WP XSS DEC 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS DEC 2024 is a +51% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS DEC 2024 & WP Cross-Site Scripting category:
| AA Audio Player | Cross-Site Scripting (XSS) |
| Accordion title for Elementor | Cross-Site Scripting (XSS) |
| AchillesTheme-shortcodes | Cross-Site Scripting (XSS) |
| Active Products Tables for WooCommerce | Cross-Site Scripting (XSS) |
| Activity Log | Unauthenticated Cross-Site Scripting (XSS) from Event Context |
| adBuddy+ (AdBlocker Detection) | Cross-Site Scripting (XSS) |
| Add Chat App Button | Cross-Site Scripting (XSS) |
| Add Ribbon Shortcode | Cross-Site Scripting (XSS) |
| Additional Order Filters for WooCommerce | Cross-Site Scripting (XSS) |
| Addressbook | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Admin Amplify | Cross-Site Scripting (XSS) |
| Admin and Site Enhancements (ASE) | Cross-Site Scripting (XSS) from SVG |
| Admin SMS Alert | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced Event Manager | Cross-Site Scripting (XSS) |
| Advanced Form Integration | Cross-Site Scripting (XSS) |
| Advanced PDF Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced Video Player with Analytics | Cross-Site Scripting (XSS) |
| Advanced What should we write next about | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Adventure Bucket List | Cross-Site Scripting (XSS) |
| affiliate-toolkit | Cross-Site Scripting (XSS) |
| AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress | Cross-Site Scripting (XSS) |
| AI Responsive Gallery Album | Cross-Site Scripting (XSS) |
| Ajax Content Filter | Cross-Site Scripting (XSS) |
| AJAX Login and Registration modal popup + inline form | Cross-Site Scripting (XSS) |
| Alert Me! | Cross-Site Scripting (XSS) |
| Algori PDF Viewer | Cross-Site Scripting (XSS) |
| Amazon Associate Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| amr shortcodes | Cross-Site Scripting (XSS) |
| Anant Addons for Elementor | Cross-Site Scripting (XSS) |
| Anih Theme | Cross-Site Scripting (XSS) |
| APK Downloader | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Appointmind | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| April's Call Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Aqua SVG Sprite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| ArCa Payment Gateway | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ashe Theme | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| Assist24 Help Desk | Cross-Site Scripting (XSS) |
| AtaraPay WooCommerce Payment Gateway | Cross-Site Scripting (XSS) |
| aThemes Addons for Elementor | Cross-Site Scripting (XSS) |
| audioCase | Cross-Site Scripting (XSS) |
| AutoListicle | Cross-Site Scripting (XSS) |
| Awesome Fitness Testimonials | Cross-Site Scripting (XSS) |
| Awesome Shortcodes For Genesis | Cross-Site Scripting (XSS) |
| Awesome Studio | Cross-Site Scripting (XSS) |
| Awesome Tool Tip | Cross-Site Scripting (XSS) |
| AzonBox | Cross-Site Scripting (XSS) |
| Bamboo Enquiries | Cross-Site Scripting (XSS) |
| Banner System | Cross-Site Scripting (XSS) |
| Bard | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| Basticom Framework | Cross-Site Scripting (XSS) |
| BBP Core - Expand bbPress powered forums with useful features | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| Be Shortcodes | Cross-Site Scripting (XSS) |
| Beacon For Help Scout | Cross-Site Scripting (XSS) |
| BeBetter Social Icons | Cross-Site Scripting (XSS) |
| Beds24 Online Booking | Cross-Site Scripting (XSS) |
| Beds24 Online Booking | Cross-Site Scripting (XSS) from beds-link Shortcode |
| Best Addons for Elementor | Cross-Site Scripting (XSS) |
| best bootstrap widgets for elementor | Cross-Site Scripting (XSS) |
| Bg Patriarchia BU | Cross-Site Scripting (XSS) |
| Bing Search API Integration | Cross-Site Scripting (XSS) |
| Bitcoin Payments | Cross-Site Scripting (XSS) |
| Black Widgets For Elementor | Cross-Site Scripting (XSS) |
| Blizzard Quotes | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Block Editor Bootstrap Blocks | Cross-Site Scripting (XSS) |
| Blocks Post Grid | Cross-Site Scripting (XSS) |
| BNE Gallery Extended | Cross-Site Scripting (XSS) from gallery Shortcode |
