WP XSS AUG 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS AUG 2024 is a -7% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS AUG 2024 & WP Cross-Site Scripting category:
Admin Dashboard RSS Feed | Cross-Site Scripting (XSS) |
AdPush | Cross-Site Scripting (XSS) |
Advanced post slider | Cross-Site Scripting (XSS) |
Affiliate Manager | Cross-Site Scripting (XSS) |
Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
AllinOne Video Gallery | Cross-Site Scripting (XSS) via Video Shortcode |
Amazing Hover Effects | Cross-Site Scripting (XSS) |
AMP for WP | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Animated AL List | Cross-Site Scripting (XSS) |
Animated Typed JS Shortcode | Cross-Site Scripting (XSS) |
Apollo13 Framework Extensions | Cross-Site Scripting (XSS) |
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | Cross-Site Scripting (XSS) |
ARForms Form Builder | Cross-Site Scripting (XSS) |
Arkhe Blocks | Cross-Site Scripting (XSS) |
ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
aThemes Starter Sites | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Basil Theme | Cross-Site Scripting (XSS) |
bbPress Notify | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Blog, Posts and Category Filter for Elementor | Cross-Site Scripting (XSS) via Post and Category Filter Widget |
Bold Page Builder | Cross-Site Scripting (XSS) via bt_bb_button Shortcode |
Booking Calendar | Cross-Site Scripting (XSS) via bookingform Shortcode |
Booking Ultra Pro | Cross-Site Scripting (XSS) |
Boot Store Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Bradmax Player | Cross-Site Scripting (XSS) |
BSK PDF Manager | Cross-Site Scripting (XSS) |
Bug Library | Cross-Site Scripting (XSS) |
Calendar.online / Kalender.digital | Cross-Site Scripting (XSS) |
Caxton – Create Pro page layouts in Gutenberg | Cross-Site Scripting (XSS) |
CC & BCC for Woocommerce Order Emails | Cross-Site Scripting (XSS) |
Change From Email | Cross-Site Scripting (XSS) |
ChatBot | Cross-Site Scripting (XSS) |
CM PopUp banners | Cross-Site Scripting (XSS) |
CodePen Embedded Pens Shortcode | Cross-Site Scripting (XSS) |
codoc | Cross-Site Scripting (XSS) |
Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
ConeBlog – WordPress Blog Widgets | Cross-Site Scripting (XSS) |
Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Contest Gallery | Cross-Site Scripting (XSS) |
CopySafe Web Protection | Cross-Site Scripting (XSS) |
CopySafe Web Protection | Cross-Site Scripting (XSS) |
Cost Calculator Builder | Cross-Site Scripting (XSS) |
counterpoint Theme | Cross-Site Scripting (XSS) |
CoziPress Theme | Cross-Site Scripting (XSS) |
Create by Mediavine | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DN Footer Contacts | Cross-Site Scripting (XSS) |
Donation Block For PayPal | Unauthenticated Cross-Site Scripting (XSS) |
Download Button for Elementor | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) via Shortcode |
Easy Custom Code (LESS/CSS/JS) – Live editing | Cross-Site Scripting (XSS) |
Easy Google Maps | Cross-Site Scripting (XSS) |
Easy Pixels | Unauthenticated Cross-Site Scripting (XSS) |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Easy Testimonials | Cross-Site Scripting (XSS) via Shortcode |
EazyDocs | Cross-Site Scripting (XSS) |
EazyDocs | Cross-Site Scripting (XSS) |
ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
Elementor Addons, Widgets and Enhancements – Stax | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | DOMBased Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Email Encoder Bundle | Cross-Site Scripting (XSS) |
Embed Peertube Playlist | Cross-Site Scripting (XSS) |
Eventin | Cross-Site Scripting (XSS) |
EventON | Cross-Site Scripting (XSS) via event subtitle |
EventON | Missing Authorisation (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC) |
Events Manager | Cross-Site Scripting (XSS) |
