Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025:
- All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
- All plugins and themes with 50-999 active installs hosted in the WordPress.org repository and updated within the last 2 years are in-scope for all researchers!
- All plugins and themes hosted in the WordPress.org repository with any install count are in scope for our preset list of high threat vulnerabilities.
- $150 bonus awarded when a researcher submits at least 15 valid high threat vulnerabilities, and then a $50 bonus awarded for every 5 submitted thereafter.
- Minimum bounty of $5 for all valid in-scope submissions.
- All researchers earn automatic bonuses of between 5% to 180% for valid submissions
- Pending report limits are increased for all
- It’s possible to earn up to $31,200 for high impact vulnerabilities!
Last week, there were 104 vulnerabilities disclosed in 103 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-773 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 50 |
| Unpatched | 54 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 90 |
| High Severity | 8 |
| Critical Severity | 6 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 49 |
| Cross-Site Request Forgery (CSRF) | 23 |
| Missing Authorization | 6 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 4 |
| Authorization Bypass Through User-Controlled Key | 3 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Improper Control of Generation of Code (‘Code Injection’) | 2 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Improper Authorization | 1 |
| Improper Check or Handling of Exceptional Conditions | 1 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 1 |
| Improper Handling of Missing Values | 1 |
| Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | 1 |
| Incorrect Conversion between Numeric Types | 1 |
| Path Traversal: ‘…/…//’ | 1 |
| Weak Password Recovery Mechanism for Forgotten Password | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 26 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Additional Order Filters for WooCommerce | additional-order-filters-for-woocommerce |
| Advanced What should we write next about | advanced-what-should-we-write-about-next |
| AppPresser – Mobile App Framework | apppresser |
| ArCa Payment Gateway | arca-payment-gateway |
| Best Addons for Elementor | best-addons-for-elementor |
| BNE Gallery Extended | bne-gallery-extended |
| Booking & Appointment Plugin for WooCommerce | woocommerce-booking |
| Booking calendar, Appointment Booking System | booking-calendar |
| Booster for WooCommerce | woocommerce-jetpack |
| Build App Online | build-app-online |
| Capitalize My Title WordPress Plugin | capitalize-my-title |
| Chatter | chatter |
| CM Business Directory Plugin – Business Listing Directory | cm-business-directory |
| CM Header & Footer Script Loader – Insert Script Plugin | cm-header-footer-script-loader |
| CM Pop-Up Banners for WordPress | cm-pop-up-banners |
| CM Tooltip Glossary | enhanced-tooltipglossary |
| CM WordPress Search And Replace Plugin | cm-on-demand-search-and-replace |
| Content Audit Exporter | content-audit-exporter |
| Countdown Timer for Elementor | countdown-timer-for-elementor |
| Counter Up – Animated Number Counter & Milestone Showcase | wp-counter-up |
| Cowidgets – Elementor Addons | cowidgets-elementor-addons |
| CultBooking Hotel Booking Engine | cultbooking-booking-engine |
| Custom Post Type to Map Store | cpt-to-map-store |
| DancePress (TRWA) | dancepress-trwa |
| Devnex Addons For Elementor | devnex-addons-for-elementor |
| Donate Me | donate-me |
| Elementor Button Plus | fd-elementor-button-plus |
| Elementor Image Gallery Plugin ( Masonry Gallery, Elementor Gallery Plugin With Captions, Elementor Portfolio Gallery Widget, Filterable Gallery ) | skyboot-portfolio-gallery |
| Elementor Website Builder – More than Just a Page Builder | elementor |
| EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents | embedpress |
| Essential Breadcrumbs | essential-breadcrumbs |
| FAQ Builder AYS | faq-builder-ays |
| FastBook – Responsive Appointment Booking and Scheduling System | fastbook-responsive-appointment-booking-and-scheduling-system |
| File Manager Pro – Filester | filester |
| HLS Player | hls-player |
