WP XSS JAN 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JAN 2025 is a -24% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS JAN 2025 & WP Cross-Site Scripting category:
| 10CentMail | Cross-Site Scripting (XSS) |
| 코드엠샵 소셜톡 | Cross-Site Scripting (XSS) |
| 360 Javascript Viewer | Cross-Site Scripting (XSS) |
| 3D Avatar User Profile | Cross-Site Scripting (XSS) |
| 워드프레스 결제 심플페이 | Cross-Site Scripting (XSS) from add_query_arg Parameter |
| ABCBiz Addons and Templates for Elementor | Cross-Site Scripting (XSS) |
| Accordion Slider | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Accounting for WooCommerce | Cross-Site Scripting (XSS) |
| Add image to Post | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Additional Custom Order Status for WooCommerce | Cross-Site Scripting (XSS) |
| addWeather | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Admin Customization | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced Blog Post Block | Cross-Site Scripting (XSS) |
| Advanced Control Manager for WordPress by ItalyStrap | Cross-Site Scripting (XSS) |
| Advanced Data Table For Elementor | Cross-Site Scripting (XSS) |
| Advanced Element Bucket Addons for Elementor | Cross-Site Scripting (XSS) |
| Advanced Fancybox | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced Options Editor | Cross-Site Scripting (XSS) |
| AdWork Media EZ Content Locker | Cross-Site Scripting (XSS) |
| AIO Contact | Unauthenticated Site-Wide Cross-Site Scripting (XSS) |
| Ajax Search Lite | Cross-Site Scripting (XSS) |
| Amazon Product Price | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| AMP for WP | Cross-Site Scripting (XSS) |
| Animated Counters | Cross-Site Scripting (XSS) |
| Aphorismus | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| AppMaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Arconix Shortcodes | Cross-Site Scripting (XSS) |
| Arena.IM – Live Blogging for real-time events | Cross-Site Scripting (XSS) from arena_embed_amp Shortcode |
| Arkhe Blocks | Cross-Site Scripting (XSS) |
| Attire Blocks | Cross-Site Scripting (XSS) |
| AutomatorWP | Cross-Site Scripting (XSS) from aosearch_field_value |
| AWeber Forms | Cross-Site Scripting (XSS) |
| Awesome Shortcodes | Cross-Site Scripting (XSS) |
| Barcode Scanner with Inventory & Order Manager | Cross-Site Scripting (XSS) |
| Barter Theme | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Better WP Login Page | Cross-Site Scripting (XSS) |
| Bicycleshop Theme | Cross-Site Scripting (XSS) |
| Bitcoin Lightning Publisher | Cross-Site Scripting (XSS) |
| Blaze Online eParcel for WooCommerce | Cross-Site Scripting (XSS) |
| Block Controller | Cross-Site Scripting (XSS) |
| Blocksy | Cross-Site Scripting (XSS) |
| BMLT Tabbed Map | Cross-Site Scripting (XSS) |
| Board Document Manager from CHUHPL | Cross-Site Scripting (XSS) |
| Bold Page Builder | Cross-Site Scripting (XSS) |
| Booking System Trafft | Cross-Site Scripting (XSS) |
| Bootstrap Buttons | Cross-Site Scripting (XSS) |
| Borderless | Cross-Site Scripting (XSS) |
| Brand Theme | Cross-Site Scripting (XSS) |
| Broadcast | Cross-Site Scripting (XSS) |
| B Testimonial | Cross-Site Scripting (XSS) |
| Buk | Cross-Site Scripting (XSS) |
| BU Section Editing | Cross-Site Scripting (XSS) |
| Campaign Monitor Forms | Cross-Site Scripting (XSS) |
| Captivate Sync | Cross-Site Scripting (XSS) |
| CarDealerPress | Cross-Site Scripting (XSS) |
| CardGate Payments for WooCommerce | Cross-Site Scripting (XSS) |
| Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Category of Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Category Post Shortcode | Cross-Site Scripting (XSS) |
| Category Post Slider | Cross-Site Scripting (XSS) |
| Check Pincode For Woocommerce | Cross-Site Scripting (XSS) |
| CK and SyntaxHighlighter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CleverNode Related Content | Cross-Site Scripting (XSS) |
| Clickbank Storefront | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Clients | Cross-Site Scripting (XSS) |
| CMSMasters Elementor Addon | Cross-Site Scripting (XSS) from Multiple Widgets |
| Cognito Forms | Cross-Site Scripting (XSS) from id Parameter |