| Booking Calendar | Cross-Site Scripting (XSS) |
| Booking calendar, Appointment Booking System | Unauthenticated Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Boombox Shortcode | Cross-Site Scripting (XSS) |
| Booster for WooCommerce | Cross-Site Scripting (XSS) from wcj_product_meta Shortcode |
| Booster for WooCommerce | Cross-Site Scripting (XSS) |
| Bounce Handler MailPoet 3 | Cross-Site Scripting (XSS) |
| Brand my Footer | Cross-Site Scripting (XSS) |
| Branda | Cross-Site Scripting (XSS) |
| Bread & Butter | Cross-Site Scripting (XSS) |
| Bricksable for Bricks Builder | Cross-Site Scripting (XSS) |
| Browsing History | Cross-Site Scripting (XSS) |
| BU Slideshow | Cross-Site Scripting (XSS) |
| BulkPress | Cross-Site Scripting (XSS) |
| Buooy Sticky Header | Cross-Site Scripting (XSS) |
| Capitalize My Title | Cross-Site Scripting (XSS) |
| CF7 WOW Styler | Cross-Site Scripting (XSS) |
| Chameleoni Jobs | Cross-Site Scripting (XSS) |
| Charitable | Cross-Site Scripting (XSS) |
| Charity Addon for Elementor | Cross-Site Scripting (XSS) |
| Checkout with Cash App on WooCommerce | Cross-Site Scripting (XSS) |
| Chessgame Shizzle | Cross-Site Scripting (XSS) |
| Christian Science Bible Lesson Subjects | Cross-Site Scripting (XSS) |
| CM Business Directory Plugin – Business Listing Directory | Cross-Site Scripting (XSS) |
| CM Email Registration Blacklist and Whitelist | Cross-Site Scripting (XSS) |
| CM Header & Footer Script Loader | Cross-Site Scripting (XSS) |
| CM On Demand Search And Replace | Cross-Site Scripting (XSS) |
| CM Pop-Up banners | Cross-Site Scripting (XSS) |
| CM Table Of Contents – WordPress TOC Plugin | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| CM Tooltip Glossary | Cross-Site Scripting (XSS) |
| Co-marquage service-public.fr | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| codeSnips | Cross-Site Scripting (XSS) |
| Community by PeepSo | Cross-Site Scripting (XSS) |
| Community Yard Sale | Cross-Site Scripting (XSS) |
| Constant Contact Forms by MailMunch | Cross-Site Scripting (XSS) |
| Contact Form 7 – PayPal & Stripe Add-on | Cross-Site Scripting (XSS) |
| Contact Form 7 Redirect & Thank You Page | Cross-Site Scripting (XSS) |
| Contact Form by WPForms | Cross-Site Scripting (XSS) |
| Content Syndication Toolkit Read (BAC)er | Cross-Site Scripting (XSS) |
| Continue Shopping From Cart | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Control horas | Cross-Site Scripting (XSS) |
| Conversion Helper | Cross-Site Scripting (XSS) |
| Cookie Nonsense for YT | Cross-Site Scripting (XSS) |
| Copy Anything to Clipboard | Cross-Site Scripting (XSS) |
| Countdown Timer for Elementor | Cross-Site Scripting (XSS) |
| Counter Up | Cross-Site Scripting (XSS) |
| Cowidgets – Elementor Addons | Cross-Site Scripting (XSS) |
| Cowidgets – Elementor Addons | Cross-Site Scripting (XSS) |
| Creative Blocks | Cross-Site Scripting (XSS) |
| Cresta Addons for Elementor | Cross-Site Scripting (XSS) |
| CRM 2go | Cross-Site Scripting (XSS) |
| Crypto and DeFi Widgets | Cross-Site Scripting (XSS) |
| CultBooking Hotel Booking Engine | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Author URL | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom CSS, JS & PHP | Cross-Site Scripting (XSS) |
| Custom Dashboard Widget | Cross-Site Scripting (XSS) |
| Custom post type templates for Elementor | Cross-Site Scripting (XSS) |
| Custom Post Type to Map Store | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Shortcode Sidebars | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom URL Shortener | Cross-Site Scripting (XSS) |
| Customize My Account for WooCommerce | Cross-Site Scripting (XSS) from tab Parameter |
| Daily Image | Cross-Site Scripting (XSS) |
| Dashing Memberships | Cross-Site Scripting (XSS) |
| Delisho | Cross-Site Scripting (XSS) |
| Devnex Addons For Elementor | Cross-Site Scripting (XSS) |
| Dino Game | Cross-Site Scripting (XSS) |
| Ditty | Cross-Site Scripting (XSS) |
| Document & Data Automation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Don't Break The Code | Cross-Site Scripting (XSS) |
| Donate Me | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Doofinder | Cross-Site Scripting (XSS) |