| Hustle – Email Marketing, Lead Generation, Optins, Popups | wordpress-popup |
| Image Alt Text | image-alt-text |
| InPost Gallery | inpost-gallery |
| Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) | automatic-internal-links-for-seo |
| Jeg Elementor Kit | jeg-elementor-kit |
| JobSearch WP Job Board | wp-jobsearch |
| Kudos Donations – Easy donations and payments with Mollie | kudos-donations |
| LegalWeb Cloud | legalweb-cloud |
| Lenxel Core | lenxel-core |
| Load More Posts | load-more-posts |
| Login with Vipps and MobilePay | login-with-vipps |
| Mins To Read | mins-to-read |
| Multilevel Referral Affiliate Plugin for WooCommerce | multilevel-referral-plugin-for-woocommerce |
| Name: CM E-Mail Registration Blacklist | cm-email-blacklist |
| Newsletter, Email Marketing, Email Subscriber – Mail Picker | mail-picker |
| Ni WooCommerce Cost Of Goods | ni-woocommerce-cost-of-goods |
| Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | otter-blocks |
| Out Of Stock Badge | out-of-stock-badge |
| Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
| Parsi Date | wp-parsidate |
| PayPal Responder | paypal-responder |
| Photo Video Store | photo-video-store |
| Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons | contest-gallery |
| Pixobe Cartography | pixobe-cartography |
| Plugin | Plugin |
| Post Carousel Slider for Elementor | post-carousel-slider-for-elementor |
| Pricing Tables For WPBakery Page Builder (formerly Visual Composer) | pricing-tables-for-visual-composer |
| Primary Addon for Elementor | primary-addon-for-elementor |
| Product Input Fields for WooCommerce | product-input-fields-for-woocommerce |
| Ragic Shortcode | ragic-shortcode |
| Random Banner | random-banner |
| Restaurant & Cafe Addon for Elementor | restaurant-cafe-addon-for-elementor |
| RingCentral Communications Plugin – FREE | rccp-free |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| Security & Malware scan by CleanTalk | security-malware-firewall |
| SEO Landing Page Generator | seo-landing-page-generator |
| Simple Header and Footer | simple-header-and-footer |
| Simple Popup Plugin | simple-popup-plugin |
| SimpleSchema Free | simpleschema-free |
| Skt NURCaptcha | skt-nurcaptcha |
| Smart Marketing SMS and Newsletters Forms | smart-marketing-for-wp |
| Social Sharing Plugin – Sassy Social Share | sassy-social-share |
| Softtemplates For Elementor | softtemplates-for-elementor |
| Sp*tify Play Button for WordPress | spotify-play-button-for-wordpress |
| Spam protection, Anti-Spam, FireWall by CleanTalk | cleantalk-spam-protect |
| Sparkle Elementor Kit | sparkle-elementor-kit |
| SpatialMatch IDX | spatialmatch-free-lifestyle-search |
| StreamWeasels YouTube Integration | streamweasels-youtube-integration |
| Stripe Donation | bin-stripe-donation |
| Support SVG – Upload svg files in wordpress without hassle | support-svg |
| Third Party Cookie Eraser | third-party-cookie-eraser |
| Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | boldgrid-backup |
| Tumult Hype Animations | tumult-hype-animations |
| Vertical Carousel | vertical-carousel-slider |
| Video Lessons Manager – WordPress LMS Plugin | cm-video-lesson-manager |
| Video Player for WPBakery | video-player-for-wpbakery |
| Wallet for WooCommerce | woo-wallet |
| Watu Quiz | watu |
| Widget Options – The #1 WordPress Widget & Block Control Plugin | widget-options |
| WooCommerce Ultimate Gift Card | woocommerce-ultimate-gift-card |
| WordPress Contact Forms by Cimatti | contact-forms |
| WordPress Portfolio Builder – Portfolio Gallery | uber-grid |
| WP Find Your Nearest | wp-find-your-nearest |
| WP MathJax | wp-mathjax-plus |
| WP Mermaid | wp-mermaid |
| Yahoo! WebPlayer | yahoo-media-player |
| Znajdź Pracę z Praca.pl | znajdz-prace-z-pracapl |
| 소셜 공유 버튼 By 코스모스팜 | cosmosfarm-share-buttons |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-11082
CVE-2024-11082
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Tumult Hype Animations
Tumult Hype Animations
Researcher
CVE-ID
CVE-2024-8672
CVE-2024-8672
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Widget Options – The #1 WordPress Widget & Block Control Plugin
Widget Options – The #1 WordPress Widget & Block Control Plugin
Researcher
AppPresser – Mobile App Framework <= 4.4.6 – Unauthenticated Privilege Escalation via Password Reset
