manage-fraud-orders
Woocommerce Quote Calculator woo-quote-calculator-order
WordPress Business Plugin business
World Prayer Time world-prayer-time
WP Baidu Map wp-baidu-map
WP Course Manager wp-course-manager
WP EASY RECIPE wp-easy-recipe
WP EIS wp-eis
WP Feature Box wp-feature-box
WP Hotel Booking wp-hotel-booking
WP Pocket URLs wp-pocket-urls
WP Simple Anchors Links wp-simple-anchors-links
WP Team – WordPress Team Member Plugin ht-team-member
WPAdverts – Classifieds Plugin wpadverts
WPC Smart Messages for WooCommerce wpc-smart-messages
WPGlobus Translate Options wpglobus-translate-options
Курс валют UAH ukrainian-currency

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10392
Patch Status
Patched
Published
Oct 30, 2024
Affected Software
AI Power: Complete AI Pack
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50523
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
All Post Contact Form
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9989
Patch Status
Unpatched
Published
Oct 28, 2024
Affected Software
Crypto Tool
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9988
Patch Status
Unpatched
Published
Oct 28, 2024
Affected Software
Crypto Tool
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50526
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Multi Purpose Mail Form
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50531
Patch Status
Patched
Published
Oct 30, 2024
Affected Software
RSVPMaker for Toastmasters
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50527
Patch Status
Unpatched
Published
Oct 30, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-8512
Patch Status
Patched
Published
Oct 29, 2024
Affected Software
W3SPEEDSTER
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9990
Patch Status
Unpatched
Published
Oct 28, 2024
Affected Software
Crypto Tool
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50530
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Stars SMTP Mailer
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50529
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Training – Courses
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-51582
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WP Hotel Booking
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10436
Patch Status
Patched
Published
Oct 28, 2024
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-7985
Patch Status
Patched
Published
Oct 29, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-51661
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Media Library Assistant
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10108
Patch Status
Patched
Published
Oct 29, 2024
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50524
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Administrator Z
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51608
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
AmaDiscount Plugin
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51606
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Blrt WP Embed
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51621
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Download-Mirror-Counter
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51570
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Easy Gallery
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51607
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Golf Tracker
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50539
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51619
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Market 360 Viewer
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51620
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Porsline
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51625
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Quran Shortcode
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50544
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
RSVP ME
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51602
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Simple Job Manager
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-6479
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51601
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Website price calculator
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51626
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Woocommerce Quote Calculator
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-51623
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WP EIS
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50540
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
(dp) AddThis
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51578
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
3D Presentation
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51614
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Aajoda Testimonials
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51685
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Accordion title for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50541
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10227
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
affiliate-toolkit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50521
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Alley Elementor Widget
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50543
Patch Status
Unpatched
Published
Oct 31, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51576
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
AMP Img Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50520
Patch Status
Unpatched
Published
Oct 30, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10226
Patch Status
Patched
Published
Oct 29, 2024
Affected Software
Arconix Shortcodes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51675
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
aThemes Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10232
Patch Status
Patched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51627
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Audio Comparison Lite
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50548
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Awesome Progress Bar
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51616
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
AwesomePress
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51589
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Bigmart Elements
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51662
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9388
Patch Status
Patched
Published
Oct 29, 2024
Affected Software
Black Widgets For Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50549
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Bonway Static Block Editor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51577
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
bpmn.io
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51596
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WordPress Business Plugin
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50553
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Classy Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51580
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51617
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Clyp
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51680
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Cresta Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51618
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Custom Admin Menu
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51683
Patch Status
Patched
Published
Nov 1, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50545
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51587
Patch Status
Unpatched
Published
Oct 31, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51676
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51610
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Display Terms Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9708
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Easy SVG Upload
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51586
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Elementary Addons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51678
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Elo Rating Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51609
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Emoji Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50551
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
EndomondoWP
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51575
Patch Status
Unpatched
Published
Oct 31, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51628
Patch Status
Unpatched
Published
Nov 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50536
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
GDReseller
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51605
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Genoo
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51594
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Gmap Point List
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51629
Patch Status
Unpatched
Published
Nov 1, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51590
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Hoo Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50552
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Hover Video Preview
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51682
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51673
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10223
Patch Status
Patched
Published
Oct 29, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50517
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
ID-SK Toolkit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51583
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Kento Ads Rotator
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51677
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Knowledge Base
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51572
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
LH QR Codes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51584
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Marquee Elementor with Posts
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51571
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
MasterBip para Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51604
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Media Modal
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51592
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Meta Store Elements
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51573
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50546
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
MyOrderDesk
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10181