| drop in image slideshow gallery | Cross-Site Scripting (XSS) |
| Drozd – Addons for Elementor | Cross-Site Scripting (XSS) |
| DuoGeek Blocks | Cross-Site Scripting (XSS) |
| Dynamic "To Top" | Cross-Site Scripting (XSS) |
| Dynamic Post Grid Elementor Addon | Cross-Site Scripting (XSS) |
| Dynamic URL SEO | Cross-Site Scripting (XSS) |
| e-shops | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy Liveblogs | Cross-Site Scripting (XSS) |
| Easy Pricing Tables | Cross-Site Scripting (XSS) |
| Easy Social Sharebar | Cross-Site Scripting (XSS) |
| Easy SVG Support | Cross-Site Scripting (XSS) |
| eewee admin custom | Cross-Site Scripting (XSS) |
| Ekiline Block Collection | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | DOM-Based Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Elementor Button Plus | Cross-Site Scripting (XSS) |
| Elementor Image Gallery Plugin | Cross-Site Scripting (XSS) |
| Elementor Portfolio Builder | Cross-Site Scripting (XSS) |
| Elementor Website Builder | Cross-Site Scripting (XSS) |
| ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
| Elfsight Telegram Chat CC | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| Elo Rating Shortcode | Cross-Site Scripting (XSS) |
| Email Subscription Popup | Cross-Site Scripting (XSS) from print_email_subscribe_form Shortcode |
| Embed documents shortcode | Cross-Site Scripting (XSS) |
| EmbedPress | Cross-Site Scripting (XSS) from 'provider_name' |
| ESB Testimonials | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Breadcrumbs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Event post | Cross-Site Scripting (XSS) from events_cal Shortcode |
| Event post | Cross-Site Scripting (XSS) |
| EventPress | Cross-Site Scripting (XSS) |
| Everest Forms | Cross-Site Scripting (XSS) |
| Exclusive Divi | Cross-Site Scripting (XSS) |
| Explara Events | Cross-Site Scripting (XSS) |
| Extensions for Elementor | Cross-Site Scripting (XSS) |
| EzyOnlineBookings Online Booking System Widget | Cross-Site Scripting (XSS) |
| F4 Improvements | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Fabrica Synced Pattern Instances | Cross-Site Scripting (XSS) |
| Faltu Testimonial Rotator | Cross-Site Scripting (XSS) |
| Fancy Gallery | Cross-Site Scripting (XSS) |
| Fancy User List | Cross-Site Scripting (XSS) |
| FAQ Builder AYS | Cross-Site Scripting (XSS) |
| Fast Video and Image Display | Cross-Site Scripting (XSS) |
| FastBook – Responsive Appointment Booking and Scheduling System | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Fat Rat Collect | Cross-Site Scripting (XSS) |
| Favicon My Blog | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Featured Posts Scroll | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Featured product by category name | Cross-Site Scripting (XSS) |
| Fence URL | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| File Select Control For Elementor | Cross-Site Scripting (XSS) |
| Fintelligence Calculator | Cross-Site Scripting (XSS) |
| Firework Shoppable Live Video | Cross-Site Scripting (XSS) |
| Flash Show And Hide Box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Footer Flyout Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| Formidable Forms | Cross-Site Scripting (XSS) |
| Formidable Forms | Cross-Site Scripting (XSS) from Custom HTML Form Parameter |
| Forms: 3rd-Party Post Again | Cross-Site Scripting (XSS) |
| ForumEngine Theme | Cross-Site Scripting (XSS) |
| FraudLabs Pro SMS Verification | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Friendly Functions for Welcart | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| FriendStore for WooCommerce | Cross-Site Scripting (XSS) |
| Gallery Blocks with Lightbox | Cross-Site Scripting (XSS) |
| Gameplan Theme | Cross-Site Scripting (XSS) |
| GD bbPress Attachments | Cross-Site Scripting (XSS) |
| GD Rating System | Cross-Site Scripting (XSS) from extra_class Parameter |
| Generic Elements | Cross-Site Scripting (XSS) |
| Geoportail Shortcode | Cross-Site Scripting (XSS) |
| Geotagged Media | Cross-Site Scripting (XSS) |
| Getwid – Gutenberg Blocks | Cross-Site Scripting (XSS) |
| GMO Social Connection | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google Plus Share and +1 Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google Visualization Charts | Cross-Site Scripting (XSS) |