| Coins MarketCap | Cross-Site Scripting (XSS) |
| Colibri Page Builder | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Comfino Payment Gateway | Cross-Site Scripting (XSS) |
| Comments On Feed | Cross-Site Scripting (XSS) |
| Companion Portfolio | Cross-Site Scripting (XSS) |
| Connatix Video Embed | Cross-Site Scripting (XSS) |
| Connect Contact Form 7 to Constant Contact | Cross-Site Scripting (XSS) |
| Contact Form Builder by vcita | Cross-Site Scripting (XSS) from livesitepay Shortcode |
| Contact Form by WPForms | Cross-Site Scripting (XSS) |
| Contact Form, Survey & Form Builder – MightyForms | Cross-Site Scripting (XSS) |
| Contest Gallery | Cross-Site Scripting (XSS) |
| Contests by Rewards Fuel | Cross-Site Scripting (XSS) |
| ConvertCalculator for WordPress | Cross-Site Scripting (XSS) |
| Cookielay | Cross-Site Scripting (XSS) from cookielay Shortcode |
| Country Blocker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Coupon | Cross-Site Scripting (XSS) |
| Coupon Affiliates | Unauthenticated Arbitrary Shortcode Execution (BAC) and Cross-Site Scripting (XSS) |
| Cricket Live Score | Cross-Site Scripting (XSS) |
| CRM Perks | Cross-Site Scripting (XSS) |
| CRUDLab Google Plus Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Cryptocurrency Price Widget | Cross-Site Scripting (XSS) |
| CSV to html | Cross-Site Scripting (XSS) |
| Currency Converter Widget PRO | Cross-Site Scripting (XSS) |
| Custom Dashboard Widget | Cross-Site Scripting (XSS) |
| dejure.org Vernetzungsfunktion | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Depicter Slider | Cross-Site Scripting (XSS) |
| Device Detector | Cross-Site Scripting (XSS) |
| DirectoryPress | Cross-Site Scripting (XSS) |
| Display Future Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) |
| Drag & Drop Builder | Cross-Site Scripting (XSS) |
| DX Dark Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy Code Snippets | Cross-Site Scripting (XSS) |
| Easy Language Switcher | Cross-Site Scripting (XSS) |
| Easy Replace | Cross-Site Scripting (XSS) |
| Easy Social Feed Premium | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Easy Waveform Player | Cross-Site Scripting (XSS) |
| Echoza | Cross-Site Scripting (XSS) |
| ECT Product Carousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ECT Social Share | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) from Page Title Widget |
| Elementor Website Builder | Cross-Site Scripting (XSS) from Typography Settings |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) from Lightbox Widget |
| ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
| Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification | Cross-Site Scripting (XSS) |
| Email Address Obfuscation | Cross-Site Scripting (XSS) from class Parameter |
| Email Reminders | Cross-Site Scripting (XSS) from id Parameter |
| Embed PDF Viewer | Cross-Site Scripting (XSS) |
| Embed Twine | Cross-Site Scripting (XSS) |
| Enter Addons | Cross-Site Scripting (XSS) |
| Envira Photo Gallery | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| EventPrime | Unauthenticated Cross-Site Scripting (XSS) from Ticket Category and Ticket Type Name |
| Events Addon for Elementor | Cross-Site Scripting (XSS) |
| Event Tickets with Ticket Scanner | Missing Authorisation (BAC) to Cross-Site Scripting (XSS) |
| Evernote Sync | Cross-Site Scripting (XSS) |
| Exhibit to WP Gallery | Cross-Site Scripting (XSS) |
| Export Customers Data | Cross-Site Scripting (XSS) |
| FancyBox for WordPress | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Fancy Roller Scroller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| FAQs | Cross-Site Scripting (XSS) |
| FAQs | Cross-Site Scripting (XSS) |
| FAT Services Booking | Site-Wide Cross-Site Scripting (XSS) |
| Feedify – Web Push Notifications | Cross-Site Scripting (XSS) |
| Feedpress Generator | Cross-Site Scripting (XSS) |
| Financial Calculator | Cross-Site Scripting (XSS) |
| Firelight Lightbox | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Flaming Forms | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Flixita Theme | Cross-Site Scripting (XSS) from id Parameter |
| float block | Cross-Site Scripting (XSS) from Widget |