9.8
CVE-ID
CVE-2024-11024
CVE-2024-11024
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
AppPresser – Mobile App Framework
AppPresser – Mobile App Framework
Researcher
CVE-ID
CVE-2024-11103
CVE-2024-11103
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
CVE-ID
CVE-2024-10542
CVE-2024-10542
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Spam protection, Anti-Spam, FireWall by CleanTalk
Spam protection, Anti-Spam, FireWall by CleanTalk
Researcher
CVE-ID
CVE-2024-11925
CVE-2024-11925
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
JobSearch WP Job Board
JobSearch WP Job Board
Researcher
CVE-ID
CVE-2024-10729
CVE-2024-10729
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Booking & Appointment Plugin for WooCommerce
Booking & Appointment Plugin for WooCommerce
Researcher
CVE-ID
CVE-2024-53790
CVE-2024-53790
Patch Status
Unpatched
Unpatched
Published
Nov 29, 2024
Nov 29, 2024
Affected Software
Lenxel Core
Lenxel Core
Researcher
CVE-ID
CVE-2024-10781
CVE-2024-10781
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Spam protection, Anti-Spam, FireWall by CleanTalk
Spam protection, Anti-Spam, FireWall by CleanTalk
Researcher
CVE-ID
CVE-2024-8066
CVE-2024-8066
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
File Manager Pro – Filester
File Manager Pro – Filester
Researcher
CVE-ID
CVE-2024-10570
CVE-2024-10570
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Security & Malware scan by CleanTalk
Security & Malware scan by CleanTalk
Researcher
CVE-ID
CVE-2024-9504
CVE-2024-9504
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Booking calendar, Appointment Booking System
Booking calendar, Appointment Booking System
Researcher
CVE-ID
CVE-2024-9669
CVE-2024-9669
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
File Manager Pro – Filester
File Manager Pro – Filester
Researcher
Total Upkeep <= 1.16.6 – Authenticated (Administrator+) Remote Code Execution via Backup Settings
7.2
CVE-ID
CVE-2024-9461
CVE-2024-9461
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
Researcher
CVE-ID
CVE-2024-10857
CVE-2024-10857
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Product Input Fields for WooCommerce
Product Input Fields for WooCommerce
Researcher
CVE-ID
CVE-2024-7747
CVE-2024-7747
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Wallet for WooCommerce
Wallet for WooCommerce
Researcher
CVE-ID
CVE-2024-53792
CVE-2024-53792
Patch Status
Patched
Patched
Published
Nov 29, 2024
Nov 29, 2024
Affected Software
Watu Quiz
Watu Quiz
Researcher
CVE-ID
CVE-2024-53763
CVE-2024-53763
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Best Addons for Elementor
Best Addons for Elementor
Researcher
CVE-ID
CVE-2024-11119
CVE-2024-11119
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
BNE Gallery Extended
BNE Gallery Extended
Researcher
CVE-ID
CVE-2024-53760
CVE-2024-53760
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Capitalize My Title WordPress Plugin
Capitalize My Title WordPress Plugin
Researcher
Countdown Timer for Elementor <= 1.3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-53743
CVE-2024-53743
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Countdown Timer for Elementor
Countdown Timer for Elementor
Researcher
CVE-ID
CVE-2024-10895
CVE-2024-10895
Patch Status
Unpatched
Unpatched
Published
Nov 26, 2024
Nov 26, 2024
Affected Software
Counter Up – Animated Number Counter & Milestone Showcase
Counter Up – Animated Number Counter & Milestone Showcase
Researcher
Cowidgets – Elementor Addons <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-53786
CVE-2024-53786
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Cowidgets – Elementor Addons
Cowidgets – Elementor Addons
Researcher
CVE-ID
CVE-2024-53766
CVE-2024-53766
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Devnex Addons For Elementor
Devnex Addons For Elementor
Researcher
CVE-ID
CVE-2024-53746
CVE-2024-53746
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Elementor Button Plus
Elementor Button Plus
Researcher
Elementor Image Gallery Plugin <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-53744
CVE-2024-53744
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
CVE-ID
CVE-2024-8236
CVE-2024-8236
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Elementor Website Builder – More than Just a Page Builder