| GoQMieruca | Cross-Site Scripting (XSS) |
| GoQSmile | Cross-Site Scripting (XSS) |
| GreenCon | Cross-Site Scripting (XSS) |
| Grey Owl Lightbox | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
| Gutenium Blocks | Cross-Site Scripting (XSS) |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) from Image Comparison |
| Header Footer Composer for Elementor | Cross-Site Scripting (XSS) |
| Hebrew Date | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hide My WP Ghost | Cross-Site Scripting (XSS) from URL |
| HIPAAtizer | Cross-Site Scripting (XSS) |
| HLS Player | Cross-Site Scripting (XSS) |
| Hola Free Video Player | Cross-Site Scripting (XSS) |
| Hotlink2Watermark | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| HQ60 Fidelity Card | Cross-Site Scripting (XSS) |
| HT Builder – WordPress Theme Builder for Elementor | Cross-Site Scripting (XSS) |
| HT Politic | Cross-Site Scripting (XSS) |
| HTML5 Lyrics Karaoke Player | Cross-Site Scripting (XSS) |
| HUSKY | Cross-Site Scripting (XSS) from really_curr_tax Parameter |
| I Plant A Tree | Cross-Site Scripting (XSS) |
| IA Map Analytics Basic | Cross-Site Scripting (XSS) |
| IceStats | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Icon Widget | Cross-Site Scripting (XSS) |
| Idealien Category Enhancements | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Image Carousel Shortcode | Cross-Site Scripting (XSS) |
| Image horizontal reel scroll slideshow | Cross-Site Scripting (XSS) |
| ImbaChat | Cross-Site Scripting (XSS) |
| imPress | Cross-Site Scripting (XSS) |
| Include Mastodon Feed | Cross-Site Scripting (XSS) |
| Infinite Slider | Cross-Site Scripting (XSS) |
| Inline Click To Tweet | Cross-Site Scripting (XSS) |
| IntelliWidget Elements | Cross-Site Scripting (XSS) |
| iPhone Webclip Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ITERAS | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Jeg Elementor Kit | Cross-Site Scripting (XSS) from JKit Countdown Widget |
| JetWidgets For Elementor | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Jigoshop – Store Toolkit | Cross-Site Scripting (XSS) |
| JobBoardWP – Job Board Listings and Submissions | Cross-Site Scripting (XSS) |
| Jobify - Job Board WordPress Theme | Cross-Site Scripting (XSS) |
| Jobs for WordPress | Cross-Site Scripting (XSS) |
| JS Help Desk – Best Help Desk & Support Plugin | Cross-Site Scripting (XSS) |
| Kevin's | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Keymaster Chord Notation Free | Cross-Site Scripting (XSS) |
| Kings Tab Slider | Cross-Site Scripting (XSS) |
| Knowledge Base | Cross-Site Scripting (XSS) |
| Kognetiks Chatbot for WordPress | Cross-Site Scripting (XSS) |
| Kudos Donations | Cross-Site Scripting (XSS) |
| Landing Page Cat | Cross-Site Scripting (XSS) |
| Lazy load videos and sticky control | Cross-Site Scripting (XSS) |
| LeadBoxer | Cross-Site Scripting (XSS) |
| LeanPress | Cross-Site Scripting (XSS) |
| LearnPress Export Import | Cross-Site Scripting (XSS) |
| LegalWeb Cloud | Cross-Site Scripting (XSS) |
| Lenxel Core for Lenxel(LNX) LMS | Cross-Site Scripting (XSS) |
| Lenxel Core for Lenxel(LNX) LMS | Cross-Site Scripting (XSS) |
| Lewe Bootstrap Visuals | Cross-Site Scripting (XSS) |
| LGPD Framework | Cross-Site Scripting (XSS) |
| Library Bookshelves | Cross-Site Scripting (XSS) |
| Linear | Cross-Site Scripting (XSS) |
| LinkLaunder SEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LIQUID BLOCKS | Cross-Site Scripting (XSS) |
| Load More Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Location Click Map | Cross-Site Scripting (XSS) |
| Login with Vipps and MobilePay | Cross-Site Scripting (XSS) |
| Loginplus | Cross-Site Scripting (XSS) |
| Logo Slider | Cross-Site Scripting (XSS) |
| Logo Slider | Cross-Site Scripting (XSS) |
| LSX Tour Operator | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Luzuk Slider | Cross-Site Scripting (XSS) |
| Luzuk Team | Cross-Site Scripting (XSS) |
| Luzuk Testimonials | Cross-Site Scripting (XSS) |
| Mage Front End Forms | Cross-Site Scripting (XSS) |
| Magic Slider | Cross-Site Scripting (XSS) |
| Mail Picker | Cross-Site Scripting (XSS) |