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
Newsletters
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51603
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
NMR Strava activities
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10266
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
Premium Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50518
Patch Status
Unpatched
Published
Oct 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51612
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Reftagger Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51581
Patch Status
Patched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50542
Patch Status
Patched
Published
Oct 31, 2024
Affected Software
RLM Elementor Widgets Pack
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51585
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51598
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Selar.co Widget
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50538
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Show Visitor IP Address
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50554
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Sided
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51599
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Simple Business Manager
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51574
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Simple Goods
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6480
Patch Status
Unpatched
Published
Oct 31, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51595
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
SKSDEV Toolkit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51591
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Slicko
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50537
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Smart Mockups
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50535
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Step by Step
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51588
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Super Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9884
Patch Status
Unpatched
Published
Oct 29, 2024
Affected Software
T(-) Countdown
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50547
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Themedy Toolbox
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51597
Patch Status
Unpatched
Published
Oct 31, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51613
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
TradeMe widgets
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8627
Patch Status
Unpatched
Published
Oct 29, 2024
Affected Software
Ultimate TinyMCE
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9885
Patch Status
Unpatched
Published
Oct 29, 2024
Affected Software
Widget or Sidebar Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50556
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WM Zoom
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9886
Patch Status
Unpatched
Published
Oct 29, 2024
Affected Software
WP Baidu Map
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51622
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WP EASY RECIPE
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51611
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
WP Feature Box
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51681
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
WP Pocket URLs
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9446
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
WP Simple Anchors Links
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51593
Patch Status
Unpatched
Published
Oct 31, 2024
Affected Software
Курс валют UAH
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51644
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Addressbook
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51637
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Admin SMS Alert
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51641
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Advanced PDF Generator
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51643
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Amazon Associate Filter
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51654
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
APK Downloader
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51679
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Appointmind
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51638
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Awesome Shortcodes For Genesis
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51655
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Custom Author URL
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50533
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Domain Sharding
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51648
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
e-shopsカート2
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50532
Patch Status
Unpatched
Published
Oct 30, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10922
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Featured Posts Scroll
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51656
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Flash Show And Hide Box
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51688
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
FraudLabs Pro SMS Verification
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51636
Patch Status
Unpatched
Published
Nov 1, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50519
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Jigoshop – Store Exporter
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51640
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
MDR Webmaster Tools
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51649
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Mobilize
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51639
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Naver Blog
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51687
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Platform.ly Official
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10048
Patch Status
Patched
Published
Oct 28, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8871
Patch Status
Patched
Published
Oct 29, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51650
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Random Featured Post
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8739
Patch Status
Patched
Published
Nov 1, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51630
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Responsive Flickr Gallery
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51642
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Seo Free
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9438
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
SEUR Oficial
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51632
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
SH Slideshow
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51633
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Simple Page Specific Sidebars
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51652
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Skip To
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51657
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
SmartLink Dynamic URLs
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51631
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Sticky Social Bar
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8792
Patch Status
Patched
Published
Oct 29, 2024
Affected Software
Subscribe to Comments
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51645
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
ThemeFuse Maintenance Mode
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51659
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Twitter @Anywhere Plus
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51653
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
UPDATE NOTIFICATIONS
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51684
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
W3P SEO
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51634
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
Webriti Custom Login
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50522
Patch Status
Unpatched
Published
Oct 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51635
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
While Loading
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50534
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
World Prayer Time
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-51658
Patch Status
Unpatched
Published
Nov 1, 2024
Affected Software
WP Course Manager
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9434
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
WPGlobus Translate Options
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-7424
Patch Status
Patched
Published
Oct 31, 2024
CVSS Rating
Medium (5.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Oct 28, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10544
Patch Status
Unpatched
Published
Oct 30, 2024
Affected Software
Woo Manage Fraud Orders
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2023-5816
Patch Status
Unpatched
Published
Oct 29, 2024
Affected Software
Code Explorer
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51664
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Beds24 Online Booking
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51663
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-51668
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
MyCurator Content Curation
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5030
Patch Status
Patched
Published
Oct 28, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10399
Patch Status
Patched
Published
Oct 29, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51669
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Dynamic Widgets
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51660
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10312
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51686
Patch Status
Patched
Published
Nov 1, 2024
Affected Software
Manage User Columns
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10360
Patch Status
Patched
Published
Oct 28, 2024
Affected Software
Move Addons for Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51671
Patch Status
Patched
Published
Nov 1, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-51667
Patch Status
Patched
Published
Nov 1, 2024

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 28, 2024 to November 3, 2024) appeared first on Wordfence.

Leave a Comment