WP XSS JAN 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JAN 2025 is a -24% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS JAN 2025 & WP Cross-Site Scripting category:
10CentMail | Cross-Site Scripting (XSS) |
코드엠샵 소셜톡 | Cross-Site Scripting (XSS) |
360 Javascript Viewer | Cross-Site Scripting (XSS) |
3D Avatar User Profile | Cross-Site Scripting (XSS) |
워드프레스 결제 심플페이 | Cross-Site Scripting (XSS) from add_query_arg Parameter |
ABCBiz Addons and Templates for Elementor | Cross-Site Scripting (XSS) |
Accordion Slider | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Accounting for WooCommerce | Cross-Site Scripting (XSS) |
Add image to Post | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Additional Custom Order Status for WooCommerce | Cross-Site Scripting (XSS) |
addWeather | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Admin Customization | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Advanced Blog Post Block | Cross-Site Scripting (XSS) |
Advanced Control Manager for WordPress by ItalyStrap | Cross-Site Scripting (XSS) |
Advanced Data Table For Elementor | Cross-Site Scripting (XSS) |
Advanced Element Bucket Addons for Elementor | Cross-Site Scripting (XSS) |
Advanced Fancybox | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Advanced Options Editor | Cross-Site Scripting (XSS) |
AdWork Media EZ Content Locker | Cross-Site Scripting (XSS) |
AIO Contact | Unauthenticated Site-Wide Cross-Site Scripting (XSS) |
Ajax Search Lite | Cross-Site Scripting (XSS) |
Amazon Product Price | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
AMP for WP | Cross-Site Scripting (XSS) |
Animated Counters | Cross-Site Scripting (XSS) |
Aphorismus | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
AppMaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Arconix Shortcodes | Cross-Site Scripting (XSS) |
Arena.IM – Live Blogging for real-time events | Cross-Site Scripting (XSS) from arena_embed_amp Shortcode |
Arkhe Blocks | Cross-Site Scripting (XSS) |
Attire Blocks | Cross-Site Scripting (XSS) |
AutomatorWP | Cross-Site Scripting (XSS) from aosearch_field_value |
AWeber Forms | Cross-Site Scripting (XSS) |
Awesome Shortcodes | Cross-Site Scripting (XSS) |
Barcode Scanner with Inventory & Order Manager | Cross-Site Scripting (XSS) |
Barter Theme | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Better WP Login Page | Cross-Site Scripting (XSS) |
Bicycleshop Theme | Cross-Site Scripting (XSS) |
Bitcoin Lightning Publisher | Cross-Site Scripting (XSS) |
Blaze Online eParcel for WooCommerce | Cross-Site Scripting (XSS) |
Block Controller | Cross-Site Scripting (XSS) |
Blocksy | Cross-Site Scripting (XSS) |
BMLT Tabbed Map | Cross-Site Scripting (XSS) |
Board Document Manager from CHUHPL | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Booking System Trafft | Cross-Site Scripting (XSS) |
Bootstrap Buttons | Cross-Site Scripting (XSS) |
Borderless | Cross-Site Scripting (XSS) |
Brand Theme | Cross-Site Scripting (XSS) |
Broadcast | Cross-Site Scripting (XSS) |
B Testimonial | Cross-Site Scripting (XSS) |
Buk | Cross-Site Scripting (XSS) |
BU Section Editing | Cross-Site Scripting (XSS) |
Campaign Monitor Forms | Cross-Site Scripting (XSS) |
Captivate Sync | Cross-Site Scripting (XSS) |
CarDealerPress | Cross-Site Scripting (XSS) |
CardGate Payments for WooCommerce | Cross-Site Scripting (XSS) |
Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Category of Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Category Post Shortcode | Cross-Site Scripting (XSS) |
Category Post Slider | Cross-Site Scripting (XSS) |
Check Pincode For Woocommerce | Cross-Site Scripting (XSS) |
CK and SyntaxHighlighter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CleverNode Related Content | Cross-Site Scripting (XSS) |
Clickbank Storefront | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Clients | Cross-Site Scripting (XSS) |
CMSMasters Elementor Addon | Cross-Site Scripting (XSS) from Multiple Widgets |