| Floating Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| FloristPress | Cross-Site Scripting (XSS) |
| Flower Delivery by Florist One | Cross-Site Scripting (XSS) |
| FluentForm | Cross-Site Scripting (XSS) |
| FluentForm | Unauthenticated Cross-Site Scripting (XSS) from Form Subject |
| Folder Gallery | Cross-Site Scripting (XSS) |
| Form Data Collector | Cross-Site Scripting (XSS) |
| FormFacade | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| ForumWP | Cross-Site Scripting (XSS) |
| Futurio Extra | Cross-Site Scripting (XSS) |
| FV Descriptions | Cross-Site Scripting (XSS) |
| FV Flowplayer Video Player | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Gaxx Keywords | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| GeoDirectory | Cross-Site Scripting (XSS) |
| geoFlickr | Cross-Site Scripting (XSS) |
| Geoportail Shortcode | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Getwid – Gutenberg Blocks | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| GiveWP | Cross-Site Scripting (XSS) |
| glomex oEmbed | Cross-Site Scripting (XSS) |
| Go Animate | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Goodlayers Core | Cross-Site Scripting (XSS) from 'fontfamily' |
| GS Coaches | Cross-Site Scripting (XSS) |
| GS Shots for Dribbble | Cross-Site Scripting (XSS) |
| GTPayment Donations | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Gulri Slider | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
| Gutensee | Cross-Site Scripting (XSS) |
| Gutentor | Cross-Site Scripting (XSS) from Countdown Widget |
| G Web Pro Store Locator | Cross-Site Scripting (XSS) |
| Hack-Info | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hello Event Widgets For Elementor | Cross-Site Scripting (XSS) |
| Hello In All Languages | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| hmd Theme | Cross-Site Scripting (XSS) |
| Horizontal scroll image slideshow | Cross-Site Scripting (XSS) |
| HostFact bestelformulier integratie | Cross-Site Scripting (XSS) |
| HTML Forms | Cross-Site Scripting (XSS) |
| ICDSoft Reseller Store | Cross-Site Scripting (XSS) |
| iChart | Cross-Site Scripting (XSS) from width Parameter |
| IDer Login | Cross-Site Scripting (XSS) |
| Image Mapper | Cross-Site Scripting (XSS) |
| ImageRecycle pdf & image compression | Cross-Site Scripting (XSS) |
| Image Widget | Cross-Site Scripting (XSS) |
| ImmoToolBox Connect | Cross-Site Scripting (XSS) |
| Inline Footnotes | Cross-Site Scripting (XSS) |
| Interactive UK Map | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Invoice Payment for WooCommerce | Cross-Site Scripting (XSS) |
| I Plant A Tree | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| jAlbum Bridge | Cross-Site Scripting (XSS) from ar Parameter |
| jCarousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Jet Footer Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Jetpack | Unauthenticated DOM and Cross-Site Scripting (XSS) |
| J&T Express Malaysia | Cross-Site Scripting (XSS) |
| Kintpv Wooconnect | Cross-Site Scripting (XSS) |
| Kleo Theme | Cross-Site Scripting (XSS) |
| Kredeum NFTs | Cross-Site Scripting (XSS) |
| Kundgenerator | Cross-Site Scripting (XSS) |
| kvCORE IDX | Cross-Site Scripting (XSS) |
| LabelGrid Tools | Cross-Site Scripting (XSS) |
| LaTeX2HTML | Cross-Site Scripting (XSS) |
| LDD Directory Lite | Cross-Site Scripting (XSS) |
| LeaderBoard Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Leads CRM | Cross-Site Scripting (XSS) |
| LearnPress | Cross-Site Scripting (XSS) |
| Ledenbeheer | Cross-Site Scripting (XSS) |
| Lemonade Social Networks Autoposter Pinterest | Cross-Site Scripting (XSS) |
| Like in Vk.com | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LionScripts: Site Maintenance & Noindex Nofollow Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Listdom | Cross-Site Scripting (XSS) from shortcode Parameter |
| LiteSpeed Cache | Cross-Site Scripting (XSS) |
| Loan Comparison | Cross-Site Scripting (XSS) |
| LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
| Luna Web Radio Player | Cross-Site Scripting (XSS) from Shortcode |
| Magazine Blocks | Cross-Site Scripting (XSS) |
| Magical Addons For Elementor | Cross-Site Scripting (XSS) |
