WP XSS MAY 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS MAY 2024 is a -21% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS MAY 2024 & WP Cross-Site Scripting category:
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin | Cross-Site Scripting (XSS) |
Absolutely Glamorous Custom Admin | Cross-Site Scripting (XSS) via Image URL |
Access Category Password | Cross-Site Scripting (XSS) |
Accessibility Widget | Cross-Site Scripting (XSS) |
Advanced Cron Manager – debug & control | Cross-Site Scripting (XSS) |
Advanced Floating Content | Cross-Site Scripting (XSS) |
Advanced iFrame | Cross-Site Scripting (XSS) |
Advanced Most Recent Posts Mod | Cross-Site Scripting (XSS) |
Advanced Post List | Cross-Site Scripting (XSS) |
All in one Like Widget | Cross-Site Scripting (XSS) |
Announce from the Dashboard | Cross-Site Scripting (XSS) |
Annual Archive | Cross-Site Scripting (XSS) |
App Builder | Cross-Site Scripting (XSS) |
ARForms | Cross-Site Scripting (XSS) |
Attesa Extra | Cross-Site Scripting (XSS) |
BA Book Everything | Cross-Site Scripting (XSS) |
BA Book Everything | Cross-Site Scripting (XSS) |
Backend Designer | Cross-Site Scripting (XSS) |
Bannerlid | Cross-Site Scripting (XSS) |
Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) via Button |
Better Comments | Cross-Site Scripting (XSS) |
Better Comments | Cross-Site Scripting (XSS) |
bizcalendar web | Cross-Site Scripting (XSS) via 'tab' |
Blocksy Theme | Cross-Site Scripting (XSS) |
Blocksy Theme | Cross-Site Scripting (XSS) via About Me block |
BMI Adult & Kid Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
BoldGrid Easy SEO | Cross-Site Scripting (XSS) via Meta Description |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) via bt_bb_price_list Shortcode |
Bulk Block Converter | Cross-Site Scripting (XSS) |
bunny.net | Cross-Site Scripting (XSS) |
Call Now Button | Cross-Site Scripting (XSS) |
Canva – Design beautiful blog graphics | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) via 'sp_wp_carousel_shortcode' |
CBX Bookmark & Favorite | Cross-Site Scripting (XSS) |
CF7 File Download (BAC) – File Download (BAC) for CF7 | Cross-Site Scripting (XSS) |
Chaty | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) |
Code Insert Manager (Q2W3 Inc Manager) | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) via 'colibri gallery slideshow' Shortcode |
Collapse O Matic | Cross-Site Scripting (XSS) via Shortcode |
ColorNews Theme | Cross-Site Scripting (XSS) |
Contact Form Entries | Unauthenticated Cross-Site Scripting (XSS) |
Content Views | Cross-Site Scripting (XSS) via Widget Post Overlay |
WordPress Core | Cross-Site Scripting (XSS) Via Avatar Block vulnerability |
Cornerstone | Cross-Site Scripting (XSS) |
Coupon & Discount Code Reveal Button | Cross-Site Scripting (XSS) |
Creative Addons for Elementor | Cross-Site Scripting (XSS) |
Customer Reviews for WooCommerce | Cross-Site Scripting (XSS) via 's' |
Customily Product Personalizer | Unauthenticated Cross-Site Scripting (XSS) |
Custom post types | Cross-Site Scripting (XSS) |
Debug Log Manager | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
DirectoryPress | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DSGVO Youtube | Cross-Site Scripting (XSS) |
EAN for WooCommerce | Cross-Site Scripting (XSS) via alg_wc_ean_product_meta Shortcode |
Easy Contact Form Lite | Cross-Site Scripting (XSS) |
Easy CountDowner | Cross-Site Scripting (XSS) |
Easy Login Styler – White Label Admin Login Page for WordPress | Cross-Site Scripting (XSS) |
Easy Logo | Cross-Site Scripting (XSS) |
Easy Set Favicon | Cross-Site Scripting (XSS) |
Easy Social Feed | Cross-Site Scripting (XSS) |
Easy Textillate | Cross-Site Scripting (XSS) |
eCommerce Product Catalog | Cross-Site Scripting (XSS) |
Ecwid Shopping Cart | Cross-Site Scripting (XSS) via Shortcode |
EleForms | Unauthenticated Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via 'Custom Gallery' Widget |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Trailer Box Widget |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) via Countdown Widget |
ElementsKit Pro | Cross-Site Scripting (XSS) via 'ekit_btn_id' |
Elements Plus! | Cross-Site Scripting (XSS) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Scripting (XSS) |
Email Subscribers & Newsletters | Cross-Site Scripting (XSS) via CSV import |
EmbedPress | Cross-Site Scripting (XSS) via Shortcode |
Enhanced Media Library | Cross-Site Scripting (XSS) |
ENL Newsletter | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