Elementor Website Builder – More than Just a Page Builder
Researcher
CVE-ID
CVE-2024-11203
CVE-2024-11203
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
CVE-ID
CVE-2024-11333
CVE-2024-11333
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
HLS Player
HLS Player
Researcher
CVE-ID
CVE-2024-10308
CVE-2024-10308
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Jeg Elementor Kit
Jeg Elementor Kit
Researcher
CVE-ID
CVE-2024-11761
CVE-2024-11761
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
LegalWeb Cloud
LegalWeb Cloud
Researcher
CVE-ID
CVE-2024-53791
CVE-2024-53791
Patch Status
Unpatched
Unpatched
Published
Nov 29, 2024
Nov 29, 2024
Affected Software
Lenxel Core
Lenxel Core
Researcher
Login with Vipps and MobilePay <= 1.3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-11786
CVE-2024-11786
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Login with Vipps and MobilePay
Login with Vipps and MobilePay
Researcher
CVE-ID
CVE-2024-53772
CVE-2024-53772
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Newsletter, Email Marketing, Email Subscriber – Mail Picker
Newsletter, Email Marketing, Email Subscriber – Mail Picker
Researcher
CVE-ID
CVE-2024-53767
CVE-2024-53767
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Pixobe Cartography
Pixobe Cartography
Researcher
CVE-ID
CVE-2024-53749
CVE-2024-53749
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Post Carousel Slider for Elementor
Post Carousel Slider for Elementor
Researcher
CVE-ID
CVE-2024-10175
CVE-2024-10175
Patch Status
Unpatched
Unpatched
Published
Nov 26, 2024
Nov 26, 2024
Affected Software
Pricing Tables For WPBakery Page Builder (formerly Visual Composer)
Pricing Tables For WPBakery Page Builder (formerly Visual Composer)
Researcher
CVE-ID
CVE-2024-11431
CVE-2024-11431
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Ragic Shortcode
Ragic Shortcode
Researcher
CVE-ID
CVE-2024-53787
CVE-2024-53787
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Random Banner
Random Banner
Researcher
CVE-ID
CVE-2024-53741
CVE-2024-53741
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Simple Popup Plugin
Simple Popup Plugin
Researcher
CVE-ID
CVE-2024-53771
CVE-2024-53771
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
SimpleSchema Free
SimpleSchema Free
Researcher
CVE-ID
CVE-2024-53764
CVE-2024-53764
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Softtemplates For Elementor
Softtemplates For Elementor
Researcher
CVE-ID
CVE-2024-53774
CVE-2024-53774
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Sparkle Elementor Kit
Sparkle Elementor Kit
Researcher
CVE-ID
CVE-2024-11192
CVE-2024-11192
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Sp*tify Play Button for WordPress
Sp*tify Play Button for WordPress
Researcher
CVE-ID
CVE-2024-11788
CVE-2024-11788
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
StreamWeasels YouTube Integration
StreamWeasels YouTube Integration
Researcher
CVE-ID
CVE-2024-53752
CVE-2024-53752
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Stripe Donation
Stripe Donation
Researcher
CVE-ID
CVE-2024-11091
CVE-2024-11091
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Support SVG – Upload svg files in wordpress without hassle
Support SVG – Upload svg files in wordpress without hassle
Researcher
CVE-ID
CVE-2024-53756
CVE-2024-53756
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Vertical Carousel
Vertical Carousel
Researcher
CVE-ID
CVE-2024-53747
CVE-2024-53747
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Video Player for WPBakery
Video Player for WPBakery
Researcher
CVE-ID
CVE-2024-53757
CVE-2024-53757
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
WP Find Your Nearest
WP Find Your Nearest
Researcher
CVE-ID
CVE-2024-53758
CVE-2024-53758
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
WP MathJax
WP MathJax
Researcher
CVE-ID
CVE-2024-53748
CVE-2024-53748
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
WP Mermaid
WP Mermaid
Researcher
CVE-ID
CVE-2024-53773
CVE-2024-53773
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Znajdź Pracę z Praca.pl
Znajdź Pracę z Praca.pl
Researcher
CVE-ID
CVE-2024-53745
CVE-2024-53745
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
소셜 공유 버튼 By 코스모스팜
소셜 공유 버튼 By 코스모스팜
