WP XSS JUN 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUN 2024 is a -16% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS JUN 2024 & WP Cross-Site Scripting category:
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) via Bookmark URL |
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin | Cross-Site Scripting (XSS) |
AA Cash Calculator | Cross-Site Scripting (XSS) via invoice |
Add Custom CSS and JS | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
ADFO | Cross-Site Scripting (XSS) |
Advanced Ads – Ad Manager & AdSense | Cross-Site Scripting (XSS) via Ad Widget |
Advanced iFrame | Cross-Site Scripting (XSS) |
All Bootstrap Blocks | Cross-Site Scripting (XSS) |
Atarim | Unauthenticated Cross-Site Scripting (XSS) |
Automatic | Cross-Site Scripting (XSS) via autoplay Parameter |
Automatic Translator with Auto Translate | Cross-Site Scripting (XSS) via Custom Font |
Awesome Contact Form7 for Elementor | Cross-Site Scripting (XSS) via AEP Contact Form Widget |
AWSOM News Announcement | Cross-Site Scripting (XSS) |
Base64 Encoder/Decoder | Cross-Site Scripting (XSS) |
Base64 Encoder/Decoder | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Beaver Builder | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) via photo widget crop attribute |
Better Elementor Addons | Cross-Site Scripting (XSS) |
Blocksy Companion | Cross-Site Scripting (XSS) via SVG Upload (BAC)s |
Blocksy Theme | Cross-Site Scripting (XSS) |
Blocksy Theme | Cross-Site Scripting (XSS) |
BlogLentor | Cross-Site Scripting (XSS) |
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | Cross-Site Scripting (XSS) |
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | Cross-Site Scripting (XSS) via Multiple Widgets |
Breakdance | Cross-Site Scripting (XSS) |
Brozzme Scroll Top | Cross-Site Scripting (XSS) |
BuddyPress | Cross-Site Scripting (XSS) |
Button contact VR | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
ChaosTheory Theme | Cross-Site Scripting (XSS) |
Comments Evolved for WordPress | Cross-Site Scripting (XSS) |
Comparison Slider | Cross-Site Scripting (XSS) |
Configure Login Timeout | Cross-Site Scripting (XSS) |
Contact Form & Lead Form Elementor Builder | Cross-Site Scripting (XSS) |
Content Blocks (Custom Post Widget) | Cross-Site Scripting (XSS) |
Content Views | Cross-Site Scripting (XSS) via pagingType Parameter |
Conversational Forms for ChatBot | Cross-Site Scripting (XSS) |
Corona Virus (COVID-19) Banner & Live Data | Cross-Site Scripting (XSS) |
Cost Calculator Builder Pro | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Counter Up | Cross-Site Scripting (XSS) |
Crelly Slider | Cross-Site Scripting (XSS) |
Custom Field Suite | Cross-Site Scripting (XSS) |
Custom Fonts – Host Your Fonts Locally | Cross-Site Scripting (XSS) |
Custom Post Type Attachment | Cross-Site Scripting (XSS) via pdf_attachment Shortcode |
Debug Info | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
DethemeKit For Elementor | Cross-Site Scripting (XSS) via slitems Attribute |
Ditty | Cross-Site Scripting (XSS) |
Divi Builder | DOM-Based Cross-Site Scripting (XSS) |
Divi Theme | DOM-Based Cross-Site Scripting (XSS) |
Download Alt Text AI | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) via wpdm-all-packages Shortcode |
Easy Affiliate Links | Cross-Site Scripting (XSS) |
EasyEvent | Cross-Site Scripting (XSS) |
Edge Theme | Cross-Site Scripting (XSS) |
Elegant Addons for elementor | Cross-Site Scripting (XSS) via HTML tags |
Elegant Blocks | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) |
Elementor Pro | DOM-Based Cross-Site Scripting (XSS) |
Elementor Website Builder | DOM-Based Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via custom_attributes |
Elements kit Elementor addons | Cross-Site Scripting (XSS) via Image Accordion Widget |
ElementsKit Pro | Cross-Site Scripting (XSS) |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
EmbedPress | Cross-Site Scripting (XSS) via id Parameter |
Enter Addons | Cross-Site Scripting (XSS) via Heading widget |
Envo Extra | Cross-Site Scripting (XSS) |
Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) via 'Interactive Circles' |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) via Twitter Feed |
Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via Team Member Carousel Widget |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Team Member Widget |
Extra Theme | DOM-Based Cross-Site Scripting (XSS) |
Falang multilanguage | Cross-Site Scripting (XSS) |
Fancy Elementor Flipbox | Cross-Site Scripting (XSS) |
Fancy Product Designer | Cross-Site Scripting (XSS) |
Featured Content Gallery | Cross-Site Scripting (XSS) |
Fetch JFT | Cross-Site Scripting (XSS) |
Flattr | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
Folders | Cross-Site Scripting (XSS) via User First Name and Last Name |
Follow Us Badges | Cross-Site Scripting (XSS) via wpsite_follow_us_badges Shortcode |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Forty Four – 404 Plugin for WordPress | Cross-Site Scripting (XSS) |
FV Flowplayer Video Player | Cross-Site Scripting (XSS) |
gee Search Plus | Cross-Site Scripting (XSS) |
Gianism | Cross-Site Scripting (XSS) |
GiveWP | Cross-Site Scripting (XSS) |
Gold Addons for Elementor | Cross-Site Scripting (XSS) |
Graphina | Cross-Site Scripting (XSS) via Multiple Widgets |
Gum Elementor Addon | Cross-Site Scripting (XSS) via Price Table and Post Slider Widgets |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via Block Link |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutenverse | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Image Stack Group Widget |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via _id Parameter |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Post Navigation Widget |
Hash Elements | Cross-Site Scripting (XSS) |
Himalayas Theme | Cross-Site Scripting (XSS) |
HL Twitter | Cross-Site Scripting (XSS) via Widget |
HT Mega | Cross-Site Scripting (XSS) via Tooltip & Popover Widget |
HT Mega | Cross-Site Scripting (XSS) |
Html5 Audio Player | Cross-Site Scripting (XSS) via Multiple Widgets |
HUSKY | Cross-Site Scripting (XSS) via Shortcode |
iFrame | Cross-Site Scripting (XSS) |
Image Hover Effects – Elementor Addon | DOM-based Cross-Site Scripting (XSS) via Image Hover Effects Widget |
ImageMagick Sharpen Resized Images | Cross-Site Scripting (XSS) |
Import and export users and customers | Cross-Site Scripting (XSS) |
Jetpack | Cross-Site Scripting (XSS) via wpvideo Shortcode |
KKProgressbar2 Free | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Landing Page Builder | Cross-Site Scripting (XSS) |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) via LaStudioKit Post Author Widget |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
LayerSlider | Cross-Site Scripting (XSS) |
Leaflet Maps Marker | Cross-Site Scripting (XSS) via Shortcode |
LearnPress | Cross-Site Scripting (XSS) via layout_html Parameter |
LearnPress | Cross-Site Scripting (XSS) via id Parameter |
LetterPress | Cross-Site Scripting (XSS) |
Link Library | Cross-Site Scripting (XSS) via link-library Shortcode |
List categories | Cross-Site Scripting (XSS) via Shortcode |
Logo Slider | Cross-Site Scripting (XSS) |
LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor | Cross-Site Scripting (XSS) |
LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
Magazine Blocks | Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) via Text Effect Widget |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Media Library Assistant | Cross-Site Scripting (XSS) via lang |
Mega Elements | Cross-Site Scripting (XSS) via Button Widget |
Memberpress | Cross-Site Scripting (XSS) via arglist Parameter |
Menu Icons by ThemeIsle | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Meow Gallery | Cross-Site Scripting (XSS) |
Mesmerize Companion | Cross-Site Scripting (XSS) via mesmerize_contact_form Shortcode |
MF Gig Calendar | Cross-Site Scripting (XSS) |
Mhr Post Ticker | Cross-Site Scripting (XSS) |
Mihdan: Yandex Turbo Feed | Cross-Site Scripting (XSS) via Shortcode |
month name translation benaceur | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
ND Shortcodes For Visual Composer | Cross-Site Scripting (XSS) |
Newsletter Popup | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) |
NextScripts | Unauthenticated Cross-Site Scripting (XSS) via User Agent |
Opal Estate Pro | Cross-Site Scripting (XSS) |
Optimole | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
OptinMonster | Cross-Site Scripting (XSS) |
Page Builder by SiteOrigin | Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode |
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
Pearl | Cross-Site Scripting (XSS) via Shortcode |
Pet Manager | Cross-Site Scripting (XSS) |
Picture Gallery | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Playlist for Youtube | Cross-Site Scripting (XSS) |
Pods | Cross-Site Scripting (XSS) via Pod Form Redirect URL |
Pootle Pagebuilder – WordPress Page builder | Cross-Site Scripting (XSS) |
Popup4Phone | Unauthenticated Cross-Site Scripting (XSS) |
Popup4Phone | Cross-Site Scripting (XSS) |
PopupAlly | Cross-Site Scripting (XSS) |
Popup box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Popup Builder | Cross-Site Scripting (XSS) |
Popup Maker WP | Cross-Site Scripting (XSS) |
Popup More Popups | Cross-Site Scripting (XSS) |
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Cross-Site Scripting (XSS) |
Post Grid | Cross-Site Scripting (XSS) |
Post Grid Elementor Addon | Cross-Site Scripting (XSS) |
Post Grid Master | Auth Cross-Site Scripting (XSS) |
PostX – Gutenberg Blocks for Post Grid | Cross-Site Scripting (XSS) |
PowerPack Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) |
Praison SEO WordPress | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Primary Addon for Elementor | Cross-Site Scripting (XSS) via Pricing Table Widget |
Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) via ProfilePress User Panel Widget |
PropertyHive | Cross-Site Scripting (XSS) |
Propovoice CRM | Cross-Site Scripting (XSS) |
Pure Chat | Cross-Site Scripting (XSS) |
QuickieBar | Cross-Site Scripting (XSS) |
raindrops Theme | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) |
reCAPTCHA Jetpack | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Remote Content Shortcode | Cross-Site Scripting (XSS) |
Reviews and Rating – Google My Business | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) via Form Builder Widget |
Sailthru Triggermail | Cross-Site Scripting (XSS) |
Sailthru Triggermail | Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
ShareThis Share Buttons | Cross-Site Scripting (XSS) |
Sheets To WP Table Live Sync | Cross-Site Scripting (XSS) |
ShopLentor | Cross-Site Scripting (XSS) via _id |
ShopLentor | Cross-Site Scripting (XSS) |
ShopLentor | Cross-Site Scripting (XSS) via woolentorsearch Shortcode |
Shortcodes Ultimate | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) via su_members Shortcode |
Simple Basic Contact Form | Cross-Site Scripting (XSS) |
Simple Image Popup | Cross-Site Scripting (XSS) (XSS) |
Simple Like Page | Cross-Site Scripting (XSS) via Shortcode |
Simple Membership | Cross-Site Scripting (XSS) via Shortcode |
Simple Popup Manager | Cross-Site Scripting (XSS) |
Simply Schedule Appointments | Cross-Site Scripting (XSS) |
SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) via htmltag Parameter |
Social Icons Widget & Block by WPZOOM | Cross-Site Scripting (XSS) |
Spectra | Cross-Site Scripting (XSS) |
Spectra | Cross-Site Scripting (XSS) |
Starter Templates | Cross-Site Scripting (XSS) |
Sticky banner | Cross-Site Scripting (XSS) |
Sticky Social Link | Cross-Site Scripting (XSS) |
Stockholm Core | Cross-Site Scripting (XSS) |
Supreme Modules Lite | DOM-Based Cross-Site Scripting (XSS) |
Survey Maker | Cross-Site Scripting (XSS) via Plugin Settings |
Swift Framework | Cross-Site Scripting (XSS) via Shortcodes |
Swift Framework Page Builder | Cross-Site Scripting (XSS) via Shortcode |
Sydney Toolbox | Cross-Site Scripting (XSS) |
Sydney Toolbox | Cross-Site Scripting (XSS) via aThemes: Portfolio Widget |
Tabellen von faustball.com | Cross-Site Scripting (XSS) |
Table Maker | Cross-Site Scripting (XSS) |
Tainacan | Cross-Site Scripting (XSS) |
Tainacan | Cross-Site Scripting (XSS) |
Testimonial Carousel For Elementor | Cross-Site Scripting (XSS) |
Testimonial Slider | Cross-Site Scripting (XSS) |
The Events Calendar | Cross-Site Scripting (XSS) |
Themify Shortcodes | Cross-Site Scripting (XSS) via themify_button Shortcode |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Pro | Cross-Site Scripting (XSS) via Heading Title Widget |
Thim Elementor Kit | Cross-Site Scripting (XSS) |
Thim Elementor Kit | Cross-Site Scripting (XSS) via id Parameter |
Toolbar Extras for Elementor & More | Cross-Site Scripting (XSS) |
TT Custom Post Type Creator | Cross-Site Scripting (XSS) |
Uber Menu | Cross-Site Scripting (XSS) via Multiple Shortcodes |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
UnGallery | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via Text Field |
Videojs HTML5 Player | Cross-Site Scripting (XSS) |
Viet Affiliate Link | Cross-Site Scripting (XSS) |
Viet Nam Affiliate | Cross-Site Scripting (XSS) |
Visual Footer Credit Remover | Cross-Site Scripting (XSS) |
Visual Portfolio, Photo Gallery & Post Grid | Cross-Site Scripting (XSS) via title_tag Parameter |
Webpushr | Cross-Site Scripting (XSS) |
WidgetKit | Cross-Site Scripting (XSS) |
WOLF | Cross-Site Scripting (XSS) |
WP Backpack | Cross-Site Scripting (XSS) |
WPB Elementor Addons | Cross-Site Scripting (XSS) |
WPCafe | Cross-Site Scripting (XSS) via Reservation Form Shortcode |
WPCS ( WordPress Custom Search ) | Cross-Site Scripting (XSS) |
wpDataTables | Unauthenticated Cross-Site Scripting (XSS) via CSV Import |
WP DSGVO Tools (GDPR) | Cross-Site Scripting (XSS) via Shortcode |
WP etracker | Cross-Site Scripting (XSS) |
WP Font Awesome Share Icons | Cross-Site Scripting (XSS) via Shortcode |
WP Front User Submit / Front Editor | Cross-Site Scripting (XSS) |
WP Google Maps | Cross-Site Scripting (XSS) |
WPKoi Templates for Elementor | Cross-Site Scripting (XSS) via Multiple Parameters |
WP Next Post Navi | Cross-Site Scripting (XSS) |
WPO365 | Cross-Site Scripting (XSS) |
WP Recipe Maker | Cross-Site Scripting (XSS) via wprm-recipe-roundup-item Shortcode |
WP SMS | Cross-Site Scripting (XSS) |
WP Stacker | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
WP To Do | Cross-Site Scripting (XSS) via Settings |
WP Ultimate Post Grid | Cross-Site Scripting (XSS) |
WP Video Lightbox | Cross-Site Scripting (XSS) via width Parameter |
WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) via Image Box Widget |
Xpro Elementor Addons | Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) via Multiple Widgets |
YITH WooCommerce Ajax Search | Unauthenticated Cross-Site Scripting (XSS) |
Yoast SEO | Cross-Site Scripting (XSS) |
Yoast SEO | Cross-Site Scripting (XSS) |
Zotpress | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1342 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.