WP XSS OCT 2024 - WP Cross-Site Scripting
Managed WP/Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS OCT 2024 is similarly HIGH compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the WP XSS OCT 2024 & WP Cross-Site Scripting category:
012 PS Multi Languages | Cross-Site Scripting (XSS) |
Absolute Reviews | DOM-Based Cross-Site Scripting (XSS) from Criteria Name |
Accordion | Cross-Site Scripting (XSS) |
Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin | Cross-Site Scripting (XSS) |
Accordion Image Menu | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Advanced Sermons | Cross-Site Scripting (XSS) |
Advanced Woo Labels | Cross-Site Scripting (XSS) |
Advanced WordPress Backgrounds | Cross-Site Scripting (XSS) from imageTag Parameter |
amCharts: Charts and Maps | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
AnWP Football Leagues | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
ARI Fancy Lightbox | Cross-Site Scripting (XSS) |
Attributes for Blocks | Cross-Site Scripting (XSS) from attributesForBlocks Parameter |
Author Avatars List/Block | Cross-Site Scripting (XSS) |
Automatically Hierarchic Categories in Menu | Cross-Site Scripting (XSS) |
AZIndex | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
BA Book Everything | Cross-Site Scripting (XSS) |
Beam me up Scotty – Back to Top Button | Cross-Site Scripting (XSS) |
Beauty Theme | Cross-Site Scripting (XSS) from tpl_featured_cat_id Parameter |
Betheme Theme | Cross-Site Scripting (XSS) from SVG File |
Bit Form – Contact Form Plugin | Cross-Site Scripting (XSS) |
Blockspare | Cross-Site Scripting (XSS) |
Blogvi Theme | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bricks Builder Theme | Cross-Site Scripting (XSS) |
BSK Forms Blacklist | Cross-Site Scripting (XSS) |
BuddyForms | Cross-Site Scripting (XSS) |
Bulk NoIndex & NoFollow Toolkit | Cross-Site Scripting (XSS) |
Cab fare calculator | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Catch Base Theme | Cross-Site Scripting (XSS) |
Charity Addon for Elementor | Cross-Site Scripting (XSS) |
Chartify | Cross-Site Scripting (XSS) |
Chatbot Support AI | Cross-Site Scripting (XSS) |
CM Pop-Up banners | Cross-Site Scripting (XSS) |
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Cross-Site Scripting (XSS) |
Common Tools for Site | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Community by PeepSo | Cross-Site Scripting (XSS) from content Parameter |
Confetti Fall Animation | Cross-Site Scripting (XSS) |
Contact Form 7 Math Captcha | Cross-Site Scripting (XSS) |
Contact Form to Any API | Unauthenticated Cross-Site Scripting (XSS) from Contact Form |
Content Blocks (Custom Post Widget) | Cross-Site Scripting (XSS) |
Copyscape Premium | CSRF to Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
CP Polls | Cross-Site Scripting (XSS) |
Create Theme | Cross-Site Scripting (XSS) |
Cron Jobs | Cross-Site Scripting (XSS) |
CubeWP Forms – All-in-One Form Builder | Cross-Site Scripting (XSS) |
Delicate Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Depicter Slider | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
Dynamic Featured Image | Cross-Site Scripting (XSS) from dfiFeatured Parameter |
ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
Elementor Addon Elements | Cross-Site Scripting (XSS) |
Elementor Website Builder | Cross-Site Scripting (XSS) in the URL Parameter in Multiple Widgets |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) from Video Widget |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
Email Obfuscate Shortcode | Cross-Site Scripting (XSS) |
Enter Addons | Cross-Site Scripting (XSS) |
Envira Photo Gallery | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) from Fancy Text Widget |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
EventON | Cross-Site Scripting (XSS) |
Exit Notifier | Cross-Site Scripting (XSS) |
Flaming Forms | Cross-Site Scripting (XSS) |
Flaming Forms | Unauthenticated Cross-Site Scripting (XSS) |
Flipping Cards | Cross-Site Scripting (XSS) |
Floating Contact Button | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Full frame Theme | Cross-Site Scripting (XSS) |
Fusion Builder | Cross-Site Scripting (XSS) from fusion_button Shortcode |
Gallery Lightbox | Cross-Site Scripting (XSS) |
Garden Gnome Package | Cross-Site Scripting (XSS) |
Geo Mashup | Cross-Site Scripting (XSS) |
GEO my WordPress | Cross-Site Scripting (XSS) |
GF Custom Style | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
Google Calendar Events | Cross-Site Scripting (XSS) |
