Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
Pending report limits are increased for all
It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 161 vulnerabilities disclosed in 147 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
127

Unpatched
34

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
141

High Severity
15

Critical Severity
5

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
121

Missing Authorization
9

Deserialization of Untrusted Data
5

Cross-Site Request Forgery (CSRF)
4

Unrestricted Upload of File with Dangerous Type
4

URL Redirection to Untrusted Site (‘Open Redirect’)
4

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
3

Authentication Bypass Using an Alternate Path or Channel
2

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
2

Improper Control of Generation of Code (‘Code Injection’)
2

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
2

Improper Neutralization of Alternate XSS Syntax
1

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
1

Improper Privilege Management
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

22

21

12

8

6

6

5

5

4

4

4

4

4

3

3

3

3

3

Leo

3

3

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

123.chat – Video Chat

123-chat-videochat

Advanced Woo Labels – Product Labels for WooCommerce

advanced-woo-labels

Affiliate Program Suite — SliceWP Affiliates

slicewp

Aggregator Advanced Settings

aggregator-advanced-settings

Author Avatars List/Block

author-avatars

Auto Amazon Links – Amazon Associates Affiliate Plugin

amazon-auto-links

Auto Featured Image from Title

auto-featured-image-from-title

Automatically Hierarchic Categories in Menu

automatically-hierarchic-categories-in-menu

AVIF Uploader

avif-support

BA Book Everything

ba-book-everything

BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript

searchpro

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress

file-manager

BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed

blockspare

Bold Page Builder

bold-page-builder

Broken Link Checker

broken-link-checker

BSK Forms Blacklist

bsk-gravityforms-blacklist

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

Clio Grow Form

clio-grow-form

Code Embed

simple-embed-code

Confetti Fall Animation

confetti-fall-animation

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

fluentform

Copyscape Premium

copyscape-premium

Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library

cozy-addons

Custom Banners

custom-banners

Demo Importer Plus

demo-importer-plus

DethemeKit For Elementor

dethemekit-for-elementor

Display Medium Posts

display-medium-posts

DK PDF

dk-pdf

Easy Demo Importer – A Modern One-Click Demo Import Solution

easy-demo-importer

Easy Load More

easy-load-more

Easy WordPress Subscribe – Optin Hound

opt-in-hound

Echo RSS Feed Post Generator

rss-feed-post-generator-echo

Elastik Page Builder

elastik-page-builder

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

bdthemes-element-pack-lite

ElementInvader Addons for Elementor

elementinvader-addons-for-elementor

Elementor Addon Elements

addon-elements-for-elementor-page-builder

ElementsReady Addons for Elementor

element-ready-lite

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

email-subscribers

Enter Addons – Ultimate Template Builder for Elementor

enteraddons

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

essential-blocks

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

FAQ / Accordion / Docs / KB – Helpie WordPress FAQ Accordion plugin

helpie-faq

Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate

fish-and-ships

Form plugin for WordPress – Zoho Forms

zoho-forms

Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials

stars-testimonials-with-slider-and-masonry-grid

Gallery Lightbox

gallery-lightbox-slider

Geo Mashup

geo-mashup

Gravity Forms Toolbar

gravity-forms-toolbar

Guten Post Layout – An Advanced Post Grid Collection

guten-post-layout

Happy Addons for Elementor

happy-elementor-addons

Hash Form – Drag & Drop Form Builder

hash-form

Hello World

hello-world

Ibtana – WordPress Website Builder

ibtana-visual-editor

Iconize

iconize

Include Fussball.de Widgets

include-fussball-de-widgets

Jeg Elementor Kit

jeg-elementor-kit

JobSearch WP Job Board

wp-jobsearch

KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin

kb-support

Keap Official Opt-in Forms

infusionsoft-official-opt-in-forms

LA-Studio Element Kit for Elementor

lastudio-element-kit

LH Copy Media File

lh-copy-media-file

LiteSpeed Cache

litespeed-cache

LocateAndFilter

locateandfilter

Loggedin – Limit Active Logins

loggedin

Login Logout Shortcode

login-logout-shortcode

Logo Carousel – Clients logo carousel for WP

responsive-client-logo-carousel-slider

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

magazine-blocks

MaxSlider

maxslider

MC4WP: Mailchimp Top Bar

mailchimp-top-bar

Memberful – Membership Plugin

memberful-wp

Move Addons for Elementor

move-addons

NEX-Forms – Ultimate Form Builder – Contact forms and much more

nex-forms-express-wp-form-builder

Online Booking & Scheduling Calendar for WordPress by vcita

meeting-scheduler-by-vcita

Page-list

page-list

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Payflex Payment Gateway

payflex-payment-gateway

PDF Image Generator

pdf-image-generator

Popularis Extra

popularis-extra

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

buddyforms

Premium Blocks – Gutenberg Blocks for WordPress

premium-blocks-for-gutenberg

Product Delivery Date for WooCommerce – Lite

product-delivery-date-for-woocommerce-lite

PWA — easy way to Progressive Web App

iworks-pwa

QS Dark Mode Plugin

qs-dark-mode

Quantity Dynamic Pricing & Bulk Discounts for WooCommerce

wholesale-pricing-woocommerce

Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress

quillforms

R Animated Icon Plugin

r-animated-icon

RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more

rabbit-loader

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Re:WP

rewp

Relogo

relogo

Robokassa payment gateway for Woocommerce

robokassa

RomethemeKit For Elementor

rometheme-for-elementor

RumbleTalk Live Group Chat – HTML5

rumbletalk-chat-a-chat-with-themes

Search Analytics for WP

search-analytics

Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization

metasync

SEOPress – On-site SEO

wp-seopress

ShiftController Employee Shift Scheduling

shiftcontroller

Shortcodes and extra features for Phlox theme

auxin-elements

Simple Membership After Login Redirection

simple-membership-after-login-redirection

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

depicter

Slider Revolution

revslider

Slideshow Gallery LITE

slideshow-gallery

Smart Custom 404 Error Page

404page

Social Auto Poster

social-auto-poster

Social Web Suite – Social Media Auto Post, Social Media Auto Publish

social-web-suite

Soumettre.fr

soumettre-fr

Spice Starter Sites

spice-starter-sites

Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More

woocommerce-exporter

Strong Testimonials

strong-testimonials

SVG Complete

svg-complete

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

the-pack-addon

The Ultimate WordPress Toolkit – WP Extended

wpextended

Themify Builder

themify-builder

TinyPNG – JPEG, PNG & WebP image compression

tiny-compress-images

TNC PDF viewer

pdf-viewer-by-themencode

Top Bar – PopUps – by WPOptin

wpoptin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