| MagicPost – WordPress文章管理功能增强插件 | Cross-Site Scripting (XSS) from wb_share_social Shortcode |
| Mandrill WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| MaxButtons | Cross-Site Scripting (XSS) from Button Width |
| MDC Comment Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Media Downloader | Cross-Site Scripting (XSS) |
| Metrika | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Mini Program API | Cross-Site Scripting (XSS) |
| Mollie for Contact Form 7 | Cross-Site Scripting (XSS) |
| Move Addons for Elementor | Cross-Site Scripting (XSS) |
| MStore API | HTML File Upload (BAC) (Cross-Site Scripting (XSS)) |
| Multi-column Tag Map | Cross-Site Scripting (XSS) from mctagmap Shortcode |
| Multiple Admin Emails | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| My auctions allegro | Cross-Site Scripting (XSS) |
| myCred | Cross-Site Scripting (XSS) from mycred_send Shortcode |
| My IDX Home Search | Cross-Site Scripting (XSS) |
| MyParcel | Cross-Site Scripting (XSS) |
| NACC WordPress Plugin | Cross-Site Scripting (XSS) |
| NewsDaily Theme | Cross-Site Scripting (XSS) |
| News Kit Elementor Addons | Cross-Site Scripting (XSS) |
| Newsletter Subscriptions | Cross-Site Scripting (XSS) |
| NewsmanApp | Cross-Site Scripting (XSS) |
| NewsMash Theme | Cross-Site Scripting (XSS) |
| NewsMunch | Cross-Site Scripting (XSS) |
| Next-Cart Store to WooCommerce Migration | Cross-Site Scripting (XSS) |
| Nexter Blocks | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Nias course | Cross-Site Scripting (XSS) |
| NiceJob | Cross-Site Scripting (XSS) |
| Ni CRM Lead | Cross-Site Scripting (XSS) |
| Ninja Forms | Unauthenticated Cross-Site Scripting (XSS) from Form Calculations |
| NinjaTeam Chat for Telegram | Cross-Site Scripting (XSS) |
| Ni WooCommerce Bulk Product Editor | Cross-Site Scripting (XSS) |
| Ni WooCommerce Order Export | Cross-Site Scripting (XSS) |
| NotificationX | Cross-Site Scripting (XSS) |
| NPS computy | Cross-Site Scripting (XSS) |
| odPhotogallery | Cross-Site Scripting (XSS) |
| Olivia Theme | Cross-Site Scripting (XSS) |
| One Click Upsell Funnel for WooCommerce | Cross-Site Scripting (XSS) from wps_wocuf_pro_yes Shortcode |
| Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
| ONLYOFFICE | Cross-Site Scripting (XSS) |
| Onlywire Multi Autosubmitter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Optio Dentistry | Cross-Site Scripting (XSS) |
| Outdooractive Embed | Cross-Site Scripting (XSS) |
| Out of the Block: OpenStreetMap | Cross-Site Scripting (XSS) from ootb_query Shortcode |
| Paloma Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Particle Background | Cross-Site Scripting (XSS) |
| PCRecruiter Extensions | Cross-Site Scripting (XSS) |
| Persian Woocommerce SMS | Cross-Site Scripting (XSS) |
| Philantro | Cross-Site Scripting (XSS) |
| phZoom | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Pie Register Premium | Cross-Site Scripting (XSS) |
| Pingmeter Uptime Monitoring | Cross-Site Scripting (XSS) |
| Plain Post | Cross-Site Scripting (XSS) |
| Plugin Check (PCP) | Cross-Site Scripting (XSS) |
| Poll Builder | Cross-Site Scripting (XSS) |
| Popup Builder | Cross-Site Scripting (XSS) |
| Portfolio – Filterable Masonry Portfolio Gallery for Professionals | Cross-Site Scripting (XSS) |
| Post Carousel & Slider | Cross-Site Scripting (XSS) |
| Post Grid Elementor Addon | Cross-Site Scripting (XSS) |
| Posti Shipping | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) from generate_notices_html Function |
| Posts and Products Views for WooCommerce | Cross-Site Scripting (XSS) |
| Posts Date Ranges | Cross-Site Scripting (XSS) |
| PostX | Cross-Site Scripting (XSS) |
| PowerPack Lite for Beaver Builder | Cross-Site Scripting (XSS) from Navigate Parameter |
| Preloader by WordPress Monsters | Cross-Site Scripting (XSS) |
| Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
| Primary Addon for Elementor | Cross-Site Scripting (XSS) |
| Prodigy Commerce | Cross-Site Scripting (XSS) |
| ProfilePress | Cross-Site Scripting (XSS) |
| Project Showcase | Cross-Site Scripting (XSS) |
| Pronamic Google Maps | Cross-Site Scripting (XSS) |