| MailChimp Forms by MailMunch | Cross-Site Scripting (XSS) |
| MailMunch – Grow your Email List | Cross-Site Scripting (XSS) |
| MailPoet | Cross-Site Scripting (XSS) |
| Map Store Locator | Cross-Site Scripting (XSS) |
| Mapme | Cross-Site Scripting (XSS) |
| MapPress Maps for WordPress | Cross-Site Scripting (XSS) from Map Block |
| Mapster WP Maps | Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Bar | Cross-Site Scripting (XSS) |
| MDC YouTube Downloader | Cross-Site Scripting (XSS) |
| MDR Webmaster Tools | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Media Library Tools | Cross-Site Scripting (XSS) from SVG |
| Memberlite Shortcodes | Cross-Site Scripting (XSS) from memberlite_accordion Shortcode |
| Meteor Slides | Cross-Site Scripting (XSS) |
| MG Post Contributors | Cross-Site Scripting (XSS) |
| Minical Hotel Booking Plugin | Cross-Site Scripting (XSS) |
| Mins To Read (BAC) | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Mobile Kiosk | Cross-Site Scripting (XSS) |
| Mobilize | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Moka Get Posts Shortcode | Cross-Site Scripting (XSS) |
| Moose Elementor Kit | Cross-Site Scripting (XSS) |
| MP3 Audio Player for Music, Radio & Podcast by Sonaar | Cross-Site Scripting (XSS) from sonaar_audioplayer Shortcode |
| Multi Feed Read (BAC)er | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Multi-day Booking Calendar | Cross-Site Scripting (XSS) |
| Multifox Plus | Cross-Site Scripting (XSS) |
| Multilevel Referral Affiliate Plugin for WooCommerce | Cross-Site Scripting (XSS) |
| Multiple Votes in one page | Cross-Site Scripting (XSS) |
| My Restaurant Menu | Cross-Site Scripting (XSS) |
| myCred | Cross-Site Scripting (XSS) |
| MyCurator Content Curation | Cross-Site Scripting (XSS) |
| Narnoo Commerce Manager | Cross-Site Scripting (XSS) |
| Naver Blog | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| News Articles | Cross-Site Scripting (XSS) |
| News Ticker | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) |
| NiceJob | Cross-Site Scripting (XSS) |
| NV Slider | Cross-Site Scripting (XSS) |
| Official SalesWizard CRM Plugin | Cross-Site Scripting (XSS) |
| Olympus Shortcodes | Cross-Site Scripting (XSS) |
| Open edX LMS | Cross-Site Scripting (XSS) |
| OpenCart Product Display | Cross-Site Scripting (XSS) |
| Ortto | Cross-Site Scripting (XSS) |
| OS BXSlider | Cross-Site Scripting (XSS) |
| OS Our Team | Cross-Site Scripting (XSS) |
| OS Pricing Tables | Cross-Site Scripting (XSS) |
| OSM – OpenStreetMap | Cross-Site Scripting (XSS) |
| Otter - Gutenberg Block | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Out Of Stock Badge | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Page Parts | Cross-Site Scripting (XSS) |
| Parallax Image | Cross-Site Scripting (XSS) from position Parameter |
| Parallaxer | Cross-Site Scripting (XSS) |
| ParOne Feeds | Cross-Site Scripting (XSS) |
| Parsi Date | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| Pay With Stripe | Cross-Site Scripting (XSS) |
| PayPal Responder | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Pdf Embedder Fay | Cross-Site Scripting (XSS) |
| PDF Invoices & Packing Slips Generator for WooCommerce | Cross-Site Scripting (XSS) |
| PeachPay Payments | Cross-Site Scripting (XSS) |
| Persian Nested Show/Hide Text | Cross-Site Scripting (XSS) |
| PF Timer | Cross-Site Scripting (XSS) |
| Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
| Photo Video Store | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Photographer Connections | Cross-Site Scripting (XSS) |
| Pixobe Cartography | Cross-Site Scripting (XSS) |
| PJW Mime Config | Cross-Site Scripting (XSS) |
| Platform.ly Official | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Plenigo | Cross-Site Scripting (XSS) |
| Pods | Cross-Site Scripting (XSS) |
| Popup Image | Cross-Site Scripting (XSS) |
| Post By Email | Cross-Site Scripting (XSS) |
| Post Carousel Slider for Elementor | Cross-Site Scripting (XSS) |
| Post Hits Counter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Postcasa Shortcode | Cross-Site Scripting (XSS) |
| Postify: Post Layout For Elementor | Cross-Site Scripting (XSS) |
| Posts Filter | Cross-Site Scripting (XSS) |