Researcher
CVE-ID
CVE-2024-11002
CVE-2024-11002
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
InPost Gallery
InPost Gallery
Researcher
CVE-ID
CVE-2024-11418
CVE-2024-11418
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Additional Order Filters for WooCommerce
Additional Order Filters for WooCommerce
Researcher
CultBooking Hotel Booking Engine <= 2.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2024-53753
CVE-2024-53753
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
CultBooking Hotel Booking Engine
CultBooking Hotel Booking Engine
Researcher
Custom Post Type to Map Store <= 1.1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2024-53769
CVE-2024-53769
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Custom Post Type to Map Store
Custom Post Type to Map Store
Researcher
CVE-ID
CVE-2024-53778
CVE-2024-53778
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Essential Breadcrumbs
Essential Breadcrumbs
Researcher
CVE-ID
CVE-2024-11458
CVE-2024-11458
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
FAQ Builder AYS
FAQ Builder AYS
Researcher
CVE-ID
CVE-2024-53762
CVE-2024-53762
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
FastBook – Responsive Appointment Booking and Scheduling System
FastBook – Responsive Appointment Booking and Scheduling System
Researcher
Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 – Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2024-11684
CVE-2024-11684
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Kudos Donations – Easy donations and payments with Mollie
Kudos Donations – Easy donations and payments with Mollie
Researcher
CVE-ID
CVE-2024-11685
CVE-2024-11685
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Kudos Donations – Easy donations and payments with Mollie
Kudos Donations – Easy donations and payments with Mollie
Researcher
CVE-ID
CVE-2024-53780
CVE-2024-53780
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Load More Posts
Load More Posts
Researcher
CVE-ID
CVE-2024-53765
CVE-2024-53765
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Mins To Read
Mins To Read
Researcher
CVE-ID
CVE-2024-53742
CVE-2024-53742
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Multilevel Referral Affiliate Plugin for WooCommerce
Multilevel Referral Affiliate Plugin for WooCommerce
Researcher
CVE-ID
CVE-2024-11202
CVE-2024-11202
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
CM WordPress Search And Replace Plugin
Video Lessons Manager – WordPress LMS Plugin
CM Tooltip Glossary
CM Pop-Up Banners for WordPress
CM Header & Footer Script Loader – Insert Script Plugin
Name: CM E-Mail Registration Blacklist
CM Business Directory Plugin – Business Listing Directory
CM WordPress Search And Replace Plugin
Video Lessons Manager – WordPress LMS Plugin
CM Tooltip Glossary
CM Pop-Up Banners for WordPress
CM Header & Footer Script Loader – Insert Script Plugin
Name: CM E-Mail Registration Blacklist
CM Business Directory Plugin – Business Listing Directory
Researcher
CVE-ID
CVE-2024-53754
CVE-2024-53754
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Out Of Stock Badge
Out Of Stock Badge
Researcher
CVE-ID
CVE-2024-11032
CVE-2024-11032
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Parsi Date
Parsi Date
Researcher
CVE-ID
CVE-2024-53750
CVE-2024-53750
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
PayPal Responder
PayPal Responder
Researcher
CVE-ID
CVE-2024-53782
CVE-2024-53782
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Photo Video Store
Photo Video Store
Researcher
CVE-ID
CVE-2024-11366
CVE-2024-11366
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
SEO Landing Page Generator
SEO Landing Page Generator
Researcher
CVE-ID
CVE-2024-53777
CVE-2024-53777
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Simple Header and Footer
Simple Header and Footer
Researcher
CVE-ID
CVE-2024-11342
CVE-2024-11342
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Skt NURCaptcha
Skt NURCaptcha
Researcher
CVE-ID
CVE-2024-11252
CVE-2024-11252
Patch Status
Patched
Patched
Published
Nov 29, 2024
Nov 29, 2024
Affected Software
Social Sharing Plugin – Sassy Social Share
Social Sharing Plugin – Sassy Social Share
Researcher
CVE-ID
CVE-2024-53781
CVE-2024-53781
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
SpatialMatch IDX