| Property Hive Mortgage Calculator | Cross-Site Scripting (XSS) from price Parameter |
| Property Hive Stamp Duty Calculator | Cross-Site Scripting (XSS) |
| Pulsating Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Quick License Manager | Cross-Site Scripting (XSS) |
| Quran multilanguage Text & Audio | Cross-Site Scripting (XSS) from sourate and lang Parameters |
| Quran Phrases About Most People Shortcodes | Cross-Site Scripting (XSS) |
| Radius Blocks – WordPress Gutenberg Blocks | Cross-Site Scripting (XSS) |
| Reactflow Visitor Recording and Heatmaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| real.Kit | Cross-Site Scripting (XSS) |
| Responsive Blocks | Cross-Site Scripting (XSS) |
| Responsive Google Maps | by imbaa | Cross-Site Scripting (XSS) |
| Responsive Lightbox | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Responsive Videos | Cross-Site Scripting (XSS) |
| Restaurant & Cafe Addon for Elementor | Cross-Site Scripting (XSS) |
| Revi.io | Cross-Site Scripting (XSS) |
| Role Includer | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| RRAddons for Elementor | Cross-Site Scripting (XSS) |
| SaasPricing | Cross-Site Scripting (XSS) |
| Saoshyant Element | Cross-Site Scripting (XSS) |
| ScanCircle | Cross-Site Scripting (XSS) |
| Scratch & Win – Giveaways and Contests | Cross-Site Scripting (XSS) |
| SearchIQ | Cross-Site Scripting (XSS) |
| SendSMS | Cross-Site Scripting (XSS) |
| Seraphinite Bulk Discounts for WooCommerce | Cross-Site Scripting (XSS) |
| Serious Slider | Cross-Site Scripting (XSS) from Shortcode |
| Services Updates (BAC) for customers | Cross-Site Scripting (XSS) |
| SG Helper | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Shiptimize for WooCommerce | Cross-Site Scripting (XSS) |
| ShMapper by Teplitsa | Cross-Site Scripting (XSS) |
| ShopElement | Cross-Site Scripting (XSS) |
| Shortcodes Blocks Creator Ultimate | Cross-Site Scripting (XSS) |
| Simple Booking Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Ecommerce Shopping Cart | Cross-Site Scripting (XSS) from monthly_sales_current_year Parameter |
| Simple Payment | Cross-Site Scripting (XSS) |
| Simple Presenter | Cross-Site Scripting (XSS) |
| Simple Proxy | Cross-Site Scripting (XSS) |
| Simple Shopping Cart | Cross-Site Scripting (XSS) |
| Simple Side Tab | Cross-Site Scripting (XSS) |
| SIP Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SliceWP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Slope Widgets | Cross-Site Scripting (XSS) |
| Smaily for WP | Cross-Site Scripting (XSS) |
| Smart PopUp Blaster | Cross-Site Scripting (XSS) |
| Smoove connector for Elementor forms | Cross-Site Scripting (XSS) |
| SMS for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SMSify | Cross-Site Scripting (XSS) |
| Social Media Sharing | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SOPA Blackout | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Spectra | Cross-Site Scripting (XSS) from Team Widget |
| Splash Sync | Cross-Site Scripting (XSS) |
| Spoki – Chat Buttons and WooCommerce Notifications | Cross-Site Scripting (XSS) |
| Spotlightr | Cross-Site Scripting (XSS) |
| Staggs Product Configurator for WooCommerce | Cross-Site Scripting (XSS) |
| States Map US | Cross-Site Scripting (XSS) |
| Stop Registration Spam | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Surbma | SalesAutopilot Shortcode | Cross-Site Scripting (XSS) |
| SvegliaT Buttons | Cross-Site Scripting (XSS) |
| SVG Shortcode | Cross-Site Scripting (XSS) from SVG Upload (BAC) |
| Taeggie Feed | Cross-Site Scripting (XSS) |
| TagGator | Cross-Site Scripting (XSS) |
| TCBD Popover | Cross-Site Scripting (XSS) |
| Text Prompter | Cross-Site Scripting (XSS) |
| Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
| Themify Audio Dock | Cross-Site Scripting (XSS) |
| The Permalinker | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| TicketSource Ticket Shop | Cross-Site Scripting (XSS) |
| Tidy Up | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tithe.ly Giving Button | Cross-Site Scripting (XSS) from Shortcode |
| TPG Get Posts | Cross-Site Scripting (XSS) |
| Tracking Code Manager | Cross-Site Scripting (XSS) |
| TWChat | Cross-Site Scripting (XSS) |
