Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)


🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • All plugins and themes with 50-999 active installs hosted in the WordPress.org repository and updated within the last 2 years are in-scope for all researchers!
  • Minimum bounty of $5 for all valid in-scope submissions.
  • All researchers earn automatic bonuses of between 5% to 180% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 163 vulnerabilities disclosed in 148 WordPress Plugins and 4 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 49 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 82
Unpatched 81

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 90
High Severity 41
Critical Severity 30

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 52
Missing Authorization 25
Unrestricted Upload of File with Dangerous Type 24
Cross-Site Request Forgery (CSRF) 12
Deserialization of Untrusted Data 11
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 7
Authorization Bypass Through User-Controlled Key 5
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 5
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 5
Authentication Bypass Using an Alternate Path or Channel 4
Improper Control of Generation of Code (‘Code Injection’) 4
Exposure of Sensitive Information to an Unauthorized Actor 2
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2
Dependency on Vulnerable Third-Party Component 1
Exposure of Data Element to Wrong Session 1
External Control of File Name or Path 1
Improper Neutralization of Special Elements Used in a Template Engine 1
Improper Privilege Management 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
22
17
14
8
7
7
6
5
5
5
5
4
4
4
4
3
3
3
3
2
2
2
2
2
2
1
1
1
1
1
1
1
1