Cognito Forms | Cross-Site Scripting (XSS) from id Parameter |
Coins MarketCap | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Comfino Payment Gateway | Cross-Site Scripting (XSS) |
Comments On Feed | Cross-Site Scripting (XSS) |
Companion Portfolio | Cross-Site Scripting (XSS) |
Connatix Video Embed | Cross-Site Scripting (XSS) |
Connect Contact Form 7 to Constant Contact | Cross-Site Scripting (XSS) |
Contact Form Builder by vcita | Cross-Site Scripting (XSS) from livesitepay Shortcode |
Contact Form by WPForms | Cross-Site Scripting (XSS) |
Contact Form, Survey & Form Builder – MightyForms | Cross-Site Scripting (XSS) |
Contest Gallery | Cross-Site Scripting (XSS) |
Contests by Rewards Fuel | Cross-Site Scripting (XSS) |
ConvertCalculator for WordPress | Cross-Site Scripting (XSS) |
Cookielay | Cross-Site Scripting (XSS) from cookielay Shortcode |
Country Blocker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Coupon | Cross-Site Scripting (XSS) |
Coupon Affiliates | Unauthenticated Arbitrary Shortcode Execution (BAC) and Cross-Site Scripting (XSS) |
Cricket Live Score | Cross-Site Scripting (XSS) |
CRM Perks | Cross-Site Scripting (XSS) |
CRUDLab Google Plus Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Cryptocurrency Price Widget | Cross-Site Scripting (XSS) |
CSV to html | Cross-Site Scripting (XSS) |
Currency Converter Widget PRO | Cross-Site Scripting (XSS) |
Custom Dashboard Widget | Cross-Site Scripting (XSS) |
dejure.org Vernetzungsfunktion | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Depicter Slider | Cross-Site Scripting (XSS) |
Device Detector | Cross-Site Scripting (XSS) |
DirectoryPress | Cross-Site Scripting (XSS) |
Display Future Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) |
Drag & Drop Builder | Cross-Site Scripting (XSS) |
DX Dark Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Easy Code Snippets | Cross-Site Scripting (XSS) |
Easy Language Switcher | Cross-Site Scripting (XSS) |
Easy Replace | Cross-Site Scripting (XSS) |
Easy Social Feed Premium | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Easy Waveform Player | Cross-Site Scripting (XSS) |
Echoza | Cross-Site Scripting (XSS) |
ECT Product Carousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
ECT Social Share | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) from Page Title Widget |
Elementor Website Builder | Cross-Site Scripting (XSS) from Typography Settings |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) from Lightbox Widget |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification | Cross-Site Scripting (XSS) |
Email Address Obfuscation | Cross-Site Scripting (XSS) from class Parameter |
Email Reminders | Cross-Site Scripting (XSS) from id Parameter |
Embed PDF Viewer | Cross-Site Scripting (XSS) |
Embed Twine | Cross-Site Scripting (XSS) |
Enter Addons | Cross-Site Scripting (XSS) |
Envira Photo Gallery | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
EventPrime | Unauthenticated Cross-Site Scripting (XSS) from Ticket Category and Ticket Type Name |
Events Addon for Elementor | Cross-Site Scripting (XSS) |
Event Tickets with Ticket Scanner | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
Evernote Sync | Cross-Site Scripting (XSS) |
Exhibit to WP Gallery | Cross-Site Scripting (XSS) |
Export Customers Data | Cross-Site Scripting (XSS) |
FancyBox for WordPress | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Fancy Roller Scroller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
FAQs | Cross-Site Scripting (XSS) |
FAQs | Cross-Site Scripting (XSS) |
FAT Services Booking | Site-Wide Cross-Site Scripting (XSS) |
Feedify – Web Push Notifications | Cross-Site Scripting (XSS) |
Feedpress Generator | Cross-Site Scripting (XSS) |
Financial Calculator | Cross-Site Scripting (XSS) |
Firelight Lightbox | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Flaming Forms | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Flixita Theme | Cross-Site Scripting (XSS) from id Parameter |
float block | Cross-Site Scripting (XSS) from Widget |
