WP XSS SEP 2024 - WP Cross-Site Scripting
Managed WP/Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS SEP 2024 is a -11% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the WP XSS SEP 2024 & WP Cross-Site Scripting category:
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
Admission AppManager | Cross-Site Scripting (XSS) |
Ajax Search Lite | Cross-Site Scripting (XSS) |
All Bootstrap Blocks | Cross-Site Scripting (XSS) |
Allegiant Theme | Cross-Site Scripting (XSS) |
ARMember | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
azurecurve Toggle Show/Hide | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) via type Parameter |
Betheme Theme | Cross-Site Scripting (XSS) via Shortcode |
BetterDocs | Cross-Site Scripting (XSS) |
Black Widgets For Elementor | Cross-Site Scripting (XSS) |
Blockspare | Cross-Site Scripting (XSS) |
Blog2Social | Cross-Site Scripting (XSS) via File Upload (BAC) |
Bold Timeline Lite | Cross-Site Scripting (XSS) |
Booking Calendar | Cross-Site Scripting (XSS) |
BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Bravada Theme | Cross-Site Scripting (XSS) |
Breakdance | Cross-Site Scripting (XSS) |
Brickscore | Cross-Site Scripting (XSS) |
BSK Forms Blacklist | Cross-Site Scripting (XSS) |
Busiprof Theme | Cross-Site Scripting (XSS) |
Bus Ticket Booking with Seat Reservation | Cross-Site Scripting (XSS) |
Button contact VR | Cross-Site Scripting (XSS) |
Card Elements for Elementor | Cross-Site Scripting (XSS) |
Category Posts Widget | Cross-Site Scripting (XSS) |
Child Theme Creator | Cross-Site Scripting (XSS) |
Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Classic Addons – WPBakery Page Builder | Cross-Site Scripting (XSS) |
Clever Addons for Elementor | Cross-Site Scripting (XSS) |
CM Tooltip Glossary | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) |
Collapsing Archives | Cross-Site Scripting (XSS) |
collectchat | Cross-Site Scripting (XSS) |
ComboBlocks | Cross-Site Scripting (XSS) via redirectURL Parameter of Date Countdown Widget |
ComboBlocks | Cross-Site Scripting (XSS) |
ComboBlocks | Cross-Site Scripting (XSS) via Accordion Block |
Community Events | Cross-Site Scripting (XSS) |
Cooked | Persistent Cross-Site Scripting (XSS) via Shortcode |
Cookie Notice & Compliance for GDPR / CCPA | Cross-Site Scripting (XSS) |
Cryptocurrency Widgets – Price Ticker & Coins List | Cross-Site Scripting (XSS) |
Custom 404 Pro | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Layouts – Post + Product grids made easy | Cross-Site Scripting (XSS) |
Custom Permalinks | Cross-Site Scripting (XSS) |
Custom Query Blocks | Cross-Site Scripting (XSS) |
DearFlip | Cross-Site Scripting (XSS) |
Delicious Recipes – WordPress Recipe Plugin | Cross-Site Scripting (XSS) |
Depicter Slider | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DL Robots.txt | Cross-Site Scripting (XSS) |
DSGVO All in one for WP | Cross-Site Scripting (XSS) |
e2pdf | Cross-Site Scripting (XSS) |
Easy Digital Downloads | Cross-Site Scripting (XSS) via Agreement Text |
EasyJobs | Cross-Site Scripting (XSS) |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Custom Gallery and Countdown Widgets |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via title_tag |
Element Pack Pro | Cross-Site Scripting (XSS) via Wrapper Link URL |
ElementsKit Pro | Cross-Site Scripting (XSS) |
EmbedPress | Cross-Site Scripting (XSS) |
Enfold Theme | Cross-Site Scripting (XSS) via wrapper_class and class Parameters |
Enter Addons | Cross-Site Scripting (XSS) |
Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
Esotera Theme | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) via no_more_items_text Parameter |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
Eventin | Cross-Site Scripting (XSS) |
Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
Extensions for Elementor | Cross-Site Scripting (XSS) |
Filmix Theme | Cross-Site Scripting (XSS) |
Filr – Secure document library | Cross-Site Scripting (XSS) |
Filter & Grids | Cross-Site Scripting (XSS) |
Fluida Theme | Cross-Site Scripting (XSS) |
Folders | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
FooBox Image Lightbox | DOM-Based Cross-Site Scripting (XSS) via HTML Data Attributes |
Football Pool | Cross-Site Scripting (XSS) |
Football Pool | Cross-Site Scripting (XSS) |
FormFacade | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Front End Users | Cross-Site Scripting (XSS) via Shortcode |