ultimate-store-kit

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

unlimited-elements-for-elementor

VdoCipher: Secure Video Player and Hosting

vdocipher

Visual CSS Style Editor

yellow-pencil-visual-theme-customizer

Web Directory Free

web-directory-free

Wechat Social login 微信QQ钉钉登录插件

wechat-social-login

WordPress & WooCommerce Affiliate Program

wp-wc-affiliate-program

WordPress Captcha Plugin by Captcha Bank

captcha-bank

WordPress Infinite Scroll – Ajax Load More

ajax-load-more

WP Blocks Hub

wp-blocks-hub

WP Booking Calendar

booking

WP Bulk Delete

wp-bulk-delete

WP Cleanup and Basic Functions

wp-cleanup-and-basic-functions

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

WP Easy Gallery – WordPress Gallery Plugin

wp-easy-gallery

WP Hotel Booking

wp-hotel-booking

WP MyLinks

wp-mylinks

WP Travel Gutenberg Blocks

wp-travel-blocks

WP-Lister Lite for eBay

wp-lister-for-ebay

WP-WebAuthn

wp-webauthn

WPCOM Member

wpcom-member

WPMobile.App — Android and iOS Mobile Application

wpappninja

XLTab – Accordions and Tabs for Elementor Page Builder

xl-tab

XO Slider

xo-liteslider

YITH WooCommerce Ajax Search

yith-woocommerce-ajax-search

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

YML for Yandex Market

yml-for-yandex-market

Zotpress

zotpress

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Create

create

Empowerment

empowerment

Full Frame

full-frame

UltraPress

ultrapress

Unseen Blog

unseen-blog

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9265
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Echo RSS Feed Post Generator
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-47636
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
JobSearch WP Job Board
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9106
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9108
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9289
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7433
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Empowerment
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-47351
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
MaxSlider
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7434
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
UltraPress
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7432
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Unseen Blog
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9018
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7855
Patch Status
Patched
Published
Oct 1, 2024
Affected Software
WP Hotel Booking
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-47645
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-47350
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
YITH WooCommerce Ajax Search
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-7869
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
123.chat – Video Chat
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47649
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Iconize
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47374
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
LiteSpeed Cache
Researcher
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-8981
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Broken Link Checker
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-9224
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Hello World
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47622
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9368
Patch Status
Unpatched
Published
Oct 3, 2024
Affected Software
Aggregator Advanced Settings
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47370
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Author Avatars List/Block
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47365
Patch Status
Patched
Published
Sep 30, 2024
Researcher(s): Unknown
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9060
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
AVIF Uploader
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47391
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Bold Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8804
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
Code Embed
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47641
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Confetti Fall Animation
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47356
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Create
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9172
Patch Status
Patched
Published
Oct 1, 2024
Affected Software
Demo Importer Plus
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47632
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9445
Patch Status
Unpatched
Published
Oct 3, 2024
Affected Software
Display Medium Posts
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9274
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Elastik Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47630
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47366
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47625
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44010
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Full Frame
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47623
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Gallery Lightbox
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8990
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Geo Mashup
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47357
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47643
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Include Fussball.de Widgets
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47390
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47642
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Keap Official Opt-in Forms
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47628
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47373
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
LiteSpeed Cache
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9304
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
LocateAndFilter
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9421
Patch Status
Unpatched
Published
Oct 3, 2024
Affected Software
Login Logout Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47631
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9242
Patch Status
Patched
Published
Oct 3, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47364
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47382
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Page-list
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9118
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
QS Dark Mode Plugin
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9272
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
R Animated Icon Plugin
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9271
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
Re:WP
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9269
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Relogo
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47626
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
RomethemeKit For Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8720
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8107
