WP XSS MAY 2024
WP Cross-Site Scripting
Tailored WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS MAY 2024 is a -21% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS MAY 2024 & WP Cross-Site Scripting category:
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin | Cross-Site Scripting (XSS) |
Absolutely Glamorous Custom Admin | Cross-Site Scripting (XSS) via Image URL |
Access Category Password | Cross-Site Scripting (XSS) |
Accessibility Widget | Cross-Site Scripting (XSS) |
Advanced Cron Manager – debug & control | Cross-Site Scripting (XSS) |
Advanced Floating Content | Cross-Site Scripting (XSS) |
Advanced iFrame | Cross-Site Scripting (XSS) |
Advanced Most Recent Posts Mod | Cross-Site Scripting (XSS) |
Advanced Post List | Cross-Site Scripting (XSS) |
All in one Like Widget | Cross-Site Scripting (XSS) |
Announce from the Dashboard | Cross-Site Scripting (XSS) |
Annual Archive | Cross-Site Scripting (XSS) |
App Builder | Cross-Site Scripting (XSS) |
ARForms | Cross-Site Scripting (XSS) |
Attesa Extra | Cross-Site Scripting (XSS) |
BA Book Everything | Cross-Site Scripting (XSS) |
BA Book Everything | Cross-Site Scripting (XSS) |
Backend Designer | Cross-Site Scripting (XSS) |
Bannerlid | Cross-Site Scripting (XSS) |
Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) via Button |
Better Comments | Cross-Site Scripting (XSS) |
Better Comments | Cross-Site Scripting (XSS) |
bizcalendar web | Cross-Site Scripting (XSS) via 'tab' |
Blocksy Theme | Cross-Site Scripting (XSS) |
Blocksy Theme | Cross-Site Scripting (XSS) via About Me block |
BMI Adult & Kid Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
BoldGrid Easy SEO | Cross-Site Scripting (XSS) via Meta Description |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) via bt_bb_price_list Shortcode |
Bulk Block Converter | Cross-Site Scripting (XSS) |
bunny.net | Cross-Site Scripting (XSS) |
Call Now Button | Cross-Site Scripting (XSS) |
Canva – Design beautiful blog graphics | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) via 'sp_wp_carousel_shortcode' |
CBX Bookmark & Favorite | Cross-Site Scripting (XSS) |
CF7 File Download (BAC) – File Download (BAC) for CF7 | Cross-Site Scripting (XSS) |
Chaty | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) |
Code Insert Manager (Q2W3 Inc Manager) | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) |
Colibri Page Builder | Cross-Site Scripting (XSS) via 'colibri gallery slideshow' Shortcode |
Collapse O Matic | Cross-Site Scripting (XSS) via Shortcode |
ColorNews Theme | Cross-Site Scripting (XSS) |
Contact Form Entries | Unauthenticated Cross-Site Scripting (XSS) |
Content Views | Cross-Site Scripting (XSS) via Widget Post Overlay |
WordPress Core | Cross-Site Scripting (XSS) Via Avatar Block vulnerability |
Cornerstone | Cross-Site Scripting (XSS) |
Coupon & Discount Code Reveal Button | Cross-Site Scripting (XSS) |
Creative Addons for Elementor | Cross-Site Scripting (XSS) |
Customer Reviews for WooCommerce | Cross-Site Scripting (XSS) via 's' |
Customily Product Personalizer | Unauthenticated Cross-Site Scripting (XSS) |
Custom post types | Cross-Site Scripting (XSS) |
Debug Log Manager | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
DirectoryPress | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DSGVO Youtube | Cross-Site Scripting (XSS) |
EAN for WooCommerce | Cross-Site Scripting (XSS) via alg_wc_ean_product_meta Shortcode |
Easy Contact Form Lite | Cross-Site Scripting (XSS) |
Easy CountDowner | Cross-Site Scripting (XSS) |
Easy Login Styler – White Label Admin Login Page for WordPress | Cross-Site Scripting (XSS) |
Easy Logo | Cross-Site Scripting (XSS) |
Easy Set Favicon | Cross-Site Scripting (XSS) |
Easy Social Feed | Cross-Site Scripting (XSS) |
Easy Textillate | Cross-Site Scripting (XSS) |
eCommerce Product Catalog | Cross-Site Scripting (XSS) |
Ecwid Shopping Cart | Cross-Site Scripting (XSS) via Shortcode |
EleForms | Unauthenticated Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via 'Custom Gallery' Widget |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Trailer Box Widget |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) via Countdown Widget |
ElementsKit Pro | Cross-Site Scripting (XSS) via 'ekit_btn_id' |
Elements Plus! | Cross-Site Scripting (XSS) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Scripting (XSS) |
Email Subscribers & Newsletters | Cross-Site Scripting (XSS) via CSV import |
EmbedPress | Cross-Site Scripting (XSS) via Shortcode |
Enhanced Media Library | Cross-Site Scripting (XSS) |
