WP XSS JUL 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUL 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS JUL 2024 & WP Cross-Site Scripting category:
12 Step Meeting List | Cross-Site Scripting (XSS) |
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
Accordions | Cross-Site Scripting (XSS) |
Active Products Tables for WooCommerce | Cross-Site Scripting (XSS) |
Activity Reactions For Buddypress | Cross-Site Scripting (XSS) |
Advanced Woo Labels | Cross-Site Scripting (XSS) |
Ajax Load More | Cross-Site Scripting (XSS) |
Ali2Woo Lite | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Ali2Woo Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ali2Woo Lite | Cross-Site Scripting (XSS) |
All In One Redirection | Cross-Site Scripting (XSS) |
Amelia | Cross-Site Scripting (XSS) |
Anima Theme | Cross-Site Scripting (XSS) |
ARForms | Cross-Site Scripting (XSS) |
ARI Fancy Lightbox | Cross-Site Scripting (XSS) |
Atarim | Cross-Site Scripting (XSS) |
Auto Coupons for WooCommerce | Cross-Site Scripting (XSS) |
Bible Text | Cross-Site Scripting (XSS) |
BlockArt Blocks | Cross-Site Scripting (XSS) |
Block for Font Awesome | Cross-Site Scripting (XSS) |
Blocksy Theme | Cross-Site Scripting (XSS) |
Bloglo Theme | Cross-Site Scripting (XSS) |
Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
Bookly | Cross-Site Scripting (XSS) via Color Profile Parameter |
Boostify Header Footer Builder for Elementor | Cross-Site Scripting (XSS) via size Parameter |
Branda | Cross-Site Scripting (XSS) via SVG Upload |
Branda | Cross-Site Scripting (XSS) |
Brave Popup Builder | Cross-Site Scripting (XSS) |
Brizy – Page Builder | Multiple Store Cross-Site Scripting (XSS) |
Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
BSK PDF Manager | Cross-Site Scripting (XSS) |
Cards for Beaver Builder | Cross-Site Scripting (XSS) via Cards Widget |
Cards for Beaver Builder | Cross-Site Scripting (XSS) |
CB (legacy) | Cross-Site Scripting (XSS) |
Chained Quiz | Cross-Site Scripting (XSS) |
Chaty | Cross-Site Scripting (XSS) |
Church Admin | Cross-Site Scripting (XSS) |
Clever Addons for Elementor | Cross-Site Scripting (XSS) via Multiple CAFE Widgets |
Clever Fox | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) via Social Profiles |
CoDesigner WooCommerce Builder for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Colibri Page Builder | Cross-Site Scripting (XSS) via Shortcode |
Collapse-O-Matic | Cross-Site Scripting (XSS) via Shortcode |
Contact Form Manager | Cross-Site Scripting (XSS) |
Conversios.io | Cross-Site Scripting (XSS) |
Cowidgets – Elementor Addons | Cross-Site Scripting (XSS) |
Create by Mediavine | Cross-Site Scripting (XSS) via Schema Meta Shortcode |
CSSable Countdown | Cross-Site Scripting (XSS) |
Custom Dash | Cross-Site Scripting (XSS) |
Custom Field Suite | Cross-Site Scripting (XSS) |
Custom Field Suite | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Dashboard Widgets Suite | Cross-Site Scripting (XSS) |
Demo Awesome | Cross-Site Scripting (XSS) |
Depicter Slider | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) via URL Parameter of the De Gallery Widget |
DImage 360 | Cross-Site Scripting (XSS) |
Divi Theme | Cross-Site Scripting (XSS) |
DiviTorque – Divi Theme, Divi Builder and Extra Theme | Cross-Site Scripting (XSS) via SVG Upload |
DOP Shortcodes | Cross-Site Scripting (XSS) via Shortcode |
Download Attachments | Cross-Site Scripting (XSS) |
Download Manager | Self-Based Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) via wpdm_modal_login_form Shortcode |
e2pdf | Cross-Site Scripting (XSS) |
Easy Age Verify | Cross-Site Scripting (XSS) |
EasyAzon | Cross-Site Scripting (XSS) via easyazon-cloaking-locale |
Easy Social Like Box – Popup – Sidebar Widget | Cross-Site Scripting (XSS) via Shortcode |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Eduma Theme | Cross-Site Scripting (XSS) |