Gab
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
404 Error Monitor 404-error-monitor
404 Solution 404-solution
Admin and Site Enhancements (ASE) admin-site-enhancements
Ads Booster by Ads Pro free-wp-booster-by-ads-pro
Advanced Order Export For WooCommerce woo-order-export-lite
Advanced Personalization personalization-by-flowcraft
AFI – The Easiest Integration Plugin advanced-form-integration
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool
AJAX Login and Registration modal popup + inline form ajax-login-and-registration-modal-popup
AJAX Random Posts ajax-random-posts
Aqua SVG Sprite aqua-svg-sprite
B-Banner Slider b-banner-slider
Backup and Staging by WP Time Capsule wp-time-capsule
Blogger 301 Redirect blogger-301-redirect
Boat Rental Plugin for WordPress boat-rental-system
Boostify Header Footer Builder for Elementor boostify-header-footer-builder
Bounce Handler MailPoet 3 bounce-handler-mailpoet
BuddyPress Builder for Elementor – BuddyBuilder stax-buddy-builder
BulkPress bulkpress
Buy one click WooCommerce buy-one-click-woocommerce
CDI – Collect and Deliver Interface for Woocommerce collect-and-deliver-interface-for-woocommerce
CF7 Reply Manager cf7-reply-manager
Chartify – WordPress Chart Plugin chart-builder
Classified Listing – Classified ads & Business Directory Plugin classified-listing
Constant Contact Forms by MailMunch constant-contact-forms-by-mailmunch
Contact Form 7 Redirect & Thank You Page cf7-redirect-thank-you-page
Convert Docx2post convert-docx2post
ConvertCalculator for WordPress convertcalculator
Copy Anything to Clipboard copy-the-code
CSV to html csv-to-html
Customer Reviews for WooCommerce customer-reviews-woocommerce
CYAN Backup cyan-backup
Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative
Devexhub Gallery devexhub-gallery
DigiPass digipass
Disable Admin Notices individually disable-admin-notices
Do That Task do-that-task
Drop Shadow Boxes drop-shadow-boxes
Drozd – Addons for Elementor drozd-addons-for-elementor
Easy CSV Importer BETA easy-csv-importer
EleForms – All In One Form Integration including DB for Elementor all-contact-form-integration-for-elementor
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner
Exclusive Content Password Protect exclusive-content-password-protect
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme exclusive-divi
External Database Based Actions external-database-based-actions
Floating Buttons for WooCommerce shop-assistant-for-woocommerce-jarvis
Futurio Extra futurio-extra
Gallerio gallerio
Gallery Manager fancy-gallery
Global Gateway e4 | Payeezy Gateway | globe-gateway-e4
GPX Viewer gpx-viewer
Hacklog DownloadManager hacklog-downloadmanager
Happy Addons for Elementor happy-elementor-addons
Hash Elements hash-elements
Hebrew Dates hebrewdates
Hide Links hide-links
Hide My WP Ghost – Security & Firewall hide-my-wp
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress hive-support
Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) ai-image
JetWidgets For Elementor jetwidgets-for-elementor
KBucket: Your Curated Content in WordPress kbucket
kineticPay for WooCommerce kineticpay-for-woocommerce
Kognetiks Chatbot for WordPress chatbot-chatgpt
LearnPress Export Import – WordPress extension for LearnPress learnpress-import-export
Linear linear
Lis Video Gallery lis-video-gallery
Login using WordPress Users ( WP as SAML IDP ) miniorange-wp-as-saml-idp
LUNA RADIO PLAYER lu-radioplayer
Mapster WP Maps mapster-wp-maps
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations master-addons
Matix Popup Builder medma-matix
Migration, Backup, Staging – WPvivid Backup & Migration wpvivid-backuprestore
MultiManager WP – Manage All Your WordPress Sites Easily multimanager-wp
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
Music Player for Elementor – Audio Player & Podcast Player music-player-for-elementor
My Geo Posts Free my-geo-posts-free
NiceJob nicejob
NIX Anti-Spam Light nix-anti-spam-light
PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder
PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce
Picsmize picsmize
Pie Register Premium pie-register-premium
PJW Mime Config pjw-mime-config
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
Popularis Extra popularis-extra
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups ays-popup-box
Popup by Supsystic popup-by-supsystic
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more post-smtp
Premium Packages – Sell Digital Products Securely wpdm-premium-packages
Print PDF Generator and Publisher nopeamedia
Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite
Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist
Razorpay Payment Button Elementor Plugin razorpay-payment-button-elementor
Razorpay Payment Button Plugin razorpay-payment-button
Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder real3d-flipbook-lite
Really Simple Security Pro really-simple-ssl-pro
Really Simple Security Pro multisite really-simple-ssl-pro-multisite
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) really-simple-ssl
Referrer Detector referrer-detector
Relais 2FA relais-2fa
Royal Elementor Addons and Templates royal-elementor-addons
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator
Simple Local Avatars simple-local-avatars
Simple Pricing Table simple-pricing-table
Simple Side Tab simple-side-tab
SimpleForm Contact Form Submissions simpleform-contact-form-submissions
SimpleForm – Contact form made simple simpleform
SK WP Settings Backup sk-wp-settings-backup
Slickstream: Engagement and Conversions slick-engagement
Social Proof (Testimonial) Slider social-proof-testimonials-slider
Steel steel
Styler for Ninja Forms styler-for-ninja-forms-lite
SVG Case Study case-study
SVGPlus svgplus
Team Member – Multi Language Supported Team Plugin team-showcase-supreme
Themify Builder themify-builder
Tutor LMS Elementor Addons tutor-lms-elementor-addons
Twigify twigify
Uix Slideshow uix-slideshow
User Management user-management
W3SPEEDSTER w3speedster-wp
WDES Responsive Mobile Menu wdes-responsive-mobile-menu
WOLF – WordPress Posts Bulk Editor and Manager Professional bulk-editor
WooCommerce Upload Files woocommerce-upload-files
WordPress BasePress Migration Tools basepress-migration-tools
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto
WordPress GDPR wordpress-gdpr
WordPress User Extra Fields wp-user-extra-fields
WordPress Video Robot – The Ultimate Video Importer wp-video-robot
WP Activity Log wp-security-audit-log
WP AdCenter – Ad Manager & Adsense Ads wpadcenter
WP Chat App wp-whatsapp
WP Githuber MD – WordPress Markdown Editor wp-githuber-md
WP Job Portal – A Complete Recruitment System for Company or Job Board website wp-job-portal
WP Log Viewer wp-log-viewer
WP Popup Window Maker easy-popup-lightbox-maker
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts wedevs-project-manager
WP Quick Setup wp-quick-setup
wp-login customizer wp-login-customizer
WP-Strava wp-strava
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
Writer Helper writer-helper
xili-tidy-tags xili-tidy-tags
Yotpo: Product & Photo Reviews for WooCommerce yotpo-social-reviews-for-woocommerce
ZIJ KART zij-kart
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 fat-rat-collect

