WP XSS NOV 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS NOV 2024 is a +51% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS NOV 2024 & WP Cross-Site Scripting category:
10Web Social Post Feed | Cross-Site Scripting (XSS) |
123.chat | Unauthenticated Cross-Site Scripting (XSS) |
2D Tag Cloud | Cross-Site Scripting (XSS) from add_query_arg Parameter |
AB Categories Search Widget | Cross-Site Scripting (XSS) |
Accordion Slider | Cross-Site Scripting (XSS) |
ACL Floating Cart for WooCommerce | Cross-Site Scripting (XSS) |
Add Categories Post Footer | Cross-Site Scripting (XSS) |
Add Widget After Content | Cross-Site Scripting (XSS) |
ADIF Log Search Widget | Cross-Site Scripting (XSS) |
Ad Inserter | Cross-Site Scripting (XSS) |
Admin Management Xtended | Cross-Site Scripting (XSS) |
Ads.txt & App-ads.txt Manager for WordPress | Cross-Site Scripting (XSS) |
Advanced Blocks Pro | Cross-Site Scripting (XSS) |
Advanced Category and Custom Taxonomy Image | Cross-Site Scripting (XSS) from ad_tax_image Shortcode |
Advanced Custom Fields | Cross-Site Scripting (XSS) |
Advanced Custom Fields PRO | Cross-Site Scripting (XSS) |
Advanced Sermons | Cross-Site Scripting (XSS) |
Affiliate Platform | Cross-Site Scripting (XSS) |
affiliate-toolkit | Cross-Site Scripting (XSS) from atkp_product Shortcode |
AffiliateX | Cross-Site Scripting (XSS) |
Aggregator Advanced Settings | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Agile Video Player Lite | Cross-Site Scripting (XSS) |
Ahmeti Wp Timeline | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ajax Custom CSS and JS | Cross-Site Scripting (XSS) |
Ajax Load More | Cross-Site Scripting (XSS) from button_label Parameter |
Akismet htaccess writer | Cross-Site Scripting (XSS) |
Alley Elementor Widget | Cross-Site Scripting (XSS) |
All in One Slider | Cross-Site Scripting (XSS) |
Amilia Store | Cross-Site Scripting (XSS) |
Anchor Episodes Index (Spotify for Podcasters) | Cross-Site Scripting (XSS) |
Ancient World Linked Data | Cross-Site Scripting (XSS) |
Animator | Cross-Site Scripting (XSS) |
Arconix Shortcodes | Cross-Site Scripting (XSS) from Shortcode |
Arconix Shortcodes | Cross-Site Scripting (XSS) from box Shortcode |
Arkhe Blocks | Cross-Site Scripting (XSS) |
Astra Widgets | Cross-Site Scripting (XSS) |
Auto Amazon Links | Cross-Site Scripting (XSS) |
Auto Featured Image from Title | Cross-Site Scripting (XSS) |
Auto iFrame | Cross-Site Scripting (XSS) from tag Parameter |
AVChat Video Chat | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
AVIF & SVG Uploader | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Awesome Buttons | Cross-Site Scripting (XSS) |
Awesome Contact Form7 for Elementor | Cross-Site Scripting (XSS) |
Bamazoo Button Generator | Cross-Site Scripting (XSS) |
Banner Slider | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Beaver Builder | DOM-Based Cross-Site Scripting (XSS) from Button Widget |
Beek Widget Extention | Cross-Site Scripting (XSS) |
BerqWP | Cross-Site Scripting (XSS) |
Better Author Bio | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Bet WC 2018 Russia | Cross-Site Scripting (XSS) |
Black Widgets For Elementor | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
BlockMeister – Block Pattern Builder | Cross-Site Scripting (XSS) |
Booking Calendar | Cross-Site Scripting (XSS) |
Booking.com Banner Creator | Cross-Site Scripting (XSS) |
BP Member Type Manager | Cross-Site Scripting (XSS) |
Branding | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Breeze | Cross-Site Scripting (XSS) |
Broken Link Checker | Cross-Site Scripting (XSS) |