Floating Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
FloristPress | Cross-Site Scripting (XSS) |
Flower Delivery by Florist One | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
FluentForm | Unauthenticated Cross-Site Scripting (XSS) from Form Subject |
Folder Gallery | Cross-Site Scripting (XSS) |
Form Data Collector | Cross-Site Scripting (XSS) |
FormFacade | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
ForumWP | Cross-Site Scripting (XSS) |
Futurio Extra | Cross-Site Scripting (XSS) |
FV Descriptions | Cross-Site Scripting (XSS) |
FV Flowplayer Video Player | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Gaxx Keywords | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
GeoDirectory | Cross-Site Scripting (XSS) |
geoFlickr | Cross-Site Scripting (XSS) |
Geoportail Shortcode | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Getwid – Gutenberg Blocks | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
GiveWP | Cross-Site Scripting (XSS) |
glomex oEmbed | Cross-Site Scripting (XSS) |
Go Animate | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Goodlayers Core | Cross-Site Scripting (XSS) from 'fontfamily' |
GS Coaches | Cross-Site Scripting (XSS) |
GS Shots for Dribbble | Cross-Site Scripting (XSS) |
GTPayment Donations | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Gulri Slider | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutensee | Cross-Site Scripting (XSS) |
Gutentor | Cross-Site Scripting (XSS) from Countdown Widget |
G Web Pro Store Locator | Cross-Site Scripting (XSS) |
Hack-Info | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Hello Event Widgets For Elementor | Cross-Site Scripting (XSS) |
Hello In All Languages | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
hmd Theme | Cross-Site Scripting (XSS) |
Horizontal scroll image slideshow | Cross-Site Scripting (XSS) |
HostFact bestelformulier integratie | Cross-Site Scripting (XSS) |
HTML Forms | Cross-Site Scripting (XSS) |
ICDSoft Reseller Store | Cross-Site Scripting (XSS) |
iChart | Cross-Site Scripting (XSS) from width Parameter |
IDer Login | Cross-Site Scripting (XSS) |
Image Mapper | Cross-Site Scripting (XSS) |
ImageRecycle pdf & image compression | Cross-Site Scripting (XSS) |
Image Widget | Cross-Site Scripting (XSS) |
ImmoToolBox Connect | Cross-Site Scripting (XSS) |
Inline Footnotes | Cross-Site Scripting (XSS) |
Interactive UK Map | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Invoice Payment for WooCommerce | Cross-Site Scripting (XSS) |
I Plant A Tree | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
jAlbum Bridge | Cross-Site Scripting (XSS) from ar Parameter |
jCarousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Jet Footer Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Jetpack | Unauthenticated DOM and Cross-Site Scripting (XSS) |
J&T Express Malaysia | Cross-Site Scripting (XSS) |
Kintpv Wooconnect | Cross-Site Scripting (XSS) |
Kleo Theme | Cross-Site Scripting (XSS) |
Kredeum NFTs | Cross-Site Scripting (XSS) |
Kundgenerator | Cross-Site Scripting (XSS) |
kvCORE IDX | Cross-Site Scripting (XSS) |
LabelGrid Tools | Cross-Site Scripting (XSS) |
LaTeX2HTML | Cross-Site Scripting (XSS) |
LDD Directory Lite | Cross-Site Scripting (XSS) |
LeaderBoard Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Leads CRM | Cross-Site Scripting (XSS) |
LearnPress | Cross-Site Scripting (XSS) |
Ledenbeheer | Cross-Site Scripting (XSS) |
Lemonade Social Networks Autoposter Pinterest | Cross-Site Scripting (XSS) |
Like in Vk.com | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
LionScripts: Site Maintenance & Noindex Nofollow Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Listdom | Cross-Site Scripting (XSS) from shortcode Parameter |
LiteSpeed Cache | Cross-Site Scripting (XSS) |
Loan Comparison | Cross-Site Scripting (XSS) |
LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
Luna Web Radio Player | Cross-Site Scripting (XSS) from Shortcode |
Magazine Blocks | Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