| Posts Search | Cross-Site Scripting (XSS) |
| Pricing Tables For WPBakery Page Builder | Cross-Site Scripting (XSS) from wdo_pricing_tables Shortcode |
| Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) from Blog Widget |
| Print PDF Generator and Publisher | Cross-Site Scripting (XSS) |
| Pro Addons For Elementor | Cross-Site Scripting (XSS) |
| Product Delivery Date for WooCommerce – Lite | Cross-Site Scripting (XSS) |
| Product Designer | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| PropertyShift | Cross-Site Scripting (XSS) |
| Protect Your Content | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Provide Forex Signals | Cross-Site Scripting (XSS) |
| Pull This | Cross-Site Scripting (XSS) |
| Pure CSS Circle Progress Bar | Cross-Site Scripting (XSS) |
| Quotes llama | Cross-Site Scripting (XSS) |
| ra_qrcode | Cross-Site Scripting (XSS) |
| Ragic Shortcode | Cross-Site Scripting (XSS) |
| Random Banner | Cross-Site Scripting (XSS) |
| Random Featured Post | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Razorpay Payment Button | Cross-Site Scripting (XSS) |
| Razorpay Payment Button Elementor Plugin | Cross-Site Scripting (XSS) |
| Realty by BestWebSoft | Cross-Site Scripting (XSS) |
| RealtyCandy IDX Broker Extended | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ReCaptcha Integration for WordPress | Cross-Site Scripting (XSS) |
| RecipePress Reloaded | Cross-Site Scripting (XSS) |
| ReConstruction Theme | Cross-Site Scripting (XSS) |
| Redirecter | Cross-Site Scripting (XSS) |
| Registrations for the Events Calendar | Unauthenticated Cross-Site Scripting (XSS) |
| Rescue Shortcodes | Cross-Site Scripting (XSS) from rescue_progressbar Shortcode |
| Responsive Addons for Elementor | Cross-Site Scripting (XSS) |
| Responsive Data Table | Cross-Site Scripting (XSS) |
| Responsive Flickr Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) |
| Rig Elements For Elementor | Cross-Site Scripting (XSS) |
| RingCentral Communications | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Royal Elementor Addons | DOM-Based Cross-Site Scripting (XSS) from Form Builder Widget |
| RSS Feed Widget | Cross-Site Scripting (XSS) |
| RSV 360 View | Cross-Site Scripting (XSS) |
| RSV PDF Preview | Cross-Site Scripting (XSS) |
| Run Contests, Raffles, and Giveaways with ContestsWP | Cross-Site Scripting (XSS) |
| Safe SVG | Cross-Site Scripting (XSS) |
| salavat counter | Cross-Site Scripting (XSS) |
| Saragna | Cross-Site Scripting (XSS) |
| Sassy Social Share | Cross-Site Scripting (XSS) from heateor_mastodon_share Parameter |
| Sastra Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Satisfaction Reports from Help Scout | Cross-Site Scripting (XSS) |
| Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
| scrollup | Cross-Site Scripting (XSS) |
| Search order by product SKU for WooCommerce | Cross-Site Scripting (XSS) |
| Sell Media File with Stripe | Cross-Site Scripting (XSS) |
| Semantic Shortcode | Cross-Site Scripting (XSS) |
| Seo Free | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SEO Landing Page Generator | Cross-Site Scripting (XSS) |
| SEO Plugin by Squirrly SEO | Cross-Site Scripting (XSS) |
| Seriously Simple Podcasting | Cross-Site Scripting (XSS) |
| SH Slideshow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Shine PDF Embeder | Cross-Site Scripting (XSS) |
| Shortcode Collection | Cross-Site Scripting (XSS) |
| Shortcodes Blocks Creator Ultimate | Cross-Site Scripting (XSS) from Shortcode |
| Silverlight Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple File List | Cross-Site Scripting (XSS) |
| Simple Header and Footer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Modal | Cross-Site Scripting (XSS) |
| Simple Page Specific Sidebars | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Popup | Cross-Site Scripting (XSS) |
| Simple Pricing Table | Cross-Site Scripting (XSS) |
| Simple Shortcode for Google Maps | Cross-Site Scripting (XSS) |
| Simple Side Tab | Cross-Site Scripting (XSS) |
| Simple Social Share Block | Cross-Site Scripting (XSS) |
| Simple Travel Map | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SimpleForm | Cross-Site Scripting (XSS) |