Elegant Themes Icons | Cross-Site Scripting (XSS) |
Elementor Addon Elements | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) via Site Title Widget |
Elementor Pro | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
ElementsKit Pro | Cross-Site Scripting (XSS) |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
Elespare | Cross-Site Scripting (XSS) via Horizontal Nav Menu Widget |
EmbedPress | Cross-Site Scripting (XSS) via EmbedPress PDF Widget |
EmbedPress | Cross-Site Scripting (XSS) |
EmbedSocial | Cross-Site Scripting (XSS) |
Empty Cart Button for WooCommerce | Cross-Site Scripting (XSS) |
Enfold Theme | Cross-Site Scripting (XSS) |
Enter Addons | Cross-Site Scripting (XSS) |
Envo Extra | Cross-Site Scripting (XSS) via Button Widget |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via Lightbox and Modal Widget |
Essential Real Estate | Cross-Site Scripting (XSS) via Shortcode |
Esteem Theme | Cross-Site Scripting (XSS) |
Events Addon for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Events Manager | Cross-Site Scripting (XSS) via event, location, and event_category Shortcodes |
Event Theme | Cross-Site Scripting (XSS) |
Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
Excellent Theme | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Card Widget |
Flatsome Theme | Cross-Site Scripting (XSS) via Shortcode |
Flatsome Theme | Cross-Site Scripting (XSS) via Shortcodes |
Fluid Notification Bar | Cross-Site Scripting (XSS) |
FooGallery | Cross-Site Scripting (XSS) via Gallery Custom URL |
FooGallery Premium | Cross-Site Scripting (XSS) |
Formula Theme | Cross-Site Scripting (XSS) |
Formula Theme | Cross-Site Scripting (XSS) |
Frontend Checklist | Cross-Site Scripting (XSS) |
FS Product Inquiry | Cross-Site Scripting (XSS) |
FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
Funnel Builder by CartFlows | Cross-Site Scripting (XSS) |
Futurio Extra | Cross-Site Scripting (XSS) via Advanced Text Block Widget |
Gallery Blocks with Lightbox | Cross-Site Scripting (XSS) via galleryID and className Parameters |
Gallery Slideshow | Cross-Site Scripting (XSS) |
GamiPress – Link | Cross-Site Scripting (XSS) |
GDPR CCPA Compliance Support | Missing Authorisation (BAC) to Settings Update (BAC) and Cross-Site Scripting (XSS) |
GiveWP | Cross-Site Scripting (XSS) |
Google CSE | Cross-Site Scripting (XSS) |
GP Premium | Cross-Site Scripting (XSS) |
Greenshift – animation and page builder blocks | Cross-Site Scripting (XSS) |
Grey Opaque Theme | Cross-Site Scripting (XSS) via Download-Button Shortcode |
Groundhogg | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via titleFont Parameter |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) in Google Maps Widget |
Gutenberg & Elementor Templates Importer For Responsive | Cross-Site Scripting (XSS) |
Heateor Social Login | Cross-Site Scripting (XSS) |
Heateor Social Login | Cross-Site Scripting (XSS) |
HT Feed | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) via Multiple Widgets |
Html5 Audio Player | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
Idyllic Theme | Cross-Site Scripting (XSS) |
Infinite Photography Theme | Cross-Site Scripting (XSS) via project_url Parameter |
Interactive Content – H5P | Cross-Site Scripting (XSS) |
Interface Theme | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
JetWidgets For Elementor | Cross-Site Scripting (XSS) |
jQuery T(-) Countdown Widget | Cross-Site Scripting (XSS) |
Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor | Cross-Site Scripting (XSS) |
Kimili Flash Embed | Cross-Site Scripting (XSS) |
Kognetiks Chatbot for WordPress | Cross-Site Scripting (XSS) |
Link Library | Cross-Site Scripting (XSS) |
Login with phone number | Cross-Site Scripting (XSS) |
Logo Manager For Enamad | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
Mailster | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Materialis Companion | Store Cross-Site Scripting (XSS) via materialis_contact_form Shortcode |
