WP XSS AUG 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS AUG 2024 is a -7% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS AUG 2024 & WP Cross-Site Scripting category:
| Admin Dashboard RSS Feed | Cross-Site Scripting (XSS) |
| AdPush | Cross-Site Scripting (XSS) |
| Advanced post slider | Cross-Site Scripting (XSS) |
| Affiliate Manager | Cross-Site Scripting (XSS) |
| Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| AllinOne Video Gallery | Cross-Site Scripting (XSS) via Video Shortcode |
| Amazing Hover Effects | Cross-Site Scripting (XSS) |
| AMP for WP | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Animated AL List | Cross-Site Scripting (XSS) |
| Animated Typed JS Shortcode | Cross-Site Scripting (XSS) |
| Apollo13 Framework Extensions | Cross-Site Scripting (XSS) |
| Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | Cross-Site Scripting (XSS) |
| ARForms Form Builder | Cross-Site Scripting (XSS) |
| Arkhe Blocks | Cross-Site Scripting (XSS) |
| ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| aThemes Starter Sites | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Basil Theme | Cross-Site Scripting (XSS) |
| bbPress Notify | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Blog, Posts and Category Filter for Elementor | Cross-Site Scripting (XSS) via Post and Category Filter Widget |
| Bold Page Builder | Cross-Site Scripting (XSS) via bt_bb_button Shortcode |
| Booking Calendar | Cross-Site Scripting (XSS) via bookingform Shortcode |
| Booking Ultra Pro | Cross-Site Scripting (XSS) |
| Boot Store Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| Bradmax Player | Cross-Site Scripting (XSS) |
| BSK PDF Manager | Cross-Site Scripting (XSS) |
| Bug Library | Cross-Site Scripting (XSS) |
| Calendar.online / Kalender.digital | Cross-Site Scripting (XSS) |
| Caxton – Create Pro page layouts in Gutenberg | Cross-Site Scripting (XSS) |
| CC & BCC for Woocommerce Order Emails | Cross-Site Scripting (XSS) |
| Change From Email | Cross-Site Scripting (XSS) |
| ChatBot | Cross-Site Scripting (XSS) |
| CM PopUp banners | Cross-Site Scripting (XSS) |
| CodePen Embedded Pens Shortcode | Cross-Site Scripting (XSS) |
| codoc | Cross-Site Scripting (XSS) |
| Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ConeBlog – WordPress Blog Widgets | Cross-Site Scripting (XSS) |
| Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Contest Gallery | Cross-Site Scripting (XSS) |
| CopySafe Web Protection | Cross-Site Scripting (XSS) |
| CopySafe Web Protection | Cross-Site Scripting (XSS) |
| Cost Calculator Builder | Cross-Site Scripting (XSS) |
| counterpoint Theme | Cross-Site Scripting (XSS) |
| CoziPress Theme | Cross-Site Scripting (XSS) |
| Create by Mediavine | Cross-Site Scripting (XSS) |
| Ditty | Cross-Site Scripting (XSS) |
| DN Footer Contacts | Cross-Site Scripting (XSS) |
| Donation Block For PayPal | Unauthenticated Cross-Site Scripting (XSS) |
| Download Button for Elementor | Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) via Shortcode |
| Easy Custom Code (LESS/CSS/JS) – Live editing | Cross-Site Scripting (XSS) |
| Easy Google Maps | Cross-Site Scripting (XSS) |
| Easy Pixels | Unauthenticated Cross-Site Scripting (XSS) |
| Easy Table of Contents | Cross-Site Scripting (XSS) |
| Easy Testimonials | Cross-Site Scripting (XSS) via Shortcode |
| EazyDocs | Cross-Site Scripting (XSS) |
| EazyDocs | Cross-Site Scripting (XSS) |
| ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
| Elementor Addons, Widgets and Enhancements – Stax | Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | DOMBased Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| Email Encoder Bundle | Cross-Site Scripting (XSS) |
| Embed Peertube Playlist | Cross-Site Scripting (XSS) |
| Eventin | Cross-Site Scripting (XSS) |
| EventON | Cross-Site Scripting (XSS) via event subtitle |
| EventON | Missing Authorisation (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC) |
| Events Manager | Cross-Site Scripting (XSS) |
| Extensions for Elementor | Cross-Site Scripting (XSS) via url Parameter |
| Extensions for Elementor | Cross-Site Scripting (XSS) via EE Events and EE Flipbox Widget |
| FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Cross-Site Scripting (XSS) |
| Feeds for YouTube | DOMBased Cross-Site Scripting (XSS) |
| Floating Social Media Links | Cross-Site Scripting (XSS) |
| FluentForm | Cross-Site Scripting (XSS) |
| FormFlow | Cross-Site Scripting (XSS) |
| Formidable Forms | Cross-Site Scripting (XSS) |
| Form Maker by 1Web | Cross-Site Scripting (XSS) |
| FULL Customer | Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter |
| Funnel Builder for WordPress by FunnelKit | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Fusion | Cross-Site Scripting (XSS) |
| Genesis Blocks | Cross-Site Scripting (XSS) via Sharing Block Attributes |
| Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
| Goftino | Cross-Site Scripting (XSS) |
| Goya Theme | Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters |
| GPT3 AI Content Writer | Cross-Site Scripting (XSS) |
| Gum Elementor Addon | Cross-Site Scripting (XSS) |
| Gutenberg | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | DOMBased Cross-Site Scripting (XSS) via HTML Data Attributes |
| Gutenverse | Cross-Site Scripting (XSS) |
| GutSlider – All in One Block Slider | Cross-Site Scripting (XSS) |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) via Gradient Heading Widget |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) via PDF View Widget |
| HelloAsso | Cross-Site Scripting (XSS) |
| Himalayas Theme | Cross-Site Scripting (XSS) |
| Himer Theme | Cross-Site Scripting (XSS) |
| Hostel | Cross-Site Scripting (XSS) |
| HTML Forms | Cross-Site Scripting (XSS) |
| IdeaPush | Cross-Site Scripting (XSS) |
| IfSo Dynamic Content Personalization | Cross-Site Scripting (XSS) |
| Image Hover Effects Caption Hover with Carousel | Cross-Site Scripting (XSS) |
| Image Hover Effects – Elementor Addon | Cross-Site Scripting (XSS) via eihe_link Parameter |
| Image Photo Gallery Final Tiles Grid | Cross-Site Scripting (XSS) |
| Index WP MySQL For Speed | Cross-Site Scripting (XSS) |
| Inline Related Posts | Cross-Site Scripting (XSS) |
| Inline Related Posts | Cross-Site Scripting (XSS) |
| Job Board Manager | Cross-Site Scripting (XSS) |
| Leaflet Maps Marker | Cross-Site Scripting (XSS) |
| Link Library | Cross-Site Scripting (XSS) |
| Link To Bible | Cross-Site Scripting (XSS) |
| LiteSpeed Cache | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Livemesh Addons for Beaver Builder | Cross-Site Scripting (XSS) |
| Livemesh Addons for Elementor | Multiple Cross-Site Scripting (XSS) |
| Login by Auth | Cross-Site Scripting (XSS) via wle |
| Login Logo Editor | Cross-Site Scripting (XSS) |
| Magical Addons For Elementor | Cross-Site Scripting (XSS) |
| Magical Posts Display – Elementor & Gutenberg Posts Blocks | Cross-Site Scripting (XSS) |
| MakeCommerce for WooCommerce | Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Currency WP | Cross-Site Scripting (XSS) via Currency Converter Form Shortcode |
| Master Popups | Cross-Site Scripting (XSS) |
| MaxButtons | Cross-Site Scripting (XSS) |
| MBE eShip | Cross-Site Scripting (XSS) |
| Media Library Assistant | Cross-Site Scripting (XSS) |
| Mega Elements | Cross-Site Scripting (XSS) |
| Meks Easy Ads Widget | Cross-Site Scripting (XSS) |
| Meks Smart Author Widget | Cross-Site Scripting (XSS) |
| Moloni | Cross-Site Scripting (XSS) |
| MP3 Audio Player for Music, Radio & Podcast by Sonaar | Cross-Site Scripting (XSS) via sonaar_audioplayer Shortcode |
| Multisite Content Copier/Updater | Cross-Site Scripting (XSS) |
| Newspack Ads | Cross-Site Scripting (XSS) |
| Newspack Campaigns | Cross-Site Scripting (XSS) |
| NEXForms – Ultimate Form Builder | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) |
| Ocean Extra | Cross-Site Scripting (XSS) |
| oik | Cross-Site Scripting (XSS) via bw_button Shortcode |
| One Click Order ReOrder | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| OnePress Theme | Cross-Site Scripting (XSS) |
| OpenPGP Form Encryption | Cross-Site Scripting (XSS) |
| Pagerank Tools | Cross-Site Scripting (XSS) |
| Panda Video | Cross-Site Scripting (XSS) |
| ParityPress | Cross-Site Scripting (XSS) |
| PayPlus Payment Gateway | Cross-Site Scripting (XSS) |
| Phlox Portfolio | Cross-Site Scripting (XSS) via ' Grid Portfolios' |