Extensions for Elementor | Cross-Site Scripting (XSS) via url Parameter |
Extensions for Elementor | Cross-Site Scripting (XSS) via EE Events and EE Flipbox Widget |
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Cross-Site Scripting (XSS) |
Feeds for YouTube | DOMBased Cross-Site Scripting (XSS) |
Floating Social Media Links | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
FormFlow | Cross-Site Scripting (XSS) |
Formidable Forms | Cross-Site Scripting (XSS) |
Form Maker by 1Web | Cross-Site Scripting (XSS) |
FULL Customer | Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter |
Funnel Builder for WordPress by FunnelKit | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Fusion | Cross-Site Scripting (XSS) |
Genesis Blocks | Cross-Site Scripting (XSS) via Sharing Block Attributes |
Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
Goftino | Cross-Site Scripting (XSS) |
Goya Theme | Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters |
GPT3 AI Content Writer | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Gutenberg | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | DOMBased Cross-Site Scripting (XSS) via HTML Data Attributes |
Gutenverse | Cross-Site Scripting (XSS) |
GutSlider – All in One Block Slider | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Gradient Heading Widget |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via PDF View Widget |
HelloAsso | Cross-Site Scripting (XSS) |
Himalayas Theme | Cross-Site Scripting (XSS) |
Himer Theme | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
HTML Forms | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
IfSo Dynamic Content Personalization | Cross-Site Scripting (XSS) |
Image Hover Effects Caption Hover with Carousel | Cross-Site Scripting (XSS) |
Image Hover Effects – Elementor Addon | Cross-Site Scripting (XSS) via eihe_link Parameter |
Image Photo Gallery Final Tiles Grid | Cross-Site Scripting (XSS) |
Index WP MySQL For Speed | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Job Board Manager | Cross-Site Scripting (XSS) |
Leaflet Maps Marker | Cross-Site Scripting (XSS) |
Link Library | Cross-Site Scripting (XSS) |
Link To Bible | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Livemesh Addons for Beaver Builder | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Multiple Cross-Site Scripting (XSS) |
Login by Auth | Cross-Site Scripting (XSS) via wle |
Login Logo Editor | Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
Magical Posts Display – Elementor & Gutenberg Posts Blocks | Cross-Site Scripting (XSS) |
MakeCommerce for WooCommerce | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Currency WP | Cross-Site Scripting (XSS) via Currency Converter Form Shortcode |
Master Popups | Cross-Site Scripting (XSS) |
MaxButtons | Cross-Site Scripting (XSS) |
MBE eShip | Cross-Site Scripting (XSS) |
Media Library Assistant | Cross-Site Scripting (XSS) |
Mega Elements | Cross-Site Scripting (XSS) |
Meks Easy Ads Widget | Cross-Site Scripting (XSS) |
Meks Smart Author Widget | Cross-Site Scripting (XSS) |
Moloni | Cross-Site Scripting (XSS) |
MP3 Audio Player for Music, Radio & Podcast by Sonaar | Cross-Site Scripting (XSS) via sonaar_audioplayer Shortcode |
Multisite Content Copier/Updater | Cross-Site Scripting (XSS) |
Newspack Ads | Cross-Site Scripting (XSS) |
Newspack Campaigns | Cross-Site Scripting (XSS) |
NEXForms – Ultimate Form Builder | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) |
oik | Cross-Site Scripting (XSS) via bw_button Shortcode |
One Click Order ReOrder | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
OnePress Theme | Cross-Site Scripting (XSS) |
OpenPGP Form Encryption | Cross-Site Scripting (XSS) |
Pagerank Tools | Cross-Site Scripting (XSS) |
Panda Video | Cross-Site Scripting (XSS) |
ParityPress | Cross-Site Scripting (XSS) |