SpatialMatch IDX
Researcher
CVE-ID
CVE-2024-53755
CVE-2024-53755
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Third Party Cookie Eraser
Third Party Cookie Eraser
Researcher
CVE-ID
CVE-2024-53740
CVE-2024-53740
Patch Status
Patched
Patched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
WooCommerce Ultimate Gift Card
WooCommerce Ultimate Gift Card
Researcher
CVE-ID
CVE-2024-53761
CVE-2024-53761
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Plugin
Plugin
Researcher
CVE-ID
CVE-2024-9170
CVE-2024-9170
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Booster for WooCommerce
Booster for WooCommerce
Researcher
CVE-ID
CVE-2024-53759
CVE-2024-53759
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
ArCa Payment Gateway
ArCa Payment Gateway
Researcher
CVE-ID
CVE-2024-53770
CVE-2024-53770
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
RingCentral Communications Plugin – FREE
RingCentral Communications Plugin – FREE
Researcher
CVE-ID
CVE-2024-53768
CVE-2024-53768
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Content Audit Exporter
Content Audit Exporter
Researcher
CVE-ID
CVE-2024-10580
CVE-2024-10580
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
Affected Software
Hustle – Email Marketing, Lead Generation, Optins, Popups
Hustle – Email Marketing, Lead Generation, Optins, Popups
Researcher
CVE-ID
CVE-2024-11219
CVE-2024-11219
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher
CVE-ID
CVE-2024-11083
CVE-2024-11083
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
CVE-ID
CVE-2024-11009
CVE-2024-11009
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
Researcher
CVE-ID
CVE-2024-53783
CVE-2024-53783
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Ni WooCommerce Cost Of Goods
Ni WooCommerce Cost Of Goods
Researcher
CVE-ID
CVE-2024-53775
CVE-2024-53775
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
DancePress (TRWA)
DancePress (TRWA)
Researcher
CVE-ID
CVE-2024-53788
CVE-2024-53788
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
WordPress Portfolio Builder – Portfolio Gallery
WordPress Portfolio Builder – Portfolio Gallery
Researcher
CVE-ID
CVE-2024-53789
CVE-2024-53789
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Advanced What should we write next about
Advanced What should we write next about
Researcher
CVE-ID
CVE-2024-53751
CVE-2024-53751
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Build App Online
Build App Online
Researcher
CVE-ID
CVE-2024-53785
CVE-2024-53785
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Chatter
Chatter
Researcher
CVE-ID
CVE-2024-53793
CVE-2024-53793
Patch Status
Unpatched
Unpatched
Published
Nov 29, 2024
Nov 29, 2024
Affected Software
Plugin
Plugin
Researcher
CVE-ID
CVE-2024-10579
CVE-2024-10579
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Hustle – Email Marketing, Lead Generation, Optins, Popups
Hustle – Email Marketing, Lead Generation, Optins, Popups
Researcher
Image Alt Text <= 2.0.0 – Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update
4.3
CVE-ID
CVE-2024-11918
CVE-2024-11918
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Image Alt Text
Image Alt Text
Researchers
CVE-ID
CVE-2024-8899
CVE-2024-8899
Patch Status
Patched
Patched
Published
Nov 25, 2024
Nov 25, 2024
Affected Software
Jeg Elementor Kit
Jeg Elementor Kit
Researcher
CVE-ID
CVE-2024-10670
CVE-2024-10670
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Primary Addon for Elementor
Primary Addon for Elementor
Researcher
CVE-ID
CVE-2024-10780
CVE-2024-10780
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Restaurant & Cafe Addon for Elementor
Restaurant & Cafe Addon for Elementor
Researcher
CVE-ID
CVE-2024-10798
CVE-2024-10798
Patch Status
Patched
Patched
Published
Nov 27, 2024
Nov 27, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-53784
CVE-2024-53784
Patch Status
Unpatched
Unpatched
Published
Nov 28, 2024
Nov 28, 2024
Affected Software
Smart Marketing SMS and Newsletters Forms
Smart Marketing SMS and Newsletters Forms
Researcher
CVE-ID
CVE-2024-10521
CVE-2024-10521
Patch Status
Patched
Patched
Published
Nov 26, 2024
Nov 26, 2024
Affected Software
WordPress Contact Forms by Cimatti
WordPress Contact Forms by Cimatti
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 25, 2024 to December 1, 2024) appeared first on Wordfence.