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Airin Blog airin-blog
Gameplan – Event and Gym Fitness WordPress Theme gameplan
reconstruction reconstruction
Xin xin

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-52406
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
CSV to html
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52428
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Ads Booster by Ads Pro
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52411
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Advanced Personalization
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52413
Patch Status
Patched
Published
Nov 13, 2024
Affected Software
Airin Blog
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52409
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
AJAX Random Posts
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-8856
Patch Status
Patched
Published
Nov 15, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52376
Patch Status
Unpatched
Published
Nov 11, 2024
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10571
Patch Status
Patched
Published
Nov 13, 2024
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52375
Patch Status
Unpatched
Published
Nov 11, 2024
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52373
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
Devexhub Gallery
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52374
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
Do That Task
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52372
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
Easy CSV Importer BETA
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52377
Patch Status
Patched
Published
Nov 11, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52379
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
kineticPay for WooCommerce
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52430
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Lis Video Gallery
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52382
Patch Status
Unpatched
Published
Nov 11, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52433
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
My Geo Posts Free
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52432
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
NIX Anti-Spam Light
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52380
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
Picsmize
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52410
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Referrer Detector
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10245
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
Relais 2FA
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52414
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
WDES Responsive Mobile Menu
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10820
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
WooCommerce Upload Files
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-11150
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
WordPress User Extra Fields
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52412
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Xin
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52381
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
ZIJ KART
Researcher
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-52371
Patch Status
Unpatched
Published
Nov 11, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-52434
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Popup by Supsystic
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52405
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
B-Banner Slider
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52407
Patch Status
Unpatched
Published
Nov 13, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52404
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
CF7 Reply Manager
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52397
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Convert Docx2post
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52427
Patch Status
Patched
Published
Nov 15, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52402
Patch Status
Unpatched
Published
Nov 13, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52400
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Gallerio
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10629
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
GPX Viewer
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52401
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Hacklog DownloadManager
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52369
Patch Status
Unpatched
Published
Nov 11, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10962
Patch Status
Patched
Published
Nov 13, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10728
Patch Status
Patched
Published
Nov 15, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52408
Patch Status
Unpatched
Published
Nov 13, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52415
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
SK WP Settings Backup
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52403
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
User Management
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10800
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
WordPress User Extra Fields
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52429
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
WP Quick Setup
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9192
Patch Status
Unpatched
Published
Nov 15, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52399
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Writer Helper
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-10828
Patch Status
Patched
Published
Nov 12, 2024
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10645
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Blogger 301 Redirect
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-52378
Patch Status
Unpatched
Published
Nov 11, 2024
Affected Software
DigiPass
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10311
Patch Status
Unpatched
Published
Nov 14, 2024
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10816
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
LUNA RADIO PLAYER
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-9935
Patch Status
Patched
Published
Nov 15, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-52431
Patch Status
Unpatched
Published
Nov 15, 2024
CVSS Rating
High (7.3)
CVE-ID
Unknown
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Twigify
Researcher
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9839
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Uix Slideshow
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52398
Patch Status
Patched
Published
Nov 13, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9887
Patch Status
Patched
Published
Nov 15, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52393
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
Podlove Podcast Publisher
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52385
Patch Status
Unpatched
Published
Nov 11, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10388
Patch Status
Patched
Published
Nov 17, 2024
Affected Software
WordPress GDPR
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10793
Patch Status
Patched
Published
Nov 14, 2024
Affected Software
WP Activity Log
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-10717
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Styler for Ninja Forms
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-11069
Patch Status
Patched
Published
Nov 17, 2024
Affected Software
WordPress GDPR
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9426
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Aqua SVG Sprite
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10015
Patch Status
Patched