PayPlus Payment Gateway | Cross-Site Scripting (XSS) |
Phlox Portfolio | Cross-Site Scripting (XSS) via ' Grid Portfolios' |
Plugin Notes Plus | Cross-Site Scripting (XSS) |
Plum: Spin Wheel & Email Popup | Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
Post Layouts for Gutenberg | Cross-Site Scripting (XSS) |
Post Meta Data Manager | Cross-Site Scripting (XSS) |
Power BI Embedded for WordPress | Cross-Site Scripting (XSS) |
PowerPress Podcasting | Cross-Site Scripting (XSS) via media_url Parameter |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) via Countdown Widget |
Premium Addons for Elementor | DOMBased Cross-Site Scripting (XSS) via Animated Text Widget |
Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
Pretty Simple Popup Builder | Cross-Site Scripting (XSS) |
Product Enquiry for WooCommerce | Cross-Site Scripting (XSS) |
Qi Blocks | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) |
ReCaptcha Integration for WordPress | Cross-Site Scripting (XSS) |
Redux Framework | Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS) |
RegLevel | Cross-Site Scripting (XSS) |
Request a Quote | Cross-Site Scripting (XSS) |
Responsive Mobile Theme | Cross-Site Scripting (XSS) |
Responsive Tabs | Cross-Site Scripting (XSS) |
REVIEWS.io | Cross-Site Scripting (XSS) |
Rife Elementor Extensions & Templates | Cross-Site Scripting (XSS) via Writing Effect Headline Widget |
Robo Gallery | Cross-Site Scripting (XSS) via Gallery Title |
Royal Elementor Addons | DOMBased Cross-Site Scripting (XSS) via Magazine Grid/Slider Widget |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Schema & Structured Data for WP & AMP | Cross-Site Scripting (XSS) via url Attribute |
Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
Send email only on Reply to My Comment | Cross-Site Scripting (XSS) |
Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Seriously Simple Podcasting | Cross-Site Scripting (XSS) |
Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) |
Simple Alert Boxes | Cross-Site Scripting (XSS) via Alert Shortcode |
Simple AL Slider | Cross-Site Scripting (XSS) |
Simple Popup | Cross-Site Scripting (XSS) |
Simple Post Notes | Cross-Site Scripting (XSS) |
Simple Responsive Slider | Cross-Site Scripting (XSS) |
Simple Social Share | Cross-Site Scripting (XSS) |
Simple Video Directory | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) via read_more_text Parameter |
SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) in Image Grid widget |
sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SKT Skill Bar | Cross-Site Scripting (XSS) |
Sky Addons for Elementor | Cross-Site Scripting (XSS) |
Slider by 1Web | Cross-Site Scripting (XSS) |
Slider by 1Web | Cross-Site Scripting (XSS) |
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | Cross-Site Scripting (XSS) |
Social Auto Poster | Cross-Site Scripting (XSS) |
Social Auto Poster | Unauthenticated Cross-Site Scripting (XSS) |
Social Media & Share Icons | Cross-Site Scripting (XSS) |
Social Media Widget | Cross-Site Scripting (XSS) |
SpiderContacts | Cross-Site Scripting (XSS) |
SportsPress – Sports Club & League Manager | Cross-Site Scripting (XSS) |
Squelch Tabs and Accordions Shortcodes | Cross-Site Scripting (XSS) via tab Shortcode |
Stock Ticker | Cross-Site Scripting (XSS) via stock_ticker Shortcode |
SULly | Cross-Site Scripting (XSS) |
SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SuperSaaS – online appointment scheduling | Cross-Site Scripting (XSS) |
Support SVG | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
SVG Block | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
SVG Support | Cross-Site Scripting (XSS) via SVG |
Swift Framework Page Builder | Cross-Site Scripting (XSS) |
Swift Framework Page Builder | Cross-Site Scripting (XSS) via Settings |
Tabs For WPBakery Page Builder | Cross-Site Scripting (XSS) |