MaxGalleria | Cross-Site Scripting (XSS) |
Mime Types Extended | Cross-Site Scripting (XSS) via SVG Upload |
MIMO Woocommerce Order Tracking | Cross-Site Scripting (XSS) |
Mosaic Theme | Cross-Site Scripting (XSS) via Button Shortcode |
My Favorites | Cross-Site Scripting (XSS) |
Nafeza Prayer Time | Cross-Site Scripting (XSS) |
Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
Newsletters | Cross-Site Scripting (XSS) |
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Cross-Site Scripting (XSS) |
NextScripts | Cross-Site Scripting (XSS) |
Ninja Beaver Add-ons for Beaver Builder | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) via Flickr Widget |
One Page Express Companion | Cross-Site Scripting (XSS) via one_page_express_contact_form Shortcode |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) |
OSM Map Widget for Elementor | Cross-Site Scripting (XSS) via id Parameter |
Page Builder: Live Composer | Shortcode Cross-Site Scripting (XSS) |
Page Builder: Live Composer | Cross-Site Scripting (XSS) |
Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
PDF Embedder | Cross-Site Scripting (XSS) |
PDF.js Viewer | Cross-Site Scripting (XSS) |
PDF Poster - PDF Embedder Plugin for WordPress | Cross-Site Scripting (XSS) |
PDF Viewer | Cross-Site Scripting (XSS) |
PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
Permalink Manager Lite | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) via Zipped SVG |
PixelYourSite – Your smart PIXEL (TAG) Manager | Cross-Site Scripting (XSS) |
Pixgraphy Theme | Cross-Site Scripting (XSS) |
Popup Builder | Cross-Site Scripting (XSS) via Custom JS |
Portfolio Gallery – Image Gallery Plugin | DOM-Based Cross-Site Scripting (XSS) |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via Link Effects Widget |
PowerPack Lite for Beaver Builder | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) |
prettyPhoto | Cross-Site Scripting (XSS) via url Parameter |
Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) via Pacific Widget |
Print My Blog | Cross-Site Scripting (XSS) |
Progress Planner | Cross-Site Scripting (XSS) |
PropertyHive | Cross-Site Scripting (XSS) |
Qi Addons For Elementor | Cross-Site Scripting (XSS) via Button Widget |
Qi Blocks | Cross-Site Scripting (XSS) |
Recurring PayPal Donations | Cross-Site Scripting (XSS) |
Responsive Theme | Cross-Site Scripting (XSS) |
Responsive video embed | Cross-Site Scripting (XSS) |
Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) via Shortcode |
Restaurant Reservations | Cross-Site Scripting (XSS) |
RestroPress | Cross-Site Scripting (XSS) |
Rife Free Theme | Cross-Site Scripting (XSS) |
Robo Gallery | Cross-Site Scripting (XSS) via Image Title |
Rotating Tweets | Cross-Site Scripting (XSS) via Shortcode |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) via SVG Uploads |
Sassy Social Share | Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Scylla lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
SellKit | Cross-Site Scripting (XSS) via id Parameter |
Sensei Pro (WC Paid Courses) | Cross-Site Scripting (XSS) |
SEOPress | Cross-Site Scripting (XSS) |
SEOPress | Cross-Site Scripting (XSS) |
Serious Slider | Cross-Site Scripting (XSS) |
Shariff | Cross-Site Scripting (XSS) via Shortcode |
ShopLentor | Cross-Site Scripting (XSS) via WL Product Horizontal Filter Widget |
Shortcode Addons | Cross-Site Scripting (XSS) |
Shortcodes by United Themes | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) via su_lightbox Shortcode |
Silesia Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Simple Ajax Chat | Cross-Site Scripting (XSS) |
Simple Image Popup Shortcode | Cross-Site Scripting (XSS) via Shortcode |
Simple Photoswipe | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | DOM-Based Cross-Site Scripting (XSS) |
Sinatra Theme | Cross-Site Scripting (XSS) |
SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) |