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Slider Revolution
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9119
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
SVG Complete
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47639
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9372
Patch Status
Unpatched
Published
Oct 3, 2024
Affected Software
WP Blocks Hub
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9455
Patch Status
Unpatched
Published
Oct 4, 2024
Affected Software
WP Cleanup and Basic Functions
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47627
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47650
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
WP-WebAuthn
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8324
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
XO Slider
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47633
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47621
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Zotpress
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9349
Patch Status
Patched
Published
Oct 3, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8786
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Auto Featured Image from Title
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47360
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
BA Book Everything
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47624
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
BSK Forms Blacklist
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8802
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
Clio Grow Form
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47644
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Copyscape Premium
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8799
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Custom Banners
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8727
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
DK PDF
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8728
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Easy Load More
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9267
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47353
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47648
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9237
Patch Status
Patched
Published
Oct 3, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8718
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Gravity Forms Toolbar
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9417
Patch Status
Patched
Published
Oct 4, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47394
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
JobSearch WP Job Board
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9220
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
LH Copy Media File
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9228
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9210
Patch Status
Patched
Published
Oct 1, 2024
Affected Software
MC4WP: Mailchimp Top Bar
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47389
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47638
Patch Status
Unpatched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47646
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Payflex Payment Gateway
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9241
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
PDF Image Generator
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9353
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
Popularis Extra
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9345
Patch Status
Patched
Published
Oct 3, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9384
Patch Status
Patched
Published
Oct 3, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47395
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9225
Patch Status
Patched
Published
Oct 1, 2024
Affected Software
SEOPress – On-site SEO
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9435
Patch Status
Patched
Published
Oct 3, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47354
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47388
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9204
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
Smart Custom 404 Error Page
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47369
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Social Auto Poster
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47386
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9385
Patch Status
Patched
Published
Oct 4, 2024
Affected Software
Themify Builder
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47379
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Web Directory Free
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9375
Patch Status
Unpatched
Published
Oct 3, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47352
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
WP Bulk Delete
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47384
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9209
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Search Analytics for WP
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47380
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
WP-Lister Lite for eBay
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47378
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
WPCOM Member
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47349
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47348
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Visual CSS Style Editor
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47367
Patch Status
Patched
Published
Sep 30, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9378
Patch Status
Patched
Published
Oct 1, 2024
Affected Software
YML for Yandex Market
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47358
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-8430
Patch Status
Unpatched
Published
Sep 30, 2024
Affected Software
Spice Starter Sites
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47376
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Slideshow Gallery LITE
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47372
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
TNC PDF viewer
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-9306
Patch Status
Patched
Published
Oct 3, 2024
Affected Software
WP Booking Calendar
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47371
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
WP MyLinks
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47634
Patch Status
Patched
Published
Sep 30, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47361
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Elementor Addon Elements
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47637
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
LiteSpeed Cache
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8675
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Soumettre.fr
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47362
Patch Status
Patched
Published
Sep 30, 2024
Affected Software
Strong Testimonials
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47635
Patch Status
Patched
Published
Sep 30, 2024
Researcher(s): Unknown

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024) appeared first on Wordfence.

Leave a Comment