BuddyPress Docs | Cross-Site Scripting (XSS) |
BuddyPress Greeting Message | Cross-Site Scripting (XSS) |
Button contact VR | Cross-Site Scripting (XSS) |
bVerse Convert | Cross-Site Scripting (XSS) |
Campus Explorer Widget | Cross-Site Scripting (XSS) |
Captcha Bank | Cross-Site Scripting (XSS) |
Category and Taxonomy Image | Cross-Site Scripting (XSS) |
Category and Taxonomy Meta Fields | Cross-Site Scripting (XSS) |
Category and Taxonomy Meta Fields | Cross-Site Scripting (XSS) |
Category Icon | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
chatplusjp | Cross-Site Scripting (XSS) |
Checkout Field Editor (Checkout Manager) for WooCommerce | Cross-Site Scripting (XSS) from render_review_request_notice |
Church Admin | Cross-Site Scripting (XSS) |
CJ Change Howdy | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Click to Chat – WP Support All-in-One Floating Widget | Cross-Site Scripting (XSS) from wpsaio_snapchat Shortcode |
Click to Chat – WP Support All-in-One Floating Widget | Cross-Site Scripting (XSS) |
Client Power Tools Portal | Cross-Site Scripting (XSS) |
Clio Grow | Cross-Site Scripting (XSS) |
CMSMasters Content Composer | Cross-Site Scripting (XSS) from Shortcode |
CM Tooltip Glossary | Cross-Site Scripting (XSS) |
Code Embed | Cross-Site Scripting (XSS) |
Code Generate | Cross-Site Scripting (XSS) |
CodePen Embedded Pens Shortcode | Cross-Site Scripting (XSS) |
Community by PeepSo | Cross-Site Scripting (XSS) |
Compact WP Audio Player | Cross-Site Scripting (XSS) from sc_embed_player Shortcode |
Conditional Fields for Contact Form 7 | Cross-Site Scripting (XSS) |
Contact Form 7 – PayPal & Stripe Add-on | Cross-Site Scripting (XSS) |
Contact Form 7 - Repeatable Fields | Cross-Site Scripting (XSS) from field_group Shortcode |
Contact Form by Supsystic | Cross-Site Scripting (XSS) |
Cooked Pro | Cross-Site Scripting (XSS) |
Cookie Scanner | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Coub | Cross-Site Scripting (XSS) |
Countdown & Clock | Cross-Site Scripting (XSS) |
Country Flags for Elementor | Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
Crazy Call To Action Box | Cross-Site Scripting (XSS) |
cSlider | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Curator.io | Cross-Site Scripting (XSS) |
CURCY | Cross-Site Scripting (XSS) |
Custom Add to Cart Button Label and Link | Cross-Site Scripting (XSS) |
Custom Banners | Cross-Site Scripting (XSS) |
Custom Twitter Feeds (Tweets Widget) | Cross-Site Scripting (XSS) |
CWD 3D Image Gallery | Cross-Site Scripting (XSS) |
Da Reactions | Cross-Site Scripting (XSS) |
DearFlip | Cross-Site Scripting (XSS) |
Debrandify | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Demo Importer Plus | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Digitally Theme | Cross-Site Scripting (XSS) |
disconnected Theme | Cross-Site Scripting (XSS) |
Discount Rules for WooCommerce | Cross-Site Scripting (XSS) |
Display Medium Posts | Cross-Site Scripting (XSS) from display_medium_posts Shortcode |
DK PDF | Cross-Site Scripting (XSS) |
DocumentPress | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) |
Download Plugins and Themes from Dashboard | Cross-Site Scripting (XSS) |
DPD Baltic Shipping | Cross-Site Scripting (XSS) |
Easy Addons for Elementor | Cross-Site Scripting (XSS) |
Easy Demo Importer | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Easy Load More | Cross-Site Scripting (XSS) |
Easy Menu Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Easy PayPal Gift Certificate | Cross-Site Request Forgery to Cross-Site Scripting (XSS) |