MagicPost – WordPress文章管理功能增强插件 | Cross-Site Scripting (XSS) from wb_share_social Shortcode |
Mandrill WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
MaxButtons | Cross-Site Scripting (XSS) from Button Width |
MDC Comment Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Media Downloader | Cross-Site Scripting (XSS) |
Metrika | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Mini Program API | Cross-Site Scripting (XSS) |
Mollie for Contact Form 7 | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
MStore API | HTML File Upload (BAC) (Cross-Site Scripting (XSS)) |
Multi-column Tag Map | Cross-Site Scripting (XSS) from mctagmap Shortcode |
Multiple Admin Emails | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
My auctions allegro | Cross-Site Scripting (XSS) |
myCred | Cross-Site Scripting (XSS) from mycred_send Shortcode |
My IDX Home Search | Cross-Site Scripting (XSS) |
MyParcel | Cross-Site Scripting (XSS) |
NACC WordPress Plugin | Cross-Site Scripting (XSS) |
NewsDaily Theme | Cross-Site Scripting (XSS) |
News Kit Elementor Addons | Cross-Site Scripting (XSS) |
Newsletter Subscriptions | Cross-Site Scripting (XSS) |
NewsmanApp | Cross-Site Scripting (XSS) |
NewsMash Theme | Cross-Site Scripting (XSS) |
NewsMunch | Cross-Site Scripting (XSS) |
Next-Cart Store to WooCommerce Migration | Cross-Site Scripting (XSS) |
Nexter Blocks | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Nias course | Cross-Site Scripting (XSS) |
NiceJob | Cross-Site Scripting (XSS) |
Ni CRM Lead | Cross-Site Scripting (XSS) |
Ninja Forms | Unauthenticated Cross-Site Scripting (XSS) from Form Calculations |
NinjaTeam Chat for Telegram | Cross-Site Scripting (XSS) |
Ni WooCommerce Bulk Product Editor | Cross-Site Scripting (XSS) |
Ni WooCommerce Order Export | Cross-Site Scripting (XSS) |
NotificationX | Cross-Site Scripting (XSS) |
NPS computy | Cross-Site Scripting (XSS) |
odPhotogallery | Cross-Site Scripting (XSS) |
Olivia Theme | Cross-Site Scripting (XSS) |
One Click Upsell Funnel for WooCommerce | Cross-Site Scripting (XSS) from wps_wocuf_pro_yes Shortcode |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
ONLYOFFICE | Cross-Site Scripting (XSS) |
Onlywire Multi Autosubmitter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Optio Dentistry | Cross-Site Scripting (XSS) |
Outdooractive Embed | Cross-Site Scripting (XSS) |
Out of the Block: OpenStreetMap | Cross-Site Scripting (XSS) from ootb_query Shortcode |
Paloma Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Particle Background | Cross-Site Scripting (XSS) |
PCRecruiter Extensions | Cross-Site Scripting (XSS) |
Persian Woocommerce SMS | Cross-Site Scripting (XSS) |
Philantro | Cross-Site Scripting (XSS) |
phZoom | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Pie Register Premium | Cross-Site Scripting (XSS) |
Pingmeter Uptime Monitoring | Cross-Site Scripting (XSS) |
Plain Post | Cross-Site Scripting (XSS) |
Plugin Check (PCP) | Cross-Site Scripting (XSS) |
Poll Builder | Cross-Site Scripting (XSS) |
Popup Builder | Cross-Site Scripting (XSS) |
Portfolio – Filterable Masonry Portfolio Gallery for Professionals | Cross-Site Scripting (XSS) |
Post Carousel & Slider | Cross-Site Scripting (XSS) |
Post Grid Elementor Addon | Cross-Site Scripting (XSS) |
Posti Shipping | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) from generate_notices_html Function |
Posts and Products Views for WooCommerce | Cross-Site Scripting (XSS) |
Posts Date Ranges | Cross-Site Scripting (XSS) |
PostX | Cross-Site Scripting (XSS) |
PowerPack Lite for Beaver Builder | Cross-Site Scripting (XSS) from Navigate Parameter |
Preloader by WordPress Monsters | Cross-Site Scripting (XSS) |
Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
Primary Addon for Elementor | Cross-Site Scripting (XSS) |
Prodigy Commerce | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) |
Project Showcase | Cross-Site Scripting (XSS) |
Pronamic Google Maps | Cross-Site Scripting (XSS) |