| TwentyTwenty | Cross-Site Scripting (XSS) |
| tydskrif Theme | Cross-Site Scripting (XSS) |
| Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
| Ultimate Endpoints With Rest Api | Cross-Site Scripting (XSS) |
| UNIVERSAM | Cross-Site Scripting (XSS) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
| Unlock Addons for Elementor | Cross-Site Scripting (XSS) |
| Upload Scanner | Cross-Site Scripting (XSS) |
| Userpro | Cross-Site Scripting (XSS) |
| User Referral | Cross-Site Scripting (XSS) |
| Utech World Time | Cross-Site Scripting (XSS) |
| VForm | Cross-Site Scripting (XSS) |
| Video Gallery – YouTube Gallery | Cross-Site Scripting (XSS) |
| Video Share VOD | Cross-Site Scripting (XSS) |
| Visualmodo Elements | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Visual Portfolio, Photo Gallery & Post Grid | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| Waymark | Cross-Site Scripting (XSS) from 'content' |
| Website Toolbox Community | Cross-Site Scripting (XSS) |
| Web Stories | Cross-Site Scripting (XSS) |
| WIP WooCarousel Lite | Cross-Site Scripting (XSS) |
| Wishlist for WooCommerce: Multi Wishlists Per Customer | Cross-Site Scripting (XSS) |
| WooCommerce Additional Fees On Checkout (Free) | Cross-Site Scripting (XSS) from 'number' |
| WooCommerce Cart Count Shortcode | Cross-Site Scripting (XSS) |
| WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
| WordPress Auction Plugin | Cross-Site Scripting (XSS) |
| WordPress Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | Cross-Site Scripting (XSS) |
| WordPress Page Builder – Zion Builder | Cross-Site Scripting (XSS) |
| Wot Elementor Widgets | Cross-Site Scripting (XSS) |
| WP-Appbox | Cross-Site Scripting (XSS) |
| WP-Ban-User | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP BASE Booking | Cross-Site Scripting (XSS) from status Parameter |
| WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP Controller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPC Order Notes for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Crowdfunding | Cross-Site Scripting (XSS) |
| WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) from FancyBox JavaScript Library |
| WP Currency Exchange Rates | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Datepicker | Cross-Site Scripting (XSS) |
| WP eCards | Cross-Site Scripting (XSS) |
| WP eCommerce Quickpay | Cross-Site Scripting (XSS) |
| WP Fiddle | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Flipkart Importer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP GeoNames | Cross-Site Scripting (XSS) |
| WP-HideThat | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Job Manager – Company Profiles | Cross-Site Scripting (XSS) |
| WPKoi Templates for Elementor | Cross-Site Scripting (XSS) |
| Wp Login with Ajax | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Media Optimiser | Cross-Site Scripting (XSS) |
| WPMozo Addons Lite for Elementor | Cross-Site Scripting (XSS) |
| WP Nice Loader | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP on AWS | Cross-Site Scripting (XSS) |
| Wp photo text slider 50 | Cross-Site Scripting (XSS) |
| WP Pipes | Cross-Site Scripting (XSS) from x Parameter |
| WP Publications | Cross-Site Scripting (XSS) |
| WP Quick Shop | Cross-Site Scripting (XSS) |
| WP Service Payment Form With Authorize.net | Cross-Site Scripting (XSS) |
| WP SHAPES | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP SuperBackup | Cross-Site Scripting (XSS) |
| WP-SVG | Cross-Site Scripting (XSS) from Shortcode |
| WP System | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP微信机器人 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wtyczka SeoPilot dla WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| XPD Reduce Image Filesize | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) |
| YooBar | Cross-Site Scripting (XSS) |
| Z-Downloads | Cross-Site Scripting (XSS) |
| Zerif Lite Theme | Cross-Site Scripting (XSS) |
| Zooom | Cross-Site Scripting (XSS) |
| استخراج محصولات ووکامرس برای آیسی | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
| WordPress Cross-Site Scripting (XSS) reported in 2025: | 430 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