ENL Newsletter | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
EnvíaloSimple | Cross-Site Scripting (XSS) |
Envo Extra | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Store Cross-Site Scripting (XSS) via Widget URL Attribute |
Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via 'title_html_tag' |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
Essential Blocks for Gutenberg | DOM Based Cross-Site Scripting (XSS) via Social Icons Block |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Button Widget |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Countdown Expired Title |
EZ Form Calculator | Cross-Site Scripting (XSS) |
F4 Improvements | Cross-Site Scripting (XSS) |
FancyBox for WordPress | Cross-Site Scripting (XSS) |
Fancy Product Designer | Cross-Site Scripting (XSS) via Product Title |
Fancy Product Designer | Cross-Site Scripting (XSS) |
Fan Page Widget by ThemeNcode | Cross-Site Scripting (XSS) |
Favorites | Cross-Site Scripting (XSS) via Shortcode |
Filebird | Cross-Site Scripting (XSS) |
FileOrganizer | Cross-Site Scripting (XSS) |
Filterable Portfolio | Cross-Site Scripting (XSS) |
Fixed HTML Toolbar | Cross-Site Scripting (XSS) |
Flash Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Font Farsi | Cross-Site Scripting (XSS) in Settings |
FooGallery | Cross-Site Scripting (XSS) via Image Attachment Fields |
Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
Forminator | Cross-Site Scripting (XSS) via forminator_form Shortcode |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Formsite | Embed online forms to collect orders, registrations, leads, and surveys | Cross-Site Scripting (XSS) |
Form to Chat App | Cross-Site Scripting (XSS) |
Genesis Blocks | Cross-Site Scripting (XSS) via Block Content |
GeoDirectory | Cross-Site Scripting (XSS) via 'gd_single_tabs' Shortcode |
GiveWP | Cross-Site Scripting (XSS) via Shortcode |
Global Elementor Buttons | Cross-Site Scripting (XSS) via button link |
Gradient Text Widget for Elementor | Cross-Site Scripting (XSS) |
GuCherry Blog Theme | Cross-Site Scripting (XSS) |
Gutenberg WordPress Core | Cross-Site Scripting (XSS) via Avatar Block |
Gutenberg Block Editor Toolkit | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via Contact Form Message Settings |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | DOM Based Cross-Site Scripting (XSS) via Countdown and CountUp Widget |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via HTML Tags |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Calendly Widget |
hCaptcha | Cross-Site Scripting (XSS) via cf hcaptcha Shortcode |
Header Footer Code Manager Pro | Cross-Site Scripting (XSS) via message |
HelloAsso | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) via Accordion/FAQ |
HT Mega | Cross-Site Scripting (XSS) |
HurryTimer | Cross-Site Scripting (XSS) |
Icon Widget | Cross-Site Scripting (XSS) via shortcode |
Image Slider Widget | Cross-Site Scripting (XSS) |
Import Content in WordPress & WooCommerce with Excel | Cross-Site Scripting (XSS) |
Infographic Maker – iList | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Intagrate Lite | Cross-Site Scripting (XSS) |
Interactive World Maps | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) via Image Box andTestimonial |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
Jobs for WordPress | Cross-Site Scripting (XSS) |
Jotform Online Forms | Cross-Site Scripting (XSS) |
Kattene | Cross-Site Scripting (XSS) |
Knight Lab Timeline | Cross-Site Scripting (XSS) |
Language Switcher for Transposh | Cross-Site Scripting (XSS) |
Language Translate Widget for WordPress – ConveyThis | Unauthenticated Cross-Site Scripting (XSS) via api_key |
LearnPress | Cross-Site Scripting (XSS) |
LearnPress | Cross-Site Scripting (XSS) |
LearnPress Export Import | Cross-Site Scripting (XSS) |
LH Add Media From Url | Cross-Site Scripting (XSS) |
Libsyn Publisher Hub | Cross-Site Scripting (XSS) |
List category posts | Cross-Site Scripting (XSS) |
List Custom Taxonomy Widget | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
MailMunch – Grow your Email List | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Max Addons Pro for Bricks | Cross-Site Scripting (XSS) |
Media Library Folders | Cross-Site Scripting (XSS) via 's' |
Mega Elements | Cross-Site Scripting (XSS) |
Meks Smart Social Widget | Cross-Site Scripting (XSS) |
Meks ThemeForest Smart Widget | Cross-Site Scripting (XSS) |
Metform Elementor Contact Form Builder | Cross-Site Scripting (XSS) via Widgets |
MJ Update (BAC) History | Cross-Site Scripting (XSS) |