Team Members | Cross-Site Scripting (XSS) |
Template Kit – Export | Cross-Site Scripting (XSS) |
Testimonials Widget | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Countdown Widget |
The Post Grid | Cross-Site Scripting (XSS) via section title tag |
Timeline Module for Beaver Builder | Cross-Site Scripting (XSS) |
TOCHAT.BE | Unauthenticated Cross-Site Scripting (XSS) |
Tournamatch | Cross-Site Scripting (XSS) |
Tournamatch | Cross-Site Scripting (XSS) via Ladders |
Tutor LMS | Cross-Site Scripting (XSS) |
Typebot | Cross-Site Scripting (XSS) |
Ultimate Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) via Shortcode |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Classified Listings | Cross-Site Scripting (XSS) |
UltraAddons Elementor Lite | Cross-Site Scripting (XSS) via Multiple Widgets |
UltraAddons Elementor Lite | Cross-Site Scripting (XSS) |
Uncanny Automator Pro | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via 'username' |
URL Shortener by MyThemeShop | Cross-Site Scripting (XSS) |
User Feedback | Unauthenticated Cross-Site Scripting (XSS) via Name Parameter |
User Submitted Posts | Cross-Site Scripting (XSS) |
VForm | Unauthenticated Cross-Site Scripting (XSS) |
VK All in One Expansion Unit | Cross-Site Scripting (XSS) |
Void Contact Form Widget For Elementor Page Builder | Cross-Site Scripting (XSS) via cf_redirect_page Attribute |
WANotifier | Cross-Site Scripting (XSS) |
Watu Quiz | Cross-Site Scripting (XSS) |
Web Directory Free | Cross-Site Scripting (XSS) |
Webico Slider Flatsome Addons | Cross-Site Scripting (XSS) via wbc_image Shortcode |
Website Content in Page or Post | Cross-Site Scripting (XSS) |
Widget4Call | Cross-Site Scripting (XSS) |
Woffice | Cross-Site Scripting (XSS) |
Woffice Core | Site Wide Cross-Site Scripting (XSS) |
Woffice Theme | Cross-Site Scripting (XSS) |
WooCommerce Predictive Search | Cross-Site Scripting (XSS) |
WooCommerce Product Table Lite | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
WooCommerce Report | Cross-Site Scripting (XSS) |
WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
WordPress Notification Bar | Cross-Site Scripting (XSS) |
WP Ajax Contact Form | Cross-Site Scripting (XSS) |
WP Announcement | Cross-Site Scripting (XSS) |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) via Multiple Widgets |
WP Cookie Law Info | Cross-Site Scripting (XSS) |
WP Directory Kit | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
WP eMember | Cross-Site Scripting (XSS) via Member Edit |
WP eMember | Unauthenticated Cross-Site Scripting (XSS) via Member Registration |
WP eStore | Multiple Cross-Site Scripting (XSS) |
WP Event Aggregator | Cross-Site Scripting (XSS) |
WP Event Manager | Cross-Site Scripting (XSS) via 'events' Shortcode |
WPFavicon | Cross-Site Scripting (XSS) |
WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP GoToWebinar | Cross-Site Scripting (XSS) |
WP Lightbox 2 | DOMBased Cross-Site Scripting (XSS) |
WP Photo Album Plus | Cross-Site Scripting (XSS) |
WPQA Builder forms Addon | Cross-Site Scripting (XSS) |
WP QuickLaTeX | Cross-Site Scripting (XSS) in Background Color field |
WP QuickLaTeX | Cross-Site Scripting (XSS) |
WpStickyBar | Cross-Site Scripting (XSS) |
WP To Do | Cross-Site Scripting (XSS) |
WP Total Branding | Cross-Site Scripting (XSS) via title Parameter |
WP Travel Engine | Cross-Site Scripting (XSS) |
WP ULike | Cross-Site Scripting (XSS) |
WS Contact Form | Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
YITH WooCommerce Ajax Product Filter | Cross-Site Scripting (XSS) |
zBench Theme | Cross-Site Scripting (XSS) |
Zenon Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Zephyr Project Manager | Cross-Site Scripting (XSS) |
Zoho Campaigns | Cross-Site Scripting (XSS) |
Zoho CRM Lead Magnet | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1929 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.