WP XSS JUN 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUN 2024 is a -16% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS JUN 2024 & WP Cross-Site Scripting category:
| 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) via Bookmark URL |
| 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin | Cross-Site Scripting (XSS) |
| AA Cash Calculator | Cross-Site Scripting (XSS) via invoice |
| Add Custom CSS and JS | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| ADFO | Cross-Site Scripting (XSS) |
| Advanced Ads – Ad Manager & AdSense | Cross-Site Scripting (XSS) via Ad Widget |
| Advanced iFrame | Cross-Site Scripting (XSS) |
| All Bootstrap Blocks | Cross-Site Scripting (XSS) |
| Atarim | Unauthenticated Cross-Site Scripting (XSS) |
| Automatic | Cross-Site Scripting (XSS) via autoplay Parameter |
| Automatic Translator with Auto Translate | Cross-Site Scripting (XSS) via Custom Font |
| Awesome Contact Form7 for Elementor | Cross-Site Scripting (XSS) via AEP Contact Form Widget |
| AWSOM News Announcement | Cross-Site Scripting (XSS) |
| Base64 Encoder/Decoder | Cross-Site Scripting (XSS) |
| Base64 Encoder/Decoder | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) via photo widget crop attribute |
| Better Elementor Addons | Cross-Site Scripting (XSS) |
| Blocksy Companion | Cross-Site Scripting (XSS) via SVG Upload (BAC)s |
| Blocksy Theme | Cross-Site Scripting (XSS) |
| Blocksy Theme | Cross-Site Scripting (XSS) |
| BlogLentor | Cross-Site Scripting (XSS) |
| Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | Cross-Site Scripting (XSS) |
| Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | Cross-Site Scripting (XSS) via Multiple Widgets |
| Breakdance | Cross-Site Scripting (XSS) |
| Brozzme Scroll Top | Cross-Site Scripting (XSS) |
| BuddyPress | Cross-Site Scripting (XSS) |
| Button contact VR | Cross-Site Scripting (XSS) |
| Carousel Slider | Cross-Site Scripting (XSS) |
| ChaosTheory Theme | Cross-Site Scripting (XSS) |
| Comments Evolved for WordPress | Cross-Site Scripting (XSS) |
| Comparison Slider | Cross-Site Scripting (XSS) |
| Configure Login Timeout | Cross-Site Scripting (XSS) |
| Contact Form & Lead Form Elementor Builder | Cross-Site Scripting (XSS) |
| Content Blocks (Custom Post Widget) | Cross-Site Scripting (XSS) |
| Content Views | Cross-Site Scripting (XSS) via pagingType Parameter |
| Conversational Forms for ChatBot | Cross-Site Scripting (XSS) |
| Corona Virus (COVID-19) Banner & Live Data | Cross-Site Scripting (XSS) |
| Cost Calculator Builder Pro | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Counter Up | Cross-Site Scripting (XSS) |
| Crelly Slider | Cross-Site Scripting (XSS) |
| Custom Field Suite | Cross-Site Scripting (XSS) |
| Custom Fonts – Host Your Fonts Locally | Cross-Site Scripting (XSS) |
| Custom Post Type Attachment | Cross-Site Scripting (XSS) via pdf_attachment Shortcode |
| Debug Info | Cross-Site Scripting (XSS) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) via slitems Attribute |
| Ditty | Cross-Site Scripting (XSS) |
| Divi Builder | DOM-Based Cross-Site Scripting (XSS) |
| Divi Theme | DOM-Based Cross-Site Scripting (XSS) |
| Download Alt Text AI | Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) via wpdm-all-packages Shortcode |
| Easy Affiliate Links | Cross-Site Scripting (XSS) |
| EasyEvent | Cross-Site Scripting (XSS) |
| Edge Theme | Cross-Site Scripting (XSS) |
| Elegant Addons for elementor | Cross-Site Scripting (XSS) via HTML tags |
| Elegant Blocks | Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) |
| Elementor Pro | DOM-Based Cross-Site Scripting (XSS) |
| Elementor Website Builder | DOM-Based Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) via custom_attributes |
| Elements kit Elementor addons | Cross-Site Scripting (XSS) via Image Accordion Widget |
| ElementsKit Pro | Cross-Site Scripting (XSS) |
| ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
| EmbedPress | Cross-Site Scripting (XSS) via id Parameter |
| Enter Addons | Cross-Site Scripting (XSS) via Heading widget |
| Envo Extra | Cross-Site Scripting (XSS) |
| Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) via 'Interactive Circles' |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) via Twitter Feed |
| Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via Team Member Carousel Widget |
| Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
| Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Team Member Widget |
| Extra Theme | DOM-Based Cross-Site Scripting (XSS) |
| Falang multilanguage | Cross-Site Scripting (XSS) |
| Fancy Elementor Flipbox | Cross-Site Scripting (XSS) |
| Fancy Product Designer | Cross-Site Scripting (XSS) |
| Featured Content Gallery | Cross-Site Scripting (XSS) |
| Fetch JFT | Cross-Site Scripting (XSS) |
| Flattr | Cross-Site Scripting (XSS) |
| FluentForm | Cross-Site Scripting (XSS) |
| FluentForm | Cross-Site Scripting (XSS) |
| Folders | Cross-Site Scripting (XSS) via User First Name and Last Name |
| Follow Us Badges | Cross-Site Scripting (XSS) via wpsite_follow_us_badges Shortcode |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Forty Four – 404 Plugin for WordPress | Cross-Site Scripting (XSS) |
| FV Flowplayer Video Player | Cross-Site Scripting (XSS) |
| gee Search Plus | Cross-Site Scripting (XSS) |
| Gianism | Cross-Site Scripting (XSS) |
| GiveWP | Cross-Site Scripting (XSS) |
| Gold Addons for Elementor | Cross-Site Scripting (XSS) |
| Graphina | Cross-Site Scripting (XSS) via Multiple Widgets |
| Gum Elementor Addon | Cross-Site Scripting (XSS) via Price Table and Post Slider Widgets |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via Block Link |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
| Gutenverse | Cross-Site Scripting (XSS) |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) via Image Stack Group Widget |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) via _id Parameter |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) via Post Navigation Widget |
| Hash Elements | Cross-Site Scripting (XSS) |
| Himalayas Theme | Cross-Site Scripting (XSS) |
| HL Twitter | Cross-Site Scripting (XSS) via Widget |
| HT Mega | Cross-Site Scripting (XSS) via Tooltip & Popover Widget |
| HT Mega | Cross-Site Scripting (XSS) |
| Html5 Audio Player | Cross-Site Scripting (XSS) via Multiple Widgets |
| HUSKY | Cross-Site Scripting (XSS) via Shortcode |
| iFrame | Cross-Site Scripting (XSS) |
| Image Hover Effects – Elementor Addon | DOM-based Cross-Site Scripting (XSS) via Image Hover Effects Widget |
| ImageMagick Sharpen Resized Images | Cross-Site Scripting (XSS) |
| Import and export users and customers | Cross-Site Scripting (XSS) |
| Jetpack | Cross-Site Scripting (XSS) via wpvideo Shortcode |
| KKProgressbar2 Free | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Landing Page Builder | Cross-Site Scripting (XSS) |
| LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) via LaStudioKit Post Author Widget |
| LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
| LayerSlider | Cross-Site Scripting (XSS) |
| Leaflet Maps Marker | Cross-Site Scripting (XSS) via Shortcode |
| LearnPress | Cross-Site Scripting (XSS) via layout_html Parameter |
| LearnPress | Cross-Site Scripting (XSS) via id Parameter |
| LetterPress | Cross-Site Scripting (XSS) |
| Link Library | Cross-Site Scripting (XSS) via link-library Shortcode |
| List categories | Cross-Site Scripting (XSS) via Shortcode |
| Logo Slider | Cross-Site Scripting (XSS) |
| LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor | Cross-Site Scripting (XSS) |
| LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
| LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
| LuckyWP Table of Contents | Cross-Site Scripting (XSS) |
| Magazine Blocks | Cross-Site Scripting (XSS) |
| Magical Addons For Elementor | Cross-Site Scripting (XSS) |
| Magical Addons For Elementor | Cross-Site Scripting (XSS) via Text Effect Widget |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Slider | Cross-Site Scripting (XSS) |
| Media Library Assistant | Cross-Site Scripting (XSS) via lang |
| Mega Elements | Cross-Site Scripting (XSS) via Button Widget |
| Memberpress | Cross-Site Scripting (XSS) via arglist Parameter |
| Menu Icons by ThemeIsle | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Meow Gallery | Cross-Site Scripting (XSS) |
| Mesmerize Companion | Cross-Site Scripting (XSS) via mesmerize_contact_form Shortcode |
| MF Gig Calendar | Cross-Site Scripting (XSS) |
| Mhr Post Ticker | Cross-Site Scripting (XSS) |
| Mihdan: Yandex Turbo Feed | Cross-Site Scripting (XSS) via Shortcode |
| month name translation benaceur | Cross-Site Scripting (XSS) |
| Move Addons for Elementor | Cross-Site Scripting (XSS) |
| Move Addons for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| ND Shortcodes For Visual Composer | Cross-Site Scripting (XSS) |
| Newsletter Popup | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) |
| NextScripts | Unauthenticated Cross-Site Scripting (XSS) via User Agent |
| Opal Estate Pro | Cross-Site Scripting (XSS) |
| Optimole | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| OptinMonster | Cross-Site Scripting (XSS) |
| Page Builder by SiteOrigin | Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode |
| PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
| Pearl | Cross-Site Scripting (XSS) via Shortcode |
| Pet Manager | Cross-Site Scripting (XSS) |
| Picture Gallery | Cross-Site Scripting (XSS) |
| Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| Playlist for Youtube | Cross-Site Scripting (XSS) |
| Pods | Cross-Site Scripting (XSS) via Pod Form Redirect URL |
| Pootle Pagebuilder – WordPress Page builder | Cross-Site Scripting (XSS) |
| Popup4Phone | Unauthenticated Cross-Site Scripting (XSS) |
| Popup4Phone | Cross-Site Scripting (XSS) |
| PopupAlly | Cross-Site Scripting (XSS) |
| Popup box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Popup Builder | Cross-Site Scripting (XSS) |
| Popup Maker WP | Cross-Site Scripting (XSS) |
| Popup More Popups | Cross-Site Scripting (XSS) |
| Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Cross-Site Scripting (XSS) |
| Post Grid | Cross-Site Scripting (XSS) |
| Post Grid Elementor Addon | Cross-Site Scripting (XSS) |
| Post Grid Master | Auth Cross-Site Scripting (XSS) |
| PostX – Gutenberg Blocks for Post Grid | Cross-Site Scripting (XSS) |
| PowerPack Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) |
| Praison SEO WordPress | Cross-Site Scripting (XSS) |
| Premium Addons for Elementor | Cross-Site Scripting (XSS) |
| Premium Addons for Elementor | Cross-Site Scripting (XSS) |
| Primary Addon for Elementor | Cross-Site Scripting (XSS) via Pricing Table Widget |
| Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) |
| ProfilePress | Cross-Site Scripting (XSS) via ProfilePress User Panel Widget |
| PropertyHive | Cross-Site Scripting (XSS) |
| Propovoice CRM | Cross-Site Scripting (XSS) |
| Pure Chat | Cross-Site Scripting (XSS) |
| QuickieBar | Cross-Site Scripting (XSS) |
| raindrops Theme | Cross-Site Scripting (XSS) |
| Rank Math SEO | Cross-Site Scripting (XSS) |
| Rank Math SEO | Cross-Site Scripting (XSS) |
| reCAPTCHA Jetpack | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Remote Content Shortcode | Cross-Site Scripting (XSS) |
| Reviews and Rating – Google My Business | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) via Form Builder Widget |
| Sailthru Triggermail | Cross-Site Scripting (XSS) |
| Sailthru Triggermail | Cross-Site Scripting (XSS) |
| Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
| ShareThis Share Buttons | Cross-Site Scripting (XSS) |
| Sheets To WP Table Live Sync | Cross-Site Scripting (XSS) |
| ShopLentor | Cross-Site Scripting (XSS) via _id |
| ShopLentor | Cross-Site Scripting (XSS) |
| ShopLentor | Cross-Site Scripting (XSS) via woolentorsearch Shortcode |
| Shortcodes Ultimate | Cross-Site Scripting (XSS) |
| Shortcodes Ultimate | Cross-Site Scripting (XSS) via su_members Shortcode |
| Simple Basic Contact Form | Cross-Site Scripting (XSS) |
| Simple Image Popup | Cross-Site Scripting (XSS) (XSS) |
| Simple Like Page | Cross-Site Scripting (XSS) via Shortcode |
| Simple Membership | Cross-Site Scripting (XSS) via Shortcode |
| Simple Popup Manager | Cross-Site Scripting (XSS) |
| Simply Schedule Appointments | Cross-Site Scripting (XSS) |
| SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode |
| SKT Addons for Elementor | Cross-Site Scripting (XSS) |
| SKT Addons for Elementor | Cross-Site Scripting (XSS) |
| SliceWP | Cross-Site Scripting (XSS) |
| Slider Revolution | Cross-Site Scripting (XSS) |
| Slider Revolution | Cross-Site Scripting (XSS) via htmltag Parameter |
| Social Icons Widget & Block by WPZOOM | Cross-Site Scripting (XSS) |
| Spectra | Cross-Site Scripting (XSS) |
| Spectra | Cross-Site Scripting (XSS) |
| Starter Templates | Cross-Site Scripting (XSS) |
| Sticky banner | Cross-Site Scripting (XSS) |
| Sticky Social Link | Cross-Site Scripting (XSS) |
| Stockholm Core | Cross-Site Scripting (XSS) |
| Supreme Modules Lite | DOM-Based Cross-Site Scripting (XSS) |
| Survey Maker | Cross-Site Scripting (XSS) via Plugin Settings |
| Swift Framework | Cross-Site Scripting (XSS) via Shortcodes |
| Swift Framework Page Builder | Cross-Site Scripting (XSS) via Shortcode |
| Sydney Toolbox | Cross-Site Scripting (XSS) |
| Sydney Toolbox | Cross-Site Scripting (XSS) via aThemes: Portfolio Widget |
| Tabellen von faustball.com | Cross-Site Scripting (XSS) |
| Table Maker | Cross-Site Scripting (XSS) |
| Tainacan | Cross-Site Scripting (XSS) |
| Tainacan | Cross-Site Scripting (XSS) |
| Testimonial Carousel For Elementor | Cross-Site Scripting (XSS) |
| Testimonial Slider | Cross-Site Scripting (XSS) |
| The Events Calendar | Cross-Site Scripting (XSS) |
| Themify Shortcodes | Cross-Site Scripting (XSS) via themify_button Shortcode |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Pro | Cross-Site Scripting (XSS) via Heading Title Widget |
| Thim Elementor Kit | Cross-Site Scripting (XSS) |
| Thim Elementor Kit | Cross-Site Scripting (XSS) via id Parameter |
| Toolbar Extras for Elementor & More | Cross-Site Scripting (XSS) |
| TT Custom Post Type Creator | Cross-Site Scripting (XSS) |
| Uber Menu | Cross-Site Scripting (XSS) via Multiple Shortcodes |
| Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
| UnGallery | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via Text Field |
| Videojs HTML5 Player | Cross-Site Scripting (XSS) |
| Viet Affiliate Link | Cross-Site Scripting (XSS) |
| Viet Nam Affiliate | Cross-Site Scripting (XSS) |
| Visual Footer Credit Remover | Cross-Site Scripting (XSS) |
| Visual Portfolio, Photo Gallery & Post Grid | Cross-Site Scripting (XSS) via title_tag Parameter |
| Webpushr | Cross-Site Scripting (XSS) |
| WidgetKit | Cross-Site Scripting (XSS) |
| WOLF | Cross-Site Scripting (XSS) |
| WP Backpack | Cross-Site Scripting (XSS) |
| WPB Elementor Addons | Cross-Site Scripting (XSS) |
| WPCafe | Cross-Site Scripting (XSS) via Reservation Form Shortcode |
| WPCS ( WordPress Custom Search ) | Cross-Site Scripting (XSS) |
| wpDataTables | Unauthenticated Cross-Site Scripting (XSS) via CSV Import |
| WP DSGVO Tools (GDPR) | Cross-Site Scripting (XSS) via Shortcode |
| WP etracker | Cross-Site Scripting (XSS) |
| WP Font Awesome Share Icons | Cross-Site Scripting (XSS) via Shortcode |
| WP Front User Submit / Front Editor | Cross-Site Scripting (XSS) |
| WP Google Maps | Cross-Site Scripting (XSS) |
| WPKoi Templates for Elementor | Cross-Site Scripting (XSS) via Multiple Parameters |
| WP Next Post Navi | Cross-Site Scripting (XSS) |
| WPO365 | Cross-Site Scripting (XSS) |
| WP Recipe Maker | Cross-Site Scripting (XSS) via wprm-recipe-roundup-item Shortcode |
| WP SMS | Cross-Site Scripting (XSS) |
| WP Stacker | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
| WP To Do | Cross-Site Scripting (XSS) via Settings |
| WP Ultimate Post Grid | Cross-Site Scripting (XSS) |
| WP Video Lightbox | Cross-Site Scripting (XSS) via width Parameter |
| WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) via Image Box Widget |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) via Multiple Widgets |
| YITH WooCommerce Ajax Search | Unauthenticated Cross-Site Scripting (XSS) |
| Yoast SEO | Cross-Site Scripting (XSS) |
| Yoast SEO | Cross-Site Scripting (XSS) |
| Zotpress | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 1342 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