Sketchfab Embed | Cross-Site Scripting (XSS) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) |
Slideshow SE | Cross-Site Scripting (XSS) |
Social Link Pages | Missing Authorisation (BAC) to Arbitrary Page Creation (BAC) and Cross-Site Scripting (XSS) |
Social Rocket | Cross-Site Scripting (XSS) |
Spotify Play Button | Cross-Site Scripting (XSS) |
Stackable – Page Builder Gutenberg Blocks | DOM-Based Cross-Site Scripting (XSS) |
Stellissimo Text Box | Cross-Site Scripting (XSS) |
Stratum | Cross-Site Scripting (XSS) via Countdown Widget |
Striking Theme | Cross-Site Scripting (XSS) |
Supreme Modules Lite | Cross-Site Scripting (XSS) |
SureTriggers | Cross-Site Scripting (XSS) via Trigger Link Shortcode |
Table Addons for Elementor | Cross-Site Scripting (XSS) |
Tabs | Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Scripting (XSS) via button Shortcode |
Tainacan | Cross-Site Scripting (XSS) |
TemplatesNext OnePager | Cross-Site Scripting (XSS) |
Testimonial Carousel For Elementor | Cross-Site Scripting (XSS) |
The7 Theme | Cross-Site Scripting (XSS) via url Attribute |
Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Pro | Cross-Site Scripting (XSS) |
The Post Grid | Cross-Site Scripting (XSS) |
Theron Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
Tooltip CK | Cross-Site Scripting (XSS) |
Transition Slider – Responsive Image Slider and Gallery | Cross-Site Scripting (XSS) |
Typing Text | Cross-Site Scripting (XSS) |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Ultimate Post Kit – Addons For Elementor | Cross-Site Scripting (XSS) via Social Count (Static) Widget |
Uncanny Toolkit Pro for LearnDash | Cross-Site Scripting (XSS) |
Video Widget | Cross-Site Scripting (XSS) via Widget |
Visual Composer Website Builder | Cross-Site Scripting (XSS) |
WC Marketplace | Cross-Site Scripting (XSS) via hover_animation Parameter |
Weather Widget Pro | Cross-Site Scripting (XSS) |
Weaver Xtreme Theme Support | Cross-Site Scripting (XSS) via div Shortcode |
WebP & SVG Support | Cross-Site Scripting (XSS) via SVG |
Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
Widget Bundle | Cross-Site Scripting (XSS) |
WidgetKit | Cross-Site Scripting (XSS) |
WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
Wonder PDF Embed | Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
Woody ad snippets | Cross-Site Scripting (XSS) |
WordPress Core | Cross-Site Scripting (XSS) via HTML API |
WordPress Core | Cross-Site Scripting (XSS) via template-part |
WP Chat App | Cross-Site Scripting (XSS) |
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
wpDiscuz | Cross-Site Scripting (XSS) |
WP Docs | Cross-Site Scripting (XSS) |
WP Docs | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) |
WP Flow Plus | Cross-Site Scripting (XSS) |
WP Google Maps | Cross-Site Scripting (XSS) |
WP Google Maps | Cross-Site Scripting (XSS) |
WP Job Portal | Cross-Site Scripting (XSS) |
WP Job Portal | Cross-Site Scripting (XSS) |
WP jQuery Lightbox | Cross-Site Scripting (XSS) via title Attribute |
WP-Lister Lite for Amazon | Cross-Site Scripting (XSS) |
WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
WPMobile.App | Cross-Site Scripting (XSS) |
WP Mobile Menu | Cross-Site Scripting (XSS) via Image Alt |
WP Photo Album Plus | Cross-Site Scripting (XSS) |
WPPizza | Cross-Site Scripting (XSS) |
WP Post Author | Cross-Site Scripting (XSS) |
WP Secure Maintenance | Cross-Site Scripting (XSS) |
WP SVG images | Cross-Site Scripting (XSS) via SVG |
WP Time Slots Booking Form | Cross-Site Scripting (XSS) |
WP Visitors Tracker | Cross-Site Scripting (XSS) |
WPvivid Backup for MainWP | Cross-Site Scripting (XSS) |
WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) |
YITH Custom Login | Cross-Site Scripting (XSS) |
YITH WooCommerce Tab Manager | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1646 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.