Graphicsly | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Greenshift – animation and page builder blocks | Cross-Site Scripting (XSS) |
GS Logo Slider | Cross-Site Scripting (XSS) |
GTM Server Side | Cross-Site Scripting (XSS) |
GTM Server Side | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Gutenberg Blocks – Un blocks For Gutenberg | Cross-Site Scripting (XSS) |
GutenGeek Free Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
IMPress for IDX Broker | Cross-Site Scripting (XSS) |
Include Fussballde Widgets | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
JobSearch | Cross-Site Scripting (XSS) |
Keap Official Opt-in Forms | Cross-Site Scripting (XSS) |
king_IE | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Koko Analytics | Cross-Site Scripting (XSS) |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) from piechart_settings Parameter |
Logo Carousel – Clients logo carousel for WP | Cross-Site Scripting (XSS) |
Logo Manager For Enamad | Cross-Site Scripting (XSS) from Widget |
Loops & Logic | Cross-Site Scripting (XSS) |
Lucas String Replace | Cross-Site Scripting (XSS) |
MailOptin | Cross-Site Scripting (XSS) |
Mapplic Lite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Master Addons for Elementor | Cross-Site Scripting (XSS) from data-jltma-wrapper-link Element |
Material Design Icons | Cross-Site Scripting (XSS) from mdi-icon Shortcode |
MC4WP | Cross-Site Scripting (XSS) |
MC4WP | Cross-Site Scripting (XSS) |
Medical Addon for Elementor | Cross-Site Scripting (XSS) |
Mega Elements | Cross-Site Scripting (XSS) |
Meta slider and carousel with lightbox | Cross-Site Scripting (XSS) |
MM-Breaking News | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
MM-Breaking News | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
Multipurpose Ticket Booking Manager | Cross-Site Scripting (XSS) |
My Sticky Bar | Cross-Site Scripting (XSS) |
Neighborly Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Newsletters | Cross-Site Scripting (XSS) |
NEX-Forms – Ultimate Form Builder | Cross-Site Scripting (XSS) |
NiceJob | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
NiceJob | Cross-Site Scripting (XSS) |
Ninja Forms File Upload Extension | Unauthenticated Cross-Site Scripting (XSS) from File Upload (BAC) |
Ninja Forms | Cross-Site Scripting (XSS) |
Ninja Forms | Self-Based Cross-Site Scripting (XSS) from Referer |
NinjaTeam Header Footer Custom Code | Cross-Site Scripting (XSS) |
nm-visitors | Unauthenticated Cross-Site Scripting (XSS) from HTTP Header |
Nova Blocks by Pixelgrade | Cross-Site Scripting (XSS) from align Attribute |
OneElements – Best Elementor Addons | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
OSM – OpenStreetMap | Cross-Site Scripting (XSS) from osm_map and osm_map_v Shortcodes |
Page-list | Cross-Site Scripting (XSS) |
PDF Thumbnail Generator | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Pixel Cat | Cross-Site Scripting (XSS) |
Pocket Widget | Cross-Site Scripting (XSS) |
Popup Maker | Cross-Site Scripting (XSS) |
Post Grid and Gutenberg Blocks | Cross-Site Scripting (XSS) |
Preloader Plus - WordPress Loading Screen Plugin | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) from Media Grid Widget |
Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
Primary Addon for Elementor | Cross-Site Scripting (XSS) |
Product Slider for WooCommerce | Cross-Site Scripting (XSS) |
ProfileGrid | Cross-Site Scripting (XSS) |
Quick Code | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Quill Forms | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Radio Player | Cross-Site Scripting (XSS) from align Attribute |
RD Station | Cross-Site Scripting (XSS) |
Restaurant & Cafe Addon for Elementor | Cross-Site Scripting (XSS) |
Review & testimonial widgets | Cross-Site Scripting (XSS) |
Robokassa payment gateway for Woocommerce | Cross-Site Scripting (XSS) |
Roles & Capabilities | Cross-Site Scripting (XSS) |
RomethemeKit For Elementor | Cross-Site Scripting (XSS) |
Roseta Theme | Cross-Site Scripting (XSS) |
Search Atlas SEO | Cross-Site Scripting (XSS) |
Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
Septera Theme | Cross-Site Scripting (XSS) |
Seriously Simple Stats | Cross-Site Scripting (XSS) |
Share This Image | Cross-Site Scripting (XSS) from alignment Parameter |
Share This Image | Cross-Site Scripting (XSS) from STI Buttons Shortcode |
Share This Image | Cross-Site Scripting (XSS) |
ShiftController Employee Shift Scheduling | Cross-Site Scripting (XSS) |
ShopLentor | DOM-Based Cross-Site Scripting (XSS) |
Sign-up Sheets | Cross-Site Scripting (XSS) |
Simple LDAP Login | Cross-Site Scripting (XSS) |
Simple LDAP Login | Cross-Site Scripting (XSS) |
SKT Templates – Elementor & Gutenberg templates | Cross-Site Scripting (XSS) |
Sky Addons for Elementor | Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) |
Slider comparison image before and after | Cross-Site Scripting (XSS) |
Slideshow Gallery | Cross-Site Scripting (XSS) |
Social Auto Poster | Cross-Site Scripting (XSS) |
Spice Starter Sites | Cross-Site Scripting (XSS) |
Spiffy Calendar | Cross-Site Scripting (XSS) |
Spiffy Calendar | Cross-Site Scripting (XSS) |
Starbox | Cross-Site Scripting (XSS) |
Starbox | Cross-Site Scripting (XSS) |
Starter Templates | Cross-Site Scripting (XSS) |
Store Hours for WooCommerce | Cross-Site Scripting (XSS) |
Super Testimonials | Cross-Site Scripting (XSS) from alignment Parameter |
tagDiv Composer | Cross-Site Scripting (XSS) from envato_code[] |
Team Showcase | Cross-Site Scripting (XSS) |
Terms descriptions | Cross-Site Scripting (XSS) |
Thanh Toán Quét Mã QR Code Tự Động | Unauthenticated Cross-Site Scripting (XSS) |
The Events Calendar | Unauthenticated Cross-Site Scripting (XSS) |
Themedy Toolbox | Cross-Site Scripting (XSS) from Multiple Shortcodes |
Themesflat Addons For Elementor | Multiple Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Scripting (XSS) |
The Post Grid | Cross-Site Scripting (XSS) via Grid Creation |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) from page |
TNC PDF viewer | Cross-Site Scripting (XSS) |
Triton Lite Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Tweaker5 Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Un Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
VdoCipher | Cross-Site Scripting (XSS) |
Verbosa Theme | Cross-Site Scripting (XSS) |
viala Theme | Cross-Site Scripting (XSS) |
Waitlist Woocommerce ( Back in stock notifier ) | Cross-Site Scripting (XSS) |
WCFM Marketplace | Cross-Site Scripting (XSS) |
Web Directory Free | Cross-Site Scripting (XSS) |
WP Abstracts | Cross-Site Scripting (XSS) |
WP AdCenter | Cross-Site Scripting (XSS) from ad_alignment Attribute |
WP Booking System | Cross-Site Scripting (XSS) |
WP Bulk Delete | Cross-Site Scripting (XSS) |
WP Category Dropdown | Cross-Site Scripting (XSS) from align Parameter |
WPCOM Member | Cross-Site Scripting (XSS) |
WP Compress – Image Optimizer [All-In-One] | Cross-Site Scripting (XSS) |
WP Custom Fields Search | Cross-Site Scripting (XSS) from wpcfs-preset Shortcode |
WP Datepicker | Cross-Site Scripting (XSS) |
WP-DownloadManager | Cross-Site Scripting (XSS) |
WPFactory Helper | Cross-Site Scripting (XSS) |
WP GPX Map | Cross-Site Scripting (XSS) from sgpx Shortcode |
WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
WP Mail Catcher | Cross-Site Scripting (XSS) |
WP Meta SEO | Cross-Site Scripting (XSS) |
WPMobileApp | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) |
WP MyLinks | Cross-Site Scripting (XSS) |
WP Simple Booking Calendar | Cross-Site Scripting (XSS) |
WP Test Email | Cross-Site Scripting (XSS) |
WP Timeline – Vertical and Horizontal timeline plugin | Cross-Site Scripting (XSS) |
WP Travel | Cross-Site Scripting (XSS) |
WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
WP ULike | Cross-Site Scripting (XSS) |
WP-WebAuthn | Cross-Site Scripting (XSS) |
WPZOOM Portfolio | Cross-Site Scripting (XSS) from align Attribute |
WPZOOM Shortcodes | Cross-Site Scripting (XSS) from box Shortcode |
WS Form LITE | Cross-Site Scripting (XSS) |
XLTab – Accordions and Tabs for Elementor Page Builder | Cross-Site Scripting (XSS) |
XT Ajax Add To Cart for WooCommerce | Cross-Site Scripting (XSS) |
YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
YITH Custom Login | Cross-Site Scripting (XSS) |
YITH WooCommerce Product Add-Ons | Cross-Site Scripting (XSS) |
Zoho Forms | Cross-Site Scripting (XSS) |
Zotpress | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 2430 |
MANAGED WP/Woo SECURITY: WP XSS OCT 2024 – WP Cross-Site Scripting
Table of Contents
- WP XSS OCT 2024 - WP Cross-Site Scripting
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Cross-Site Scripting Patch Management.
- Get security LIVEPATCH
- Stay informed
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo SECURITY: WP XSS OCT 2024 – WP Cross-Site Scripting
- WP XSS DEC 2024: 569 Effortless WP Cross-Site Scripting
- WP XSS NOV 2024: 377 Effortless WP Cross-Site Scripting
- WP XSS SEP 2024: 251 Effortless WP Cross-Site Scripting
- WP XSS AUG 2024: 283 Effortless WP Cross-Site Scripting