Published
Nov 15, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52419
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Copy Anything to Clipboard
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52425
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Drozd – Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10538
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10323
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
JetWidgets For Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52426
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Linear
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10592
Patch Status
Patched
Published
Nov 15, 2024
Affected Software
Mapster WP Maps
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10887
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
NiceJob
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10017
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
PJW Mime Config
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52394
Patch Status
Patched
Published
Nov 11, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9668
Patch Status
Patched
Published
Nov 12, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51899
Patch Status
Unpatched
Published
Nov 14, 2024
Affected Software
Simple Pricing Table
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8985
Patch Status
Unpatched
Published
Nov 12, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10147
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Steel
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9850
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
SVG Case Study
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-11092
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
SVGPlus
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52423
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
Themify Builder
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52422
Patch Status
Unpatched
Published
Nov 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52389
Patch Status
Patched
Published
Nov 11, 2024
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-10262
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Drop Shadow Boxes
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10877
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8874
Patch Status
Unpatched
Published
Nov 12, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9938
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Bounce Handler MailPoet 3
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9615
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
BulkPress
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9614
Patch Status
Patched
Published
Nov 12, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10685
Patch Status
Patched
Published
Nov 11, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10875
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
Gallery Manager
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52418
Patch Status
Unpatched
Published
Nov 13, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52388
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
Hebrew Dates
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10825
Patch Status
Patched
Published
Nov 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10684
Patch Status
Patched
Published
Nov 12, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9609
Patch Status
Patched
Published
Nov 14, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8873
Patch Status
Patched
Published
Nov 15, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10882
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10851
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
Razorpay Payment Button Plugin
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10850
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52417
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
reconstruction
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10883
Patch Status
Unpatched
Published
Nov 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10884
Patch Status
Unpatched
Published
Nov 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52424
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
wp-login customizer
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10038
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
WP-Strava
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9357
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
xili-tidy-tags
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9356
Patch Status
Patched
Published
Nov 14, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-10790
Patch Status
Patched
Published
Nov 11, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-11085
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
WP Log Viewer
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-11118
Patch Status
Unpatched
Published
Nov 15, 2024
Affected Software
404 Error Monitor
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-11094
Patch Status
Patched
Published
Nov 15, 2024
Affected Software
404 Solution
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-52395
Patch Status
Patched
Published
Nov 11, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10802
Patch Status
Patched
Published
Nov 12, 2024
Affected Software
Hash Elements
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9578
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Hide Links
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10529
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10531
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-52391
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
Pie Register Premium
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-52390
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
CYAN Backup
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-52435
Patch Status
Unpatched
Published
Nov 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-10551
Patch Status
Patched
Published
Nov 16, 2024
Affected Software
Simple Side Tab
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10794
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10778
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10853
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10852
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10854
Patch Status
Unpatched
Published
Nov 12, 2024
Affected Software
Buy one click WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10614
Patch Status
Patched
Published
Nov 15, 2024
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52420
Patch Status
Unpatched
Published
Nov 13, 2024
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10695
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
Futurio Extra
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10530
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-11143
Patch Status
Patched
Published
Nov 12, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10795
Patch Status
Patched
Published
Nov 15, 2024
Affected Software
Popularis Extra
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10786
Patch Status
Patched
Published
Nov 15, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10897
Patch Status
Patched
Published
Nov 14, 2024
Affected Software
Tutor LMS Elementor Addons
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52392
Patch Status
Patched
Published
Nov 11, 2024
Affected Software
W3SPEEDSTER
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10533
Patch Status
Patched
Published
Nov 15, 2024
Affected Software
WP Chat App
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52421
Patch Status
Unpatched
Published
Nov 13, 2024
Affected Software
WP Popup Window Maker
Researcher
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-10672
Patch Status
Patched
Published
Nov 11, 2024
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-52396
Patch Status
Patched
Published
Nov 11, 2024

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024) appeared first on Wordfence.

Leave a Comment