| Plugin Notes Plus | Cross-Site Scripting (XSS) |
| Plum: Spin Wheel & Email Popup | Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
| Post Layouts for Gutenberg | Cross-Site Scripting (XSS) |
| Post Meta Data Manager | Cross-Site Scripting (XSS) |
| Power BI Embedded for WordPress | Cross-Site Scripting (XSS) |
| PowerPress Podcasting | Cross-Site Scripting (XSS) via media_url Parameter |
| Premium Addons for Elementor | Cross-Site Scripting (XSS) |
| Premium Addons for Elementor | Cross-Site Scripting (XSS) via Countdown Widget |
| Premium Addons for Elementor | DOMBased Cross-Site Scripting (XSS) via Animated Text Widget |
| Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
| Pretty Simple Popup Builder | Cross-Site Scripting (XSS) |
| Product Enquiry for WooCommerce | Cross-Site Scripting (XSS) |
| Qi Blocks | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| Rank Math SEO | Cross-Site Scripting (XSS) |
| ReCaptcha Integration for WordPress | Cross-Site Scripting (XSS) |
| Redux Framework | Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS) |
| RegLevel | Cross-Site Scripting (XSS) |
| Request a Quote | Cross-Site Scripting (XSS) |
| Responsive Mobile Theme | Cross-Site Scripting (XSS) |
| Responsive Tabs | Cross-Site Scripting (XSS) |
| REVIEWS.io | Cross-Site Scripting (XSS) |
| Rife Elementor Extensions & Templates | Cross-Site Scripting (XSS) via Writing Effect Headline Widget |
| Robo Gallery | Cross-Site Scripting (XSS) via Gallery Title |
| Royal Elementor Addons | DOMBased Cross-Site Scripting (XSS) via Magazine Grid/Slider Widget |
| Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
| Schema & Structured Data for WP & AMP | Cross-Site Scripting (XSS) via url Attribute |
| Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
| Send email only on Reply to My Comment | Cross-Site Scripting (XSS) |
| Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Seriously Simple Podcasting | Cross-Site Scripting (XSS) |
| Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) |
| Simple Alert Boxes | Cross-Site Scripting (XSS) via Alert Shortcode |
| Simple AL Slider | Cross-Site Scripting (XSS) |
| Simple Popup | Cross-Site Scripting (XSS) |
| Simple Post Notes | Cross-Site Scripting (XSS) |
| Simple Responsive Slider | Cross-Site Scripting (XSS) |
| Simple Social Share | Cross-Site Scripting (XSS) |
| Simple Video Directory | Cross-Site Scripting (XSS) |
| Sina Extension for Elementor | Cross-Site Scripting (XSS) via read_more_text Parameter |
| SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) in Image Grid widget |
| sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| SKT Addons for Elementor | Cross-Site Scripting (XSS) |
| SKT Skill Bar | Cross-Site Scripting (XSS) |
| Sky Addons for Elementor | Cross-Site Scripting (XSS) |
| Slider by 1Web | Cross-Site Scripting (XSS) |
| Slider by 1Web | Cross-Site Scripting (XSS) |
| SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | Cross-Site Scripting (XSS) |
| Social Auto Poster | Cross-Site Scripting (XSS) |
| Social Auto Poster | Unauthenticated Cross-Site Scripting (XSS) |
| Social Media & Share Icons | Cross-Site Scripting (XSS) |
| Social Media Widget | Cross-Site Scripting (XSS) |
| SpiderContacts | Cross-Site Scripting (XSS) |
| SportsPress – Sports Club & League Manager | Cross-Site Scripting (XSS) |
| Squelch Tabs and Accordions Shortcodes | Cross-Site Scripting (XSS) via tab Shortcode |
| Stock Ticker | Cross-Site Scripting (XSS) via stock_ticker Shortcode |
| SULly | Cross-Site Scripting (XSS) |
| SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| SuperSaaS – online appointment scheduling | Cross-Site Scripting (XSS) |
| Support SVG | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| SVG Block | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| SVG Support | Cross-Site Scripting (XSS) via SVG |
| Swift Framework Page Builder | Cross-Site Scripting (XSS) |
| Swift Framework Page Builder | Cross-Site Scripting (XSS) via Settings |
| Tabs For WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Team Members | Cross-Site Scripting (XSS) |
| Template Kit – Export | Cross-Site Scripting (XSS) |
| Testimonials Widget | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Countdown Widget |