MM email2image | Cross-Site Scripting (XSS) |
MM email2image | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Mortgage Calculators WP | Cross-Site Scripting (XSS) |
MWW Disclaimer Buttons | Cross-Site Scripting (XSS) |
My Calendar | Cross-Site Scripting (XSS) |
myCred | Cross-Site Scripting (XSS) |
Navigation menu as Dropdown Widget | Cross-Site Scripting (XSS) |
Netgsm | Cross-Site Scripting (XSS) |
NPS computy | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) |
Opal Widgets For Elementor | Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Limited File Upload (BAC) to Cross-Site Scripting (XSS) |
Otter Gutenberg Block | Cross-Site Scripting (XSS) via Block Attributes |
Otter Gutenberg Block | Cross-Site Scripting (XSS) via 'titleTag' |
Passster – Password Protection | Cross-Site Scripting (XSS) via content_protector Shortcode |
Payment Forms for Paystack | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) via SVG |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Photo Gallery GT3 Image Gallery & Gutenberg Block Gallery | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor Pro | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor Pro | Cross-Site Scripting (XSS) |
POEditor | Cross-Site Scripting (XSS) |
Poll Maker | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
PopupAlly | Cross-Site Scripting (XSS) |
Popup Like box | Cross-Site Scripting (XSS) |
Post Type Builder (PTB) | Cross-Site Scripting (XSS) |
PostX – Gutenberg Blocks for Post Grid | Cross-Site Scripting (XSS) |
Powerkit | Cross-Site Scripting (XSS) via Shortcode |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via *_html_tag* |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via Twitter Tweet Widget |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | DOM Based Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Pretty Google Calendar | Cross-Site Scripting (XSS) |
Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) |
ProfilePress | Cross-Site Scripting (XSS) |
QR Code Composer | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) via 'titleWrapper' |
Real Media Library Lite | Cross-Site Scripting (XSS) |
Recencio Book Reviews | Cross-Site Scripting (XSS) |
ReDi Restaurant Reservation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Related Posts for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Remove Footer Credit | Cross-Site Scripting (XSS) |
Responsive Gallery Grid | Cross-Site Scripting (XSS) |
Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) via metaslider Shortcode |
Responsive Tabs | Cross-Site Scripting (XSS) |
Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) |
RomethemeKit For Elementor | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes |
RSS Aggregator by Feedzy | Cross-Site Scripting (XSS) via Shortcode Error Message |
RSS Feed Widget | Cross-Site Scripting (XSS) |
Salon booking system | Unauthenticated Cross-Site Scripting (XSS) |
Salon booking system | Cross-Site Scripting (XSS) |
Salon booking system | Cross-Site Scripting (XSS) via Email Settings |
Sassy Social Share | Cross-Site Scripting (XSS) |
Save as Image plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Schema & Structured Data for WP & AMP | Cross-Site Scripting (XSS) via How To and FAQ Blocks |
Search Keyword Redirect | Cross-Site Scripting (XSS) |
Seers | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Shopkeeper Extender | Cross-Site Scripting (XSS) |
ShopLentor | Cross-Site Scripting (XSS) via WL Universal Product Layout |
ShopLentor | Cross-Site Scripting (XSS) via QR Code Widget |
Shortcodes and extra features for Phlox theme | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) |
Short URL | Cross-Site Scripting (XSS) |
Simple Buttons Creator | Unauthenticated Cross-Site Scripting (XSS) |
Simple Membership | Cross-Site Scripting (XSS) via Shortcode |
Simple Testimonials Showcase | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) via Sina Fancy Text Widget |
Slash Admin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) |
Smart Recent Posts Widget | Cross-Site Scripting (XSS) |
Social Media & Share Icons | Cross-Site Scripting (XSS) via settings |
Social Warfare | Cross-Site Scripting (XSS) via Shortcode |
Spectra | Cross-Site Scripting (XSS) via Custom CSS |
Sticky Anything | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Strong Testimonials | Cross-Site Scripting (XSS) |
Superfly Menu | Site Wide Cross-Site Scripting (XSS) |
Super Socializer | Cross-Site Scripting (XSS) |
Sydney Toolbox | Cross-Site Scripting (XSS) via Filterable Gallery |