Easy Post Types | Cross-Site Scripting (XSS) from Post Meta |
Easy Pricing Tables | Cross-Site Scripting (XSS) |
Easy Social Share Buttons | Cross-Site Scripting (XSS) |
Editor Custom Color Palette | Cross-Site Scripting (XSS) |
Edit WooCommerce Templates | Cross-Site Scripting (XSS) from page |
Edwiser Bridge | Cross-Site Scripting (XSS) |
Elastik Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Elemenda | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
Elementor Inline SVG | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
El mejor Cluster | Cross-Site Scripting (XSS) |
Email Template Customizer for WooCommerce | Cross-Site Scripting (XSS) |
Embed PDF Viewer | Cross-Site Scripting (XSS) |
EmbedPress | Cross-Site Scripting (XSS) |
Embed videos and respect privacy | Cross-Site Scripting (XSS) |
Encyclopedia and Glossary and Wiki | Cross-Site Scripting (XSS) |
Endless Posts Navigation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
Event Manager for WooCommerce | Cross-Site Scripting (XSS) |
EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
Events Addon for Elementor | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) |
Extra Privacy for Elementor | Cross-Site Scripting (XSS) |
Extra Product Options Builder for WooCommerce | Unauthenticated Cross-Site Scripting (XSS) |
Featured Posts with Multiple Custom Groups (FPMCG) | Cross-Site Scripting (XSS) |
File Upload (BAC) Types | Cross-Site Scripting (XSS) |
Firelight Lightbox | Cross-Site Scripting (XSS) |
Fish and Ships | Cross-Site Scripting (XSS) |
Flat UI Button | Cross-Site Scripting (XSS) from flatbtn Shortcode |
Flexmls® IDX | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
Fonto | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Forms for Mailchimp by Optin Cat | Cross-Site Scripting (XSS) from Form Color Parameters |
Forms for Mailchimp by Optin Cat | Cross-Site Scripting (XSS) |
FULL Customer | Cross-Site Scripting (XSS) |
Futurio Extra | Cross-Site Scripting (XSS) |
Gantry 4 Framework | Cross-Site Scripting (XSS) |
GDPR-Extensions-com | Cross-Site Scripting (XSS) |
GeoDirectory | Cross-Site Scripting (XSS) |
Geo Mashup | Cross-Site Scripting (XSS) from geo_mashup_visible_posts_list Shortcode |
GetResponse Forms | Cross-Site Scripting (XSS) |
G Meta Keywords | Cross-Site Scripting (XSS) |
Google Docs RSVP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
GoogleDrive folder list | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Google Language Translator | Cross-Site Scripting (XSS) |
Google Map Locations | Cross-Site Scripting (XSS) |
Gravity Forms Toolbar | Cross-Site Scripting (XSS) |
Guten Post Layout | Cross-Site Scripting (XSS) from align Attribute |
HT Team Member | Cross-Site Scripting (XSS) from htteamember Shortcode |
Hyperlink Group Block | Cross-Site Scripting (XSS) |
Ibtana | Cross-Site Scripting (XSS) from align Attribute |
ID-SK Toolkit | Cross-Site Scripting (XSS) |
ID-SK Toolkit | Cross-Site Scripting (XSS) |
Image Map Pro | Cross-Site Scripting (XSS) |
ImagePress | Cross-Site Scripting (XSS) from Plugin Settings |
Import and export users and customers | Cross-Site Scripting (XSS) |
Increase upload file size & Maximum Execution Time limit | Cross-Site Scripting (XSS) |
Interactive World Map | Cross-Site Scripting (XSS) |
Jigoshop – Store Exporter | Cross-Site Scripting (XSS) |
jLayer Parallax Slider | Cross-Site Scripting (XSS) |
js paper Theme | Cross-Site Scripting (XSS) |
Kama SpamBlock | Cross-Site Scripting (XSS) |