| SimpleForm Contact Form Submissions | Cross-Site Scripting (XSS) |
| SimpleGMaps | Cross-Site Scripting (XSS) |
| SimpleSchema | Cross-Site Scripting (XSS) |
| Simplistic SEO | Cross-Site Scripting (XSS) |
| Simpul Events by Esotech | Cross-Site Scripting (XSS) |
| Skip To | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Skt NURCaptcha | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Slick Sitemap | Cross-Site Scripting (XSS) |
| Slickstream | Cross-Site Scripting (XSS) from slick-grid Shortcode |
| Slotti Ajanvaraus | Cross-Site Scripting (XSS) |
| SmartLink Dynamic URLs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Smooth Maps | Cross-Site Scripting (XSS) |
| Social button | Cross-Site Scripting (XSS) |
| Social Locker | Cross-Site Scripting (XSS) |
| Social Proof (Testimonial) Slider | Cross-Site Scripting (XSS) |
| Softtemplates For Elementor | Cross-Site Scripting (XSS) |
| Sp*tify Play Button for WordPress | Cross-Site Scripting (XSS) from spotifyplaybutton Shortcode |
| Sparkle Elementor Kit | Cross-Site Scripting (XSS) |
| SpatialMatch IDX | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SrcSet Responsive Images for WordPress | Cross-Site Scripting (XSS) |
| Steel | Cross-Site Scripting (XSS) |
| Sticky Social Bar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Sticky Social Icons | Cross-Site Scripting (XSS) |
| Storely Theme | Cross-Site Scripting (XSS) |
| StreamWeasels Online Status Bar | Cross-Site Scripting (XSS) |
| StreamWeasels YouTube Integration | Cross-Site Scripting (XSS) |
| Stripe Donation | Cross-Site Scripting (XSS) |
| Stylish Internal Links | Cross-Site Scripting (XSS) |
| Subaccounts for WooCommerce | Cross-Site Scripting (XSS) |
| SuevaFree Essential Kit | Cross-Site Scripting (XSS) |
| Sugar Calendar (Lite) | Cross-Site Scripting (XSS) |
| Support SVG | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Surbma | Font Awesome | Cross-Site Scripting (XSS) |
| SV Forms | Cross-Site Scripting (XSS) |
| SVG Block | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| SVG Case Study | Cross-Site Scripting (XSS) |
| SVGPlus | Cross-Site Scripting (XSS) |
| SVT Simple | Cross-Site Scripting (XSS) |
| System Dashboard | Unauthenticated Cross-Site Scripting (XSS) |
| Table of Contents Plus | Cross-Site Scripting (XSS) |
| Managed Tools | Cross-Site Scripting (XSS) |
| Team Showcase and Slider – Team Members Builder | Cross-Site Scripting (XSS) |
| TeleAdmin | Cross-Site Scripting (XSS) |
| Testimonial Slider Shortcode | Cross-Site Scripting (XSS) |
| Text Advertisements | Cross-Site Scripting (XSS) |
| The Pack Elementor addons | Cross-Site Scripting (XSS) |
| Theater for WordPress | Cross-Site Scripting (XSS) |
| ThemeFuse Maintenance Mode | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Themify Builder | Cross-Site Scripting (XSS) |
| Third Party Cookie Eraser | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tigris Flexplatform | Cross-Site Scripting (XSS) |
| TinyCode | Cross-Site Scripting (XSS) |
| TM Islamic Helper | Cross-Site Scripting (XSS) |
| Topbar ID for Elementor | Cross-Site Scripting (XSS) |
| Trendy Restaurant Menu | Cross-Site Scripting (XSS) |
| Tribute Testimonials | Cross-Site Scripting (XSS) |
| Twitter @Anywhere Plus | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Twitter Follow Button | Cross-Site Scripting (XSS) from username Parameter |
| Twitter real time search scrolling | Cross-Site Scripting (XSS) |
| Ultimate Accordion | Cross-Site Scripting (XSS) |
| Ultimate Classified Listings | Cross-Site Scripting (XSS) |
| Ultimate Flipbox Addon for Elementor | Cross-Site Scripting (XSS) |
| UPDATE NOTIFICATIONS | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| User Password Reset | Cross-Site Scripting (XSS) |
| Utech Spinning Earth | Cross-Site Scripting (XSS) |
| UW Freelancer | Cross-Site Scripting (XSS) |
| Vertical Carousel | Cross-Site Scripting (XSS) |
| Video Lessons Manager | Cross-Site Scripting (XSS) |
| Video Player for WPBakery | Cross-Site Scripting (XSS) |
| VP Sitemap | Cross-Site Scripting (XSS) |
| W3P SEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wc Recently viewed products | Cross-Site Scripting (XSS) |
| Wd-image-magnifier-xoss | Cross-Site Scripting (XSS) |