Funnel Kit Funnel Builder PRO | Cross-Site Scripting (XSS) via allow_iframe_tag_in_post |
Fuse Social Floating Sidebar | Cross-Site Scripting (XSS) via File Upload (BAC) |
GHActivity | Cross-Site Scripting (XSS) |
GivingPress Lite Theme | Cross-Site Scripting (XSS) |
Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Graphina | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via "Days Label" |
Gutentor | Cross-Site Scripting (XSS) via pTitleTag |
Gutentor | Cross-Site Scripting (XSS) |
Gutenverse | Cross-Site Scripting (XSS) |
Happyforms | Cross-Site Scripting (XSS) |
Hotel Galaxy Theme | Cross-Site Scripting (XSS) |
House Manager | Cross-Site Scripting (XSS) |
Houzez Theme | Cross-Site Scripting (XSS) |
HubSpot | Cross-Site Scripting (XSS) via HubSpot Meeting Widget |
Icegram | Cross-Site Scripting (XSS) |
IntoTheDark Theme | Cross-Site Scripting (XSS) |
Invite Anyone | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) via SVG File |
JetBlocks For Elementor | Cross-Site Scripting (XSS) |
JetElements For Elementor | Cross-Site Scripting (XSS) |
JetSearch | Cross-Site Scripting (XSS) |
Kahuna Theme | Cross-Site Scripting (XSS) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Kubio AI Page Builder | Cross-Site Scripting (XSS) |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
LatePoint | Cross-Site Scripting (XSS) |
LH Add Media From Url | Cross-Site Scripting (XSS) |
Like Button Rating | Cross-Site Scripting (XSS) |
Liquido Theme | Cross-Site Scripting (XSS) |
LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
Livemesh Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) |
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Magic Post Thumbnail | Cross-Site Scripting (XSS) |
Magic Post Thumbnail | Cross-Site Scripting (XSS) |
Mantra Theme | Cross-Site Scripting (XSS) |
MDx Theme | Cross-Site Scripting (XSS) via mdx_list_item Shortcode |
Mediavine Control Panel | Cross-Site Scripting (XSS) |
Mega Addons For Elementor | Cross-Site Scripting (XSS) |
Memberpress | Cross-Site Scripting (XSS) via mepr_screenname and mepr_key Parameters |
Message Filter for Contact Form 7 | Cross-Site Scripting (XSS) |
Meta Field Block | Cross-Site Scripting (XSS) |
Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Modal Window | Cross-Site Scripting (XSS) |
Music Request Manager | Cross-Site Scripting (XSS) |
Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
myCred | Cross-Site Scripting (XSS) |
My Sticky Bar | Cross-Site Scripting (XSS) |
Mystique Theme | Cross-Site Scripting (XSS) |
Name Directory | Cross-Site Scripting (XSS) |
Newsletters | Cross-Site Scripting (XSS) |
Ninja Forms | Cross-Site Scripting (XSS) |
Ninja Tables | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Nirvana Theme | Cross-Site Scripting (XSS) |
Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
Opor Ayam Theme | Cross-Site Scripting (XSS) |
Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Organization chart | Cross-Site Scripting (XSS) via title_input and node_description Parameters |
OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
PageLayer | Cross-Site Scripting (XSS) |
Parabola Theme | Cross-Site Scripting (XSS) |
ParcelPanel | Cross-Site Scripting (XSS) |
Phlox Portfolio | Cross-Site Scripting (XSS) |
Phlox PRO Theme | Cross-Site Scripting (XSS) via Search Parameters |
Photo Engine | Cross-Site Scripting (XSS) |
Pinpoint Booking System | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Podlove Podcast Publisher | Cross-Site Scripting (XSS) |
Popup Maker | Cross-Site Scripting (XSS) |
Posterity Theme | Cross-Site Scripting (XSS) |
Post Grid Master | Cross-Site Scripting (XSS) |
PowerPack for Beaver Builder | Cross-Site Scripting (XSS) |
Products, Order & Customers Export for WooCommerce | Cross-Site Scripting (XSS) |
Purity Of Soul Theme | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
RegistrationMagic | Cross-Site Scripting (XSS) |
RegistrationMagic | Cross-Site Scripting (XSS) |
Responsive Blocks | Cross-Site Scripting (XSS) |
Responsive Lightbox | Cross-Site Scripting (XSS) via File Upload (BAC) |
Responsive Video | Cross-Site Scripting (XSS) |
Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
RT Easy Builder – Advanced addons for Elementor | Cross-Site Scripting (XSS) |
Search Filter Pro | Cross-Site Scripting (XSS) |