Kata Plus | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Kata Plus | Cross-Site Scripting (XSS) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Language Switcher | Cross-Site Scripting (XSS) |
LaTeX2HTML | Cross-Site Scripting (XSS) |
League of Legends Shortcodes | Cross-Site Scripting (XSS) from Shortcode |
leenk.me | Cross-Site Scripting (XSS) |
LH Copy Media File | Cross-Site Scripting (XSS) |
Lightbox slider – Responsive Lightbox Gallery | Cross-Site Scripting (XSS) |
Local Business Addons For Elementor | Cross-Site Scripting (XSS) |
LocateAndFilter | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Locatoraid Store Locator | Cross-Site Scripting (XSS) |
Loggedin | Cross-Site Scripting (XSS) |
Login Logout Shortcode | Cross-Site Scripting (XSS) from class Parameter |
Logo Slider | Cross-Site Scripting (XSS) |
Magazine Blocks | Cross-Site Scripting (XSS) |
Magazine Blocks | Cross-Site Scripting (XSS) |
Marketing and SEO Booster | Cross-Site Scripting (XSS) |
MAS Companies For WP Job Manager | Cross-Site Scripting (XSS) |
MAS Elementor | Cross-Site Scripting (XSS) |
Masteriyo - LMS | Cross-Site Scripting (XSS) |
Maximum Products per User for WooCommerce | Cross-Site Scripting (XSS) |
MC4WP: Mailchimp Top Bar | Cross-Site Scripting (XSS) |
Mega Elements | Cross-Site Scripting (XSS) |
Memberful | Cross-Site Scripting (XSS) |
Mighty Builder | Cross-Site Scripting (XSS) |
Mitm Bug Tracker | Cross-Site Scripting (XSS) |
Monitor.chat | Cross-Site Scripting (XSS) |
Monkee-Boy Essentials | Cross-Site Scripting (XSS) |
Movie Database | Cross-Site Scripting (XSS) |
myCred Elementor | Cross-Site Scripting (XSS) |
My Favorites | Cross-Site Scripting (XSS) |
my flatonica Theme | Cross-Site Scripting (XSS) |
Mynx Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
my wooden under construction Theme | Cross-Site Scripting (XSS) |
Namaste! LMS | Cross-Site Scripting (XSS) |
Namaste! LMS | Cross-Site Scripting (XSS) |
Namaste! LMS | Cross-Site Scripting (XSS) |
Newsletters | Cross-Site Scripting (XSS) from newsletters_video Shortcode |
Nexter Blocks | Cross-Site Scripting (XSS) |
Ninja Forms | Cross-Site Scripting (XSS) |
Ninja Forms | Cross-Site Scripting (XSS) |
Nioland Theme | Cross-Site Scripting (XSS) |
Omnipress | Cross-Site Scripting (XSS) |
Optin Hound | Cross-Site Scripting (XSS) from add_query_arg Parameter |
Paid Member Subscriptions | Cross-Site Scripting (XSS) |
Parallax Image | Cross-Site Scripting (XSS) from dd-parallax Shortcode |
Parcel Pro | Cross-Site Scripting (XSS) |
PDF Generator Addon for Elementor Page Builder | Cross-Site Scripting (XSS) |
PDF Image Generator | Cross-Site Scripting (XSS) |
PeproDev Ultimate Invoice | Cross-Site Scripting (XSS) |
Persian Woocommerce SMS | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Pinpoint Booking System | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Plexx Elementor Extension | Cross-Site Scripting (XSS) |
Poll Maker | Cross-Site Scripting (XSS) |
Popularis Extra | Cross-Site Scripting (XSS) |
Post Grid and Gutenberg Blocks | Cross-Site Scripting (XSS) |
Post Grid, Post Carousel, & List Category Posts – by Smart Post Show | Cross-Site Scripting (XSS) from Pagination Color |
Post Status Notifier Lite | Cross-Site Scripting (XSS) from page |
Post Status Notifier Premium | Cross-Site Scripting (XSS) from page |
PostX | Cross-Site Scripting (XSS) |
PostX | Cross-Site Scripting (XSS) |
PowerPress Podcasting | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) from Video Box Widget |
Pricer Ninja | Cross-Site Scripting (XSS) |
Primary Addon for Elementor | Cross-Site Scripting (XSS) |
PriPre | Cross-Site Scripting (XSS) |