Property Hive Mortgage Calculator | Cross-Site Scripting (XSS) from price Parameter |
Property Hive Stamp Duty Calculator | Cross-Site Scripting (XSS) |
Pulsating Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Quick License Manager | Cross-Site Scripting (XSS) |
Quran multilanguage Text & Audio | Cross-Site Scripting (XSS) from sourate and lang Parameters |
Quran Phrases About Most People Shortcodes | Cross-Site Scripting (XSS) |
Radius Blocks – WordPress Gutenberg Blocks | Cross-Site Scripting (XSS) |
Reactflow Visitor Recording and Heatmaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
real.Kit | Cross-Site Scripting (XSS) |
Responsive Blocks | Cross-Site Scripting (XSS) |
Responsive Google Maps | by imbaa | Cross-Site Scripting (XSS) |
Responsive Lightbox | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Responsive Videos | Cross-Site Scripting (XSS) |
Restaurant & Cafe Addon for Elementor | Cross-Site Scripting (XSS) |
Revi.io | Cross-Site Scripting (XSS) |
Role Includer | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
RRAddons for Elementor | Cross-Site Scripting (XSS) |
SaasPricing | Cross-Site Scripting (XSS) |
Saoshyant Element | Cross-Site Scripting (XSS) |
ScanCircle | Cross-Site Scripting (XSS) |
Scratch & Win – Giveaways and Contests | Cross-Site Scripting (XSS) |
SearchIQ | Cross-Site Scripting (XSS) |
SendSMS | Cross-Site Scripting (XSS) |
Seraphinite Bulk Discounts for WooCommerce | Cross-Site Scripting (XSS) |
Serious Slider | Cross-Site Scripting (XSS) from Shortcode |
Services Updates (BAC) for customers | Cross-Site Scripting (XSS) |
SG Helper | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Shiptimize for WooCommerce | Cross-Site Scripting (XSS) |
ShMapper by Teplitsa | Cross-Site Scripting (XSS) |
ShopElement | Cross-Site Scripting (XSS) |
Shortcodes Blocks Creator Ultimate | Cross-Site Scripting (XSS) |
Simple Booking Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Ecommerce Shopping Cart | Cross-Site Scripting (XSS) from monthly_sales_current_year Parameter |
Simple Payment | Cross-Site Scripting (XSS) |
Simple Presenter | Cross-Site Scripting (XSS) |
Simple Proxy | Cross-Site Scripting (XSS) |
Simple Shopping Cart | Cross-Site Scripting (XSS) |
Simple Side Tab | Cross-Site Scripting (XSS) |
SIP Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Slope Widgets | Cross-Site Scripting (XSS) |
Smaily for WP | Cross-Site Scripting (XSS) |
Smart PopUp Blaster | Cross-Site Scripting (XSS) |
Smoove connector for Elementor forms | Cross-Site Scripting (XSS) |
SMS for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
SMSify | Cross-Site Scripting (XSS) |
Social Media Sharing | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
SOPA Blackout | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Spectra | Cross-Site Scripting (XSS) from Team Widget |
Splash Sync | Cross-Site Scripting (XSS) |
Spoki – Chat Buttons and WooCommerce Notifications | Cross-Site Scripting (XSS) |
Spotlightr | Cross-Site Scripting (XSS) |
Staggs Product Configurator for WooCommerce | Cross-Site Scripting (XSS) |
States Map US | Cross-Site Scripting (XSS) |
Stop Registration Spam | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Surbma | SalesAutopilot Shortcode | Cross-Site Scripting (XSS) |
SvegliaT Buttons | Cross-Site Scripting (XSS) |
SVG Shortcode | Cross-Site Scripting (XSS) from SVG Upload (BAC) |
Taeggie Feed | Cross-Site Scripting (XSS) |
TagGator | Cross-Site Scripting (XSS) |
TCBD Popover | Cross-Site Scripting (XSS) |
Text Prompter | Cross-Site Scripting (XSS) |
Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
Themify Audio Dock | Cross-Site Scripting (XSS) |
The Permalinker | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
TicketSource Ticket Shop | Cross-Site Scripting (XSS) |
Tidy Up | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tithe.ly Giving Button | Cross-Site Scripting (XSS) from Shortcode |
TPG Get Posts | Cross-Site Scripting (XSS) |
Tracking Code Manager | Cross-Site Scripting (XSS) |
TWChat | Cross-Site Scripting (XSS) |