| The Post Grid | Cross-Site Scripting (XSS) via section title tag |
| Timeline Module for Beaver Builder | Cross-Site Scripting (XSS) |
| TOCHAT.BE | Unauthenticated Cross-Site Scripting (XSS) |
| Tournamatch | Cross-Site Scripting (XSS) |
| Tournamatch | Cross-Site Scripting (XSS) via Ladders |
| Tutor LMS | Cross-Site Scripting (XSS) |
| Typebot | Cross-Site Scripting (XSS) |
| Ultimate Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) via Shortcode |
| Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
| Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
| Ultimate Classified Listings | Cross-Site Scripting (XSS) |
| UltraAddons Elementor Lite | Cross-Site Scripting (XSS) via Multiple Widgets |
| UltraAddons Elementor Lite | Cross-Site Scripting (XSS) |
| Uncanny Automator Pro | Cross-Site Scripting (XSS) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via 'username' |
| URL Shortener by MyThemeShop | Cross-Site Scripting (XSS) |
| User Feedback | Unauthenticated Cross-Site Scripting (XSS) via Name Parameter |
| User Submitted Posts | Cross-Site Scripting (XSS) |
| VForm | Unauthenticated Cross-Site Scripting (XSS) |
| VK All in One Expansion Unit | Cross-Site Scripting (XSS) |
| Void Contact Form Widget For Elementor Page Builder | Cross-Site Scripting (XSS) via cf_redirect_page Attribute |
| WANotifier | Cross-Site Scripting (XSS) |
| Watu Quiz | Cross-Site Scripting (XSS) |
| Web Directory Free | Cross-Site Scripting (XSS) |
| Webico Slider Flatsome Addons | Cross-Site Scripting (XSS) via wbc_image Shortcode |
| Website Content in Page or Post | Cross-Site Scripting (XSS) |
| Widget4Call | Cross-Site Scripting (XSS) |
| Woffice | Cross-Site Scripting (XSS) |
| Woffice Core | Site Wide Cross-Site Scripting (XSS) |
| Woffice Theme | Cross-Site Scripting (XSS) |
| WooCommerce Predictive Search | Cross-Site Scripting (XSS) |
| WooCommerce Product Table Lite | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| WooCommerce Report | Cross-Site Scripting (XSS) |
| WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| WordPress Notification Bar | Cross-Site Scripting (XSS) |
| WP Ajax Contact Form | Cross-Site Scripting (XSS) |
| WP Announcement | Cross-Site Scripting (XSS) |
| WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) |
| WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) via Multiple Widgets |
| WP Cookie Law Info | Cross-Site Scripting (XSS) |
| WP Directory Kit | Cross-Site Scripting (XSS) |
| WP eMember | Cross-Site Scripting (XSS) |
| WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
| WP eMember | Cross-Site Scripting (XSS) via Member Edit |
| WP eMember | Unauthenticated Cross-Site Scripting (XSS) via Member Registration |
| WP eStore | Multiple Cross-Site Scripting (XSS) |
| WP Event Aggregator | Cross-Site Scripting (XSS) |
| WP Event Manager | Cross-Site Scripting (XSS) via 'events' Shortcode |
| WPFavicon | Cross-Site Scripting (XSS) |
| WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP GoToWebinar | Cross-Site Scripting (XSS) |
| WP Lightbox 2 | DOMBased Cross-Site Scripting (XSS) |
| WP Photo Album Plus | Cross-Site Scripting (XSS) |
| WPQA Builder forms Addon | Cross-Site Scripting (XSS) |
| WP QuickLaTeX | Cross-Site Scripting (XSS) in Background Color field |
| WP QuickLaTeX | Cross-Site Scripting (XSS) |
| WpStickyBar | Cross-Site Scripting (XSS) |
| WP To Do | Cross-Site Scripting (XSS) |
| WP Total Branding | Cross-Site Scripting (XSS) via title Parameter |
| WP Travel Engine | Cross-Site Scripting (XSS) |
| WP ULike | Cross-Site Scripting (XSS) |
| WS Contact Form | Cross-Site Scripting (XSS) |
| XPlainer WooCommerce Product FAQ | Cross-Site Scripting (XSS) |
| XPlainer WooCommerce Product FAQ | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| YITH WooCommerce Ajax Product Filter | Cross-Site Scripting (XSS) |
| zBench Theme | Cross-Site Scripting (XSS) |
| Zenon Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| Zephyr Project Manager | Cross-Site Scripting (XSS) |
| Zoho Campaigns | Cross-Site Scripting (XSS) |
| Zoho CRM Lead Magnet | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 1929 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