Product Customizer Light | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Product Delivery Date for WooCommerce – Lite | Cross-Site Scripting (XSS) |
Products, Order & Customers Export for WooCommerce | Cross-Site Scripting (XSS) |
PublishPress Revisions | Cross-Site Scripting (XSS) |
PWA | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
QS Dark Mode | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce | Cross-Site Scripting (XSS) |
RabbitLoader | Cross-Site Scripting (XSS) |
R Animated Icon | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Raptor Editor | Cross-Site Scripting (XSS) |
ReDi Restaurant Reservation | Cross-Site Scripting (XSS) |
Relevanssi | Cross-Site Scripting (XSS) |
Relogo | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Rescue Shortcodes | Cross-Site Scripting (XSS) from Shortcode |
Responsive Lightbox | Cross-Site Scripting (XSS) |
Restaurant Reservations Widget | Cross-Site Scripting (XSS) |
Re:WP | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Risk Warning Bar | Cross-Site Scripting (XSS) |
Robo Gallery | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) from Team Member Widget |
RSS Feed Widget | Cross-Site Scripting (XSS) from rfw-youtube-videos Shortcode |
RumbleTalk Live Group Chat | Cross-Site Scripting (XSS) |
Scrollbar by webxapp – Best vertical and horizontal scrollbars plugin | Cross-Site Scripting (XSS) |
Selection Lite | Cross-Site Scripting (XSS) |
SendPulse Free Web Push | Unauthenticated Cross-Site Scripting (XSS) |
SEO Manager | Cross-Site Scripting (XSS) from Post Meta |
SEOPress | Cross-Site Scripting (XSS) |
SEUR Oficial | Cross-Site Scripting (XSS) |
ShiftController Employee Shift Scheduling | Cross-Site Scripting (XSS) |
Shortcode For Elementor Templates | Cross-Site Scripting (XSS) |
Shortcodes and extra features for Phlox theme | Cross-Site Scripting (XSS) from Modern Heading and Icon Picker Widgets |
Shortcodes Ultimate | DOM-Based Cross-Site Scripting (XSS) |
Shoutcast Icecast HTML5 Radio Player | Cross-Site Scripting (XSS) |
Simple Baseball Scoreboard | Cross-Site Scripting (XSS) |
Simple Custom Admin | Cross-Site Scripting (XSS) |
Simple Load More | Cross-Site Scripting (XSS) |
Simple News | Cross-Site Scripting (XSS) from news Shortcode |
Simple Testimonials Showcase | Cross-Site Scripting (XSS) |
Simply Schedule Appointments | Cross-Site Scripting (XSS) |
Simply Schedule Appointments | Cross-Site Scripting (XSS) |
Sirv | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
Sky Addons for Elementor | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Slimstat Analytics | Unauthenticated Cross-Site Scripting (XSS) |
Smart Blocks | Cross-Site Scripting (XSS) |
Smart Custom 404 Error Page | Cross-Site Scripting (XSS) |
Smart Online Order for Clover | Cross-Site Scripting (XSS) from moo_receipt_link Shortcode |
Smart Online Order for Clover | Cross-Site Scripting (XSS) |
SMS Alert Order Notifications – WooCommerce | Cross-Site Scripting (XSS) from sa_subscribe Shortcode |
Social Share Buttons | Cross-Site Scripting (XSS) |
Social Share With Floating Bar | Cross-Site Scripting (XSS) |
Social Sharing (by Danny) | Cross-Site Scripting (XSS) from Shortcode |
Stars Testimonials | Cross-Site Scripting (XSS) from stars_testimonials Shortcode |
StreamWeasels Twitch Integration | Cross-Site Scripting (XSS) from sw-twitch-embed Shortcode |
StreamWeasels YouTube Integration | Cross-Site Scripting (XSS) from sw-youtube-embed Shortcode |
Subscribe to Comments | Cross-Site Scripting (XSS) |
Suki Sites Import | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Survey Maker | Cross-Site Scripting (XSS) |