Sync Post With Other Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tagembed | Cross-Site Scripting (XSS) |
Taggbox | Cross-Site Scripting (XSS) |
Tainacan Interface Theme | Cross-Site Scripting (XSS) |
TaxoPress | Cross-Site Scripting (XSS) via Shortcode |
Tax Rate Upload (BAC) | Cross-Site Scripting (XSS) |
Template Kit – Import | Cross-Site Scripting (XSS) via template Upload (BAC) |
TeraWallet – For WooCommerce | Cross-Site Scripting (XSS) |
Testimonials | Cross-Site Scripting (XSS) |
Testimonial Slider | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Top Bar | Cross-Site Scripting (XSS) |
Top Bar | Cross-Site Scripting (XSS) |
Tutor LMS | Cross-Site Scripting (XSS) via 'tutor_instructor_list' Shortcode |
TWIPLA (Visitor Analytics IO) | Cross-Site Scripting (XSS) |
UDesign Theme | Cross-Site Scripting (XSS) |
Ultimate 410 Gone Status Code | Cross-Site Scripting (XSS) |
Ultimate Addons for Beaver Builder – Lite | Multiple Cross-Site Scripting (XSS) |
Ultimate Bootstrap Elements for Elementor | Cross-Site Scripting (XSS) via Image Widget |
Ultimate Member | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via Widget Link |
VikBooking Hotel Booking Engine & PMS | Cross-Site Scripting (XSS) |
Virtue Theme | Cross-Site Scripting (XSS) via Post Author |
VOD Infomaniak | Cross-Site Scripting (XSS) |
Void Elementor WHMCS Elements For Elementor Page Builder | Cross-Site Scripting (XSS) |
Watu Quiz | Cross-Site Scripting (XSS) |
WebinarPress | Cross-Site Scripting (XSS) |
What's New Generator | Cross-Site Scripting (XSS) |
WidgetKit | Cross-Site Scripting (XSS) via Pricing Widgets |
Widget Post Slider | Cross-Site Scripting (XSS) |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce Google Feed Manager | SQL Injection (SQLi) to Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce Shipping Label | Cross-Site Scripting (XSS) |
WordPress | Cross-Site Scripting (XSS) Via Avatar Block |
WordPress Ad Widget | Cross-Site Scripting (XSS) |
WordPress File Upload (BAC) | Cross-Site Scripting (XSS) via Shortcode |
WordPress Importer | Cross-Site Scripting (XSS) |
WordPress Tooltips | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
WP 2FA | Cross-Site Scripting (XSS) |
WP 404 Auto Redirect to Similar Post | Cross-Site Scripting (XSS) |
WPBakery Page Builder | Cross-Site Scripting (XSS) via attributes |
WPBakery Page Builder | Cross-Site Scripting (XSS) via Post Author |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) |
WPB Show Core | Cross-Site Scripting (XSS) |
WPB Show Core | Cross-Site Scripting (XSS) |
WP Chat App | Cross-Site Scripting (XSS) via Block Image Attribute |
WP Chat App | Cross-Site Scripting (XSS) |
WP Club Manager | Cross-Site Scripting (XSS) |
WP Cost Estimation & Payment Forms Builder | Cross-Site Scripting (XSS) |
WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) |
WP Cufon | Cross-Site Scripting (XSS) |
wpDiscuz | Cross-Site Scripting (XSS) via Upload (BAC)ed Image Alternative Text |
WP Dynamic Keywords Injector | Cross-Site Scripting (XSS) |
WP ERP | Unauthenticated Cross-Site Scripting (XSS) |
WP File Download (BAC) Light | Cross-Site Scripting (XSS) |
WP FormAssembly | Cross-Site Scripting (XSS) |
WP Google Analytics Events | Cross-Site Scripting (XSS) |
WP Google Review Slider | Cross-Site Scripting (XSS) |
WP Helper Premium | Cross-Site Scripting (XSS) |
WP Lister Lite for eBay | Cross-Site Scripting (XSS) |
WP Login and Logout Redirect | Cross-Site Scripting (XSS) |
WP Media Category Management | Cross-Site Scripting (XSS) |
WP Members | Unauthenticated Cross-Site Scripting (XSS) |
WP Meta SEO | Unauthenticated Cross-Site Scripting (XSS) via Referer header |
WP Portfolio Theme | Cross-Site Scripting (XSS) |
WP Radio – Worldwide Online Radio Stations Directory for WordPress | Cross-Site Scripting (XSS) |
WP Simple HTML Sitemap | Cross-Site Scripting (XSS) |
WP STAGING – Backup Duplicator & Migration | Cross-Site Scripting (XSS) |
Wp Staging Pro | Cross-Site Scripting (XSS) |
WP Stripe Checkout | Cross-Site Scripting (XSS) |
WP TradingView | Cross-Site Scripting (XSS) |
WP User Profile Avatar | Cross-Site Scripting (XSS) |
WPvivid Backup for MainWP | Cross-Site Scripting (XSS) |
WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) |
WZone | Cross-Site Scripting (XSS) |
XStore Core | Cross-Site Scripting (XSS) |
XStore Theme | Cross-Site Scripting (XSS) |
Yoga Schedule Momoyoga | Cross-Site Scripting (XSS) |
Z Y N I T H | Unauthenticated Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1054 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.