| WE – Client Logo Carousel | Cross-Site Scripting (XSS) |
| Weather Atlas Widget | Cross-Site Scripting (XSS) |
| Web Stories Widgets For Elementor | Cross-Site Scripting (XSS) |
| Webriti Custom Login | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Websand Subscription Form | Cross-Site Scripting (XSS) |
| Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera | Cross-Site Scripting (XSS) |
| Wezido | Cross-Site Scripting (XSS) |
| What Would Seth Godin Do | Cross-Site Scripting (XSS) |
| While Loading | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WIP Incoming Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wishlist for WooCommerce Pro | Cross-Site Scripting (XSS) |
| WooCommerce Price Alert | Cross-Site Scripting (XSS) |
| WooCommerce Product Table Lite | Unauthenticated Arbitrary Shortcode Execution (BAC) & Cross-Site Scripting (XSS) |
| WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates | Cross-Site Scripting (XSS) |
| WordPress Announcement & Notification Banner Plugin – Bulletin | Cross-Site Scripting (XSS) |
| WordPress Brute Force Protection – Stop Brute Force Attacks | Cross-Site Scripting (XSS) |
| WordPress GDPR & CCPA | Unauthenticated Cross-Site Scripting (XSS) |
| WordPress Portfolio Builder – Portfolio Gallery | Cross-Site Scripting (XSS) |
| WordPress Premium Packages | Cross-Site Scripting (XSS) from add_query_arg |
| WoW Guild Armory Roster | Cross-Site Scripting (XSS) |
| WP Activity Log | Unauthenticated Cross-Site Scripting (XSS) |
| WP Agenda | Cross-Site Scripting (XSS) |
| wp auto top | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Course Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP e-Commerce Style Email | Cross-Site Scripting (XSS) |
| WP Find Your Nearest | Cross-Site Scripting (XSS) |
| WP Githuber MD | Cross-Site Scripting (XSS) |
| WP Job Portal | Cross-Site Scripting (XSS) |
| WP Listings Pro | Cross-Site Scripting (XSS) |
| WP Mailster | Cross-Site Scripting (XSS) |
| WP MathJax | Cross-Site Scripting (XSS) |
| WP Mermaid | Cross-Site Scripting (XSS) |
| WP MMenu Lite | Cross-Site Scripting (XSS) |
| WP PagSeguro Payments | Cross-Site Scripting (XSS) |
| WP Pocket URLs | Cross-Site Scripting (XSS) |
| WP Popup Window Maker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Responsive Video | Cross-Site Scripting (XSS) |
| Wp Slide Categorywise | Cross-Site Scripting (XSS) |
| WP ULike | Cross-Site Scripting (XSS) from Widgets |
| WP Virtual Room Configurator | Cross-Site Scripting (XSS) |
| WP Visual Adverts | Cross-Site Scripting (XSS) |
| wp_automatic_widget | Cross-Site Scripting (XSS) |
| WP-Basics | Cross-Site Scripting (XSS) |
| Wp-ImageZoom | Cross-Site Scripting (XSS) |
| WP-ISPConfig 3 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| wp-login customizer | Cross-Site Scripting (XSS) |
| WP-Strava | Cross-Site Scripting (XSS) |
| WPAdverts – Classifieds Plugin | Cross-Site Scripting (XSS) |
| WPBakery Visual Composer WHMCS Elements | Cross-Site Scripting (XSS) from void_wbwhmcse_laouts_search Shortcode |
| WPFunnels | Cross-Site Scripting (XSS) |
| WPHelpful | Cross-Site Scripting (XSS) |
| WS Form LITE | Cross-Site Scripting (XSS) from URL |
| xili-tidy-tags | Cross-Site Scripting (XSS) |
| XT Floating Cart for WooCommerce | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| YaDisk Files | Cross-Site Scripting (XSS) |
| YaDisk Files | Cross-Site Scripting (XSS) from Shortcode |
| Yahoo! WebPlayer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Yotpo | Cross-Site Scripting (XSS) |
| Youneeq Recommendations | Cross-Site Scripting (XSS) |
| yPHPlista | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| yPHPlista | Cross-Site Scripting (XSS) |
| Zajax – Ajax Navigation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Znajdź Pracę z Praca.pl | Cross-Site Scripting (XSS) |
| 소셜 공유 버튼 By 코스모스팜 | Cross-Site Scripting (XSS) |
| 우커머스 네이버페이 | Cross-Site Scripting (XSS) from mnp_purchase Shortcode |
| 워드프레스 결제 심플페이 | Cross-Site Scripting (XSS) pafw_instant_payment Shortcode |
| 코드엠샵 소셜톡 | Cross-Site Scripting (XSS) from add_plus_friends and add_plus_talk Shortcodes |
| 活动链接推广插件 | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 3376 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.