Survey Maker | Cross-Site Scripting (XSS) |
SVG Captcha | Cross-Site Scripting (XSS) |
SVG Complete | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
SW Kick Integration | Cross-Site Scripting (XSS) from sw-kick-embed Shortcode |
TablePress | Cross-Site Scripting (XSS) |
Tainacan | Cross-Site Scripting (XSS) |
T(-) Countdown | Cross-Site Scripting (XSS) from Shortcode |
Terms descriptions | Cross-Site Scripting (XSS) |
Textboxes | Cross-Site Scripting (XSS) |
ThemeHunk | Cross-Site Scripting (XSS) |
Themes4WP YouTube External Subtitles | Cross-Site Scripting (XSS) |
Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
Themify Builder | Cross-Site Scripting (XSS) |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
Tida URL Screenshot | Cross-Site Scripting (XSS) |
Time Slot | Cross-Site Scripting (XSS) |
TinyMCE | Cross-Site Scripting (XSS) |
Tito | Cross-Site Scripting (XSS) |
Todo Custom Field | Cross-Site Scripting (XSS) |
Trip Plan | Cross-Site Scripting (XSS) |
uCAT – Next Story | Cross-Site Scripting (XSS) |
Ultimate Member | Cross-Site Scripting (XSS) |
UltraAddons Elementor Lite | Cross-Site Scripting (XSS) |
Unlimited Addon For Elementor | Cross-Site Scripting (XSS) |
VKontakte Wall Post | Cross-Site Scripting (XSS) |
Web Bricks Addons for Elementor | Cross-Site Scripting (XSS) |
WeChat Subscribers Lite | Cross-Site Scripting (XSS) |
Whitelist | Cross-Site Scripting (XSS) |
Widget or Sidebar Shortcode | Cross-Site Scripting (XSS) from Shortcode |
WooCommerce Maintenance Mode | Cross-Site Scripting (XSS) |
WooCommerce Multilingual & Multicurrency | Cross-Site Scripting (XSS) |
WooCommerce – Store Exporter | Cross-Site Scripting (XSS) |
Woo Manage Fraud Orders | Cross-Site Scripting (XSS) |
WordPress Meta Data and Taxonomies Filter (MDTF) | Cross-Site Scripting (XSS) |
WordPress Portfolio Builder – Portfolio Gallery | Cross-Site Scripting (XSS) |
WordPress Video | Cross-Site Scripting (XSS) |
WP Abstracts | Cross-Site Scripting (XSS) |
WP Adminify | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WPAdverts – Classifieds Plugin | Unauthenticated Cross-Site Scripting (XSS) from adverts_add Shortcode |
WP Awesome Login | Cross-Site Scripting (XSS) |
WP Baidu Map | Cross-Site Scripting (XSS) from Shortcode |
WP Blocks Hub | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WP Builder | Cross-Site Scripting (XSS) |
WP Cleanup and Basic Functions | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WP Crowdfunding | Cross-Site Scripting (XSS) |
WP Education | Cross-Site Scripting (XSS) |
WP ERP | Cross-Site Scripting (XSS) |
WP Flow Plus | Cross-Site Scripting (XSS) |
WPKoi Templates for Elementor | Cross-Site Scripting (XSS) |
WP-Members | Cross-Site Scripting (XSS) from wpmem_loginout Shortcode |
WP-Members | Cross-Site Scripting (XSS) |
WP Photo Album Plus | Cross-Site Scripting (XSS) |
wpPricing Builder | Cross-Site Scripting (XSS) |
WP Recipe Maker | DOM-Based Cross-Site Scripting (XSS) from 'tooltip' |
WP Search Analytics | Cross-Site Scripting (XSS) |
WP show more | Cross-Site Scripting (XSS) |
WP-Spreadplugin | Cross-Site Scripting (XSS) |
WP Ultimate Post Grid | Cross-Site Scripting (XSS) |
Wsify Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
XO Slider | Cross-Site Scripting (XSS) |
YITH WooCommerce Product Add-Ons | Cross-Site Scripting (XSS) |
YML for Yandex Market | Cross-Site Scripting (XSS) |
Youzify | Cross-Site Scripting (XSS) |
Zita Elementor Site Library | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 2807 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.