TwentyTwenty | Cross-Site Scripting (XSS) |
tydskrif Theme | Cross-Site Scripting (XSS) |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Endpoints With Rest Api | Cross-Site Scripting (XSS) |
UNIVERSAM | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
Unlock Addons for Elementor | Cross-Site Scripting (XSS) |
Upload Scanner | Cross-Site Scripting (XSS) |
Userpro | Cross-Site Scripting (XSS) |
User Referral | Cross-Site Scripting (XSS) |
Utech World Time | Cross-Site Scripting (XSS) |
VForm | Cross-Site Scripting (XSS) |
Video Gallery – YouTube Gallery | Cross-Site Scripting (XSS) |
Video Share VOD | Cross-Site Scripting (XSS) |
Visualmodo Elements | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Visual Portfolio, Photo Gallery & Post Grid | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
Waymark | Cross-Site Scripting (XSS) from 'content' |
Website Toolbox Community | Cross-Site Scripting (XSS) |
Web Stories | Cross-Site Scripting (XSS) |
WIP WooCarousel Lite | Cross-Site Scripting (XSS) |
Wishlist for WooCommerce: Multi Wishlists Per Customer | Cross-Site Scripting (XSS) |
WooCommerce Additional Fees On Checkout (Free) | Cross-Site Scripting (XSS) from 'number' |
WooCommerce Cart Count Shortcode | Cross-Site Scripting (XSS) |
WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
WordPress Auction Plugin | Cross-Site Scripting (XSS) |
WordPress Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | Cross-Site Scripting (XSS) |
WordPress Page Builder – Zion Builder | Cross-Site Scripting (XSS) |
Wot Elementor Widgets | Cross-Site Scripting (XSS) |
WP-Appbox | Cross-Site Scripting (XSS) |
WP-Ban-User | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP BASE Booking | Cross-Site Scripting (XSS) from status Parameter |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WP Controller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WPC Order Notes for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Crowdfunding | Cross-Site Scripting (XSS) |
WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
WP Currency Exchange Rates | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Datepicker | Cross-Site Scripting (XSS) |
WP eCards | Cross-Site Scripting (XSS) |
WP eCommerce Quickpay | Cross-Site Scripting (XSS) |
WP Fiddle | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Flipkart Importer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP GeoNames | Cross-Site Scripting (XSS) |
WP-HideThat | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Job Manager – Company Profiles | Cross-Site Scripting (XSS) |
WPKoi Templates for Elementor | Cross-Site Scripting (XSS) |
Wp Login with Ajax | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Media Optimiser | Cross-Site Scripting (XSS) |
WPMozo Addons Lite for Elementor | Cross-Site Scripting (XSS) |
WP Nice Loader | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP on AWS | Cross-Site Scripting (XSS) |
Wp photo text slider 50 | Cross-Site Scripting (XSS) |
WP Pipes | Cross-Site Scripting (XSS) from x Parameter |
WP Publications | Cross-Site Scripting (XSS) |
WP Quick Shop | Cross-Site Scripting (XSS) |
WP Service Payment Form With Authorize.net | Cross-Site Scripting (XSS) |
WP SHAPES | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WP SuperBackup | Cross-Site Scripting (XSS) |
WP-SVG | Cross-Site Scripting (XSS) from Shortcode |
WP System | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP微信机器人 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Wtyczka SeoPilot dla WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
XPD Reduce Image Filesize | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) |
YooBar | Cross-Site Scripting (XSS) |
Z-Downloads | Cross-Site Scripting (XSS) |
Zerif Lite Theme | Cross-Site Scripting (XSS) |
Zooom | Cross-Site Scripting (XSS) |
استخراج محصولات ووکامرس برای آیسی | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
WordPress Cross-Site Scripting (XSS) reported in 2025: | 430 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.