Selection Lite | Cross-Site Scripting (XSS) |
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Scripting (XSS) |
Sheet to Table Live Sync for Google Sheet | Cross-Site Scripting (XSS) via STWT_Sheet_Table Shortcode |
Shield Security | Cross-Site Scripting (XSS) |
Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) |
Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Simple Share | Cross-Site Scripting (XSS) |
SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
Slider by Soliloquy | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Sliding Door Theme | Cross-Site Scripting (XSS) |
SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Spectra | Cross-Site Scripting (XSS) |
Spectra Pro | Cross-Site Scripting (XSS) via Block IDs |
StreamCast | Cross-Site Scripting (XSS) |
String locator | Cross-Site Scripting (XSS) |
Stripe Payments | Cross-Site Scripting (XSS) via accept_stripe_payment_ng Shortcode |
Structured Content | Cross-Site Scripting (XSS) |
Sunshine Photo Cart | Cross-Site Scripting (XSS) |
Super Store Finder | Cross-Site Scripting (XSS) |
SureCart | Cross-Site Scripting (XSS) |
Swift Framework Page Builder | Cross-Site Scripting (XSS) |
Taxi Booking Manager for WooCommerce | Cross-Site Scripting (XSS) |
Team Showcase | Cross-Site Scripting (XSS) |
Tempera Theme | Cross-Site Scripting (XSS) |
Term And Category Based Posts Widget | Cross-Site Scripting (XSS) |
Testimonials | Cross-Site Scripting (XSS) |
Themify Shortcodes | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Video Widget |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
Tin Canny Reporting for LearnDash | Cross-Site Scripting (XSS) |
Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
Tutor LMS | Cross-Site Scripting (XSS) |
Ultimate Addons for Beaver Builder – Lite | Cross-Site Scripting (XSS) |
Ultimate Classified Listings | Cross-Site Scripting (XSS) |
Ultimate Membership Pro | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Viral Signup | Cross-Site Scripting (XSS) |
Visual Composer Starter Theme | Cross-Site Scripting (XSS) |
Void Contact Form 7 Widget For Elementor Page Builder | Cross-Site Scripting (XSS) |
WappPress | Cross-Site Scripting (XSS) |
WC Marketplace | Cross-Site Scripting (XSS) |
Web and WooCommerce Addons for WPBakery Builder | Cross-Site Scripting (XSS) |
weMail | Cross-Site Scripting (XSS) |
White Label CMS | Cross-Site Scripting (XSS) |
WHMpress | Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
WordPress File Upload | Cross-Site Scripting (XSS) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
WordSurvey | Cross-Site Scripting (XSS) via sounding_title Parameter |
WP Armour Extended | Cross-Site Scripting (XSS) |
WPBakery Page Builder | Cross-Site Scripting (XSS) |
WP Bannerize Pro | Cross-Site Scripting (XSS) |
WP Dashboard Notes | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
WP eStore | Cross-Site Scripting (XSS) in Customer Search |
WP Fast Total Search | Cross-Site Scripting (XSS) |
WP Last Modified Info | Cross-Site Scripting (XSS) via lmt-post-modified-info Shortcode |
WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
WPMobile.App | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) via Shortcode |
WP-PostRatings | Cross-Site Scripting (XSS) |
WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
WP Telegram Widget and Join Link | Cross-Site Scripting (XSS) |
WP Testimonial Widget | Cross-Site Scripting (XSS) |
WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) via Post Grid Widget |
YaMaps for WordPress | Cross-Site Scripting (XSS) |
YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
Zephyr Project Manager | Cross-Site Scripting (XSS) via filename Parameter |
Zephyr Project Manager | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 2180 |
MANAGED WP/Woo SECURITY: WP XSS SEP 2024 – WP Cross-Site Scripting
Table of Contents
- WP XSS SEP 2024 - WP Cross-Site Scripting
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Cross-Site Scripting Patch Management.
- Let's help with these .... BAD news
- Get NEXT vulnerability alert:
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo SECURITY: WP XSS SEP 2024 – WP Cross-Site Scripting
- WP XSS OCT 2024: 250 Effortless WP Cross-Site Scripting
- WP XSS AUG 2024: 283 Effortless WP Cross-Site Scripting
- WP XSS JUL 2024: 304 Effortless WP Cross-Site Scripting
- WP XSS JUN 2024: 288 Effortless WP Cross-Site Scripting