WP XSS OCT 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS OCT 2024 is similarly HIGH compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS OCT 2024 & WP Cross-Site Scripting category:
012 PS Multi Languages | Cross-Site Scripting (XSS) |
Absolute Reviews | DOM-Based Cross-Site Scripting (XSS) from Criteria Name |
Accordion | Cross-Site Scripting (XSS) |
Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin | Cross-Site Scripting (XSS) |
Accordion Image Menu | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Advanced Sermons | Cross-Site Scripting (XSS) |
Advanced Woo Labels | Cross-Site Scripting (XSS) |
Advanced WordPress Backgrounds | Cross-Site Scripting (XSS) from imageTag Parameter |
amCharts: Charts and Maps | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
AnWP Football Leagues | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
ARI Fancy Lightbox | Cross-Site Scripting (XSS) |
Attributes for Blocks | Cross-Site Scripting (XSS) from attributesForBlocks Parameter |
Author Avatars List/Block | Cross-Site Scripting (XSS) |
Automatically Hierarchic Categories in Menu | Cross-Site Scripting (XSS) |
AZIndex | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
BA Book Everything | Cross-Site Scripting (XSS) |
Beam me up Scotty – Back to Top Button | Cross-Site Scripting (XSS) |
Beauty Theme | Cross-Site Scripting (XSS) from tpl_featured_cat_id Parameter |
Betheme Theme | Cross-Site Scripting (XSS) from SVG File |
Bit Form – Contact Form Plugin | Cross-Site Scripting (XSS) |
Blockspare | Cross-Site Scripting (XSS) |
Blogvi Theme | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bold Page Builder | Cross-Site Scripting (XSS) |
Bricks Builder Theme | Cross-Site Scripting (XSS) |
BSK Forms Blacklist | Cross-Site Scripting (XSS) |
BuddyForms | Cross-Site Scripting (XSS) |
Bulk NoIndex & NoFollow Toolkit | Cross-Site Scripting (XSS) |
Cab fare calculator | Cross-Site Scripting (XSS) |
Carousel Slider | Cross-Site Scripting (XSS) |
Catch Base Theme | Cross-Site Scripting (XSS) |
Charity Addon for Elementor | Cross-Site Scripting (XSS) |
Chartify | Cross-Site Scripting (XSS) |
Chatbot