EnvíaloSimple | Cross-Site Scripting (XSS) |
Envo Extra | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Store Cross-Site Scripting (XSS) via Widget URL Attribute |
Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via 'title_html_tag' |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
Essential Blocks for Gutenberg | DOM Based Cross-Site Scripting (XSS) via Social Icons Block |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Button Widget |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Countdown Expired Title |
EZ Form Calculator | Cross-Site Scripting (XSS) |
F4 Improvements | Cross-Site Scripting (XSS) |
FancyBox for WordPress | Cross-Site Scripting (XSS) |
Fancy Product Designer | Cross-Site Scripting (XSS) via Product Title |
Fancy Product Designer | Cross-Site Scripting (XSS) |
Fan Page Widget by ThemeNcode | Cross-Site Scripting (XSS) |
Favorites | Cross-Site Scripting (XSS) via Shortcode |
Filebird | Cross-Site Scripting (XSS) |
FileOrganizer | Cross-Site Scripting (XSS) |
Filterable Portfolio | Cross-Site Scripting (XSS) |
Fixed HTML Toolbar | Cross-Site Scripting (XSS) |
Flash Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Font Farsi | Cross-Site Scripting (XSS) in Settings |
FooGallery | Cross-Site Scripting (XSS) via Image Attachment Fields |
Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
Forminator | Cross-Site Scripting (XSS) via forminator_form Shortcode |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Formsite | Embed online forms to collect orders, registrations, leads, and surveys | Cross-Site Scripting (XSS) |
Form to Chat App | Cross-Site Scripting (XSS) |
Genesis Blocks | Cross-Site Scripting (XSS) via Block Content |
GeoDirectory | Cross-Site Scripting (XSS) via 'gd_single_tabs' Shortcode |
GiveWP | Cross-Site Scripting (XSS) via Shortcode |
Global Elementor Buttons | Cross-Site Scripting (XSS) via button link |
Gradient Text Widget for Elementor | Cross-Site Scripting (XSS) |
GuCherry Blog Theme | Cross-Site Scripting (XSS) |
Gutenberg WordPress Core | Cross-Site Scripting (XSS) via Avatar Block |
Gutenberg Block Editor Toolkit | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via Contact Form Message Settings |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | DOM Based Cross-Site Scripting (XSS) via Countdown and CountUp Widget |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via HTML Tags |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Calendly Widget |
hCaptcha | Cross-Site Scripting (XSS) via cf hcaptcha Shortcode |
Header Footer Code Manager Pro | Cross-Site Scripting (XSS) via message |
HelloAsso | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) via Accordion/FAQ |
HT Mega | Cross-Site Scripting (XSS) |
HurryTimer | Cross-Site Scripting (XSS) |
Icon Widget | Cross-Site Scripting (XSS) via shortcode |
Image Slider Widget | Cross-Site Scripting (XSS) |
Import Content in WordPress & WooCommerce with Excel | Cross-Site Scripting (XSS) |
Infographic Maker – iList | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Intagrate Lite | Cross-Site Scripting (XSS) |
Interactive World Maps | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) via Image Box andTestimonial |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
Jobs for WordPress | Cross-Site Scripting (XSS) |
Jotform Online Forms | Cross-Site Scripting (XSS) |
Kattene | Cross-Site Scripting (XSS) |
Knight Lab Timeline | Cross-Site Scripting (XSS) |
Language Switcher for Transposh | Cross-Site Scripting (XSS) |
Language Translate Widget for WordPress – ConveyThis | Unauthenticated Cross-Site Scripting (XSS) via api_key |
LearnPress | Cross-Site Scripting (XSS) |
LearnPress | Cross-Site Scripting (XSS) |
LearnPress Export Import | Cross-Site Scripting (XSS) |
LH Add Media From Url | Cross-Site Scripting (XSS) |
Libsyn Publisher Hub | Cross-Site Scripting (XSS) |
List category posts | Cross-Site Scripting (XSS) |
List Custom Taxonomy Widget | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
MailMunch – Grow your Email List | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Max Addons Pro for Bricks | Cross-Site Scripting (XSS) |
Media Library Folders | Cross-Site Scripting (XSS) via 's' |
Mega Elements | Cross-Site Scripting (XSS) |
Meks Smart Social Widget | Cross-Site Scripting (XSS) |
Meks ThemeForest Smart Widget | Cross-Site Scripting (XSS) |
Metform Elementor Contact Form Builder | Cross-Site Scripting (XSS) via Widgets |
MJ Update (BAC) History | Cross-Site Scripting (XSS) |
MM email2image | Cross-Site Scripting (XSS) |
MM email2image | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Mortgage Calculators WP | Cross-Site Scripting (XSS) |
MWW Disclaimer Buttons | Cross-Site Scripting (XSS) |
My Calendar | Cross-Site Scripting (XSS) |
myCred | Cross-Site Scripting (XSS) |
Navigation menu as Dropdown Widget | Cross-Site Scripting (XSS) |
Netgsm | Cross-Site Scripting (XSS) |
NPS computy | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) |
Opal Widgets For Elementor | Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Limited File Upload (BAC) to Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Cross-Site Scripting (XSS) via Block Attributes |
Otter Gutenberg Block | Cross-Site Scripting (XSS) via 'titleTag' |
Passster – Password Protection | Cross-Site Scripting (XSS) via content_protector Shortcode |
Payment Forms for Paystack | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) via SVG |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Photo Gallery GT3 Image Gallery & Gutenberg Block Gallery | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor Pro | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor Pro | Cross-Site Scripting (XSS) |
POEditor | Cross-Site Scripting (XSS) |
Poll Maker | Missing Authorisation (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
PopupAlly | Cross-Site Scripting (XSS) |
Popup Like box | Cross-Site Scripting (XSS) |
Post Type Builder (PTB) | Cross-Site Scripting (XSS) |
PostX – Gutenberg Blocks for Post Grid | Cross-Site Scripting (XSS) |
Powerkit | Cross-Site Scripting (XSS) via Shortcode |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via *_html_tag* |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via Twitter Tweet Widget |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | DOM Based Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Pretty Google Calendar | Cross-Site Scripting (XSS) |
Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) |
QR Code Composer | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) via 'titleWrapper' |
Real Media Library Lite | Cross-Site Scripting (XSS) |
Recencio Book Reviews | Cross-Site Scripting (XSS) |
ReDi Restaurant Reservation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Related Posts for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Remove Footer Credit | Cross-Site Scripting (XSS) |
Responsive Gallery Grid | Cross-Site Scripting (XSS) |
Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) via metaslider Shortcode |
Responsive Tabs | Cross-Site Scripting (XSS) |
Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) |
RomethemeKit For Elementor | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes |
RSS Aggregator by Feedzy | Cross-Site Scripting (XSS) via Shortcode Error Message |
RSS Feed Widget | Cross-Site Scripting (XSS) |
Salon booking system | Unauthenticated Cross-Site Scripting (XSS) |
Salon booking system | Cross-Site Scripting (XSS) |
Salon booking system | Cross-Site Scripting (XSS) via Email Settings |
Sassy Social Share | Cross-Site Scripting (XSS) |
Save as Image plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Schema & Structured Data for WP & AMP | Cross-Site Scripting (XSS) via How To and FAQ Blocks |
Search Keyword Redirect | Cross-Site Scripting (XSS) |
Seers | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Shopkeeper Extender | Cross-Site Scripting (XSS) |
ShopLentor | Cross-Site Scripting (XSS) via WL Universal Product Layout |
ShopLentor | Cross-Site Scripting (XSS) via QR Code Widget |
Shortcodes and extra features for Phlox theme | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) |
Short URL | Cross-Site Scripting (XSS) |
Simple Buttons Creator | Unauthenticated Cross-Site Scripting (XSS) |
Simple Membership | Cross-Site Scripting (XSS) via Shortcode |
Simple Testimonials Showcase | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) via Sina Fancy Text Widget |
Slash Admin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) |
Smart Recent Posts Widget | Cross-Site Scripting (XSS) |
Social Media & Share Icons | Cross-Site Scripting (XSS) via settings |
Social Warfare | Cross-Site Scripting (XSS) via Shortcode |
Spectra | Cross-Site Scripting (XSS) via Custom CSS |
Sticky Anything | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Strong Testimonials | Cross-Site Scripting (XSS) |
Superfly Menu | Site Wide Cross-Site Scripting (XSS) |
Super Socializer | Cross-Site Scripting (XSS) |
Sydney Toolbox | Cross-Site Scripting (XSS) via Filterable Gallery |
Sync Post With Other Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tagembed | Cross-Site Scripting (XSS) |
Taggbox | Cross-Site Scripting (XSS) |
Tainacan Interface Theme | Cross-Site Scripting (XSS) |
TaxoPress | Cross-Site Scripting (XSS) via Shortcode |
Tax Rate Upload (BAC) | Cross-Site Scripting (XSS) |
Template Kit – Import | Cross-Site Scripting (XSS) via template Upload (BAC) |
TeraWallet – For WooCommerce | Cross-Site Scripting (XSS) |
Testimonials | Cross-Site Scripting (XSS) |
Testimonial Slider | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Top Bar | Cross-Site Scripting (XSS) |
Top Bar | Cross-Site Scripting (XSS) |
Tutor LMS | Cross-Site Scripting (XSS) via 'tutor_instructor_list' Shortcode |
TWIPLA (Visitor Analytics IO) | Cross-Site Scripting (XSS) |
UDesign Theme | Cross-Site Scripting (XSS) |
Ultimate 410 Gone Status Code | Cross-Site Scripting (XSS) |
Ultimate Addons for Beaver Builder – Lite | Multiple Cross-Site Scripting (XSS) |
Ultimate Bootstrap Elements for Elementor | Cross-Site Scripting (XSS) via Image Widget |
Ultimate Member | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via Widget Link |
VikBooking Hotel Booking Engine & PMS | Cross-Site Scripting (XSS) |
Virtue Theme | Cross-Site Scripting (XSS) via Post Author |
VOD Infomaniak | Cross-Site Scripting (XSS) |
Void Elementor WHMCS Elements For Elementor Page Builder | Cross-Site Scripting (XSS) |
Watu Quiz | Cross-Site Scripting (XSS) |
WebinarPress | Cross-Site Scripting (XSS) |
What's New Generator | Cross-Site Scripting (XSS) |
WidgetKit | Cross-Site Scripting (XSS) via Pricing Widgets |
Widget Post Slider | Cross-Site Scripting (XSS) |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce Google Feed Manager | SQL Injection (SQLi) to Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce Shipping Label | Cross-Site Scripting (XSS) |
WordPress | Cross-Site Scripting (XSS) Via Avatar Block |
WordPress Ad Widget | Cross-Site Scripting (XSS) |
WordPress File Upload (BAC) | Cross-Site Scripting (XSS) via Shortcode |
WordPress Importer | Cross-Site Scripting (XSS) |
WordPress Tooltips | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
WP 2FA | Cross-Site Scripting (XSS) |
WP 404 Auto Redirect to Similar Post | Cross-Site Scripting (XSS) |
WPBakery Page Builder | Cross-Site Scripting (XSS) via attributes |
WPBakery Page Builder | Cross-Site Scripting (XSS) via Post Author |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) |
WPB Show Core | Cross-Site Scripting (XSS) |
WPB Show Core | Cross-Site Scripting (XSS) |
WP Chat App | Cross-Site Scripting (XSS) via Block Image Attribute |
WP Chat App | Cross-Site Scripting (XSS) |
WP Club Manager | Cross-Site Scripting (XSS) |
WP Cost Estimation & Payment Forms Builder | Cross-Site Scripting (XSS) |
WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) |
WP Cufon | Cross-Site Scripting (XSS) |
wpDiscuz | Cross-Site Scripting (XSS) via Upload (BAC)ed Image Alternative Text |
WP Dynamic Keywords Injector | Cross-Site Scripting (XSS) |
WP ERP | Unauthenticated Cross-Site Scripting (XSS) |
WP File Download (BAC) Light | Cross-Site Scripting (XSS) |
WP FormAssembly | Cross-Site Scripting (XSS) |
WP Google Analytics Events | Cross-Site Scripting (XSS) |
WP Google Review Slider | Cross-Site Scripting (XSS) |
WP Helper Premium | Cross-Site Scripting (XSS) |
WP Lister Lite for eBay | Cross-Site Scripting (XSS) |
WP Login and Logout Redirect | Cross-Site Scripting (XSS) |
WP Media Category Management | Cross-Site Scripting (XSS) |
WP Members | Unauthenticated Cross-Site Scripting (XSS) |
WP Meta SEO | Unauthenticated Cross-Site Scripting (XSS) via Referer header |
WP Portfolio Theme | Cross-Site Scripting (XSS) |
WP Radio – Worldwide Online Radio Stations Directory for WordPress | Cross-Site Scripting (XSS) |
WP Simple HTML Sitemap | Cross-Site Scripting (XSS) |
WP STAGING – Backup Duplicator & Migration | Cross-Site Scripting (XSS) |
Wp Staging Pro | Cross-Site Scripting (XSS) |
WP Stripe Checkout | Cross-Site Scripting (XSS) |
WP TradingView | Cross-Site Scripting (XSS) |
WP User Profile Avatar | Cross-Site Scripting (XSS) |
WPvivid Backup for MainWP | Cross-Site Scripting (XSS) |
WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) |
WZone | Cross-Site Scripting (XSS) |
XStore Core | Cross-Site Scripting (XSS) |
XStore Theme | Cross-Site Scripting (XSS) |
Yoga Schedule Momoyoga | Cross-Site Scripting (XSS) |
Z Y N I T H | Unauthenticated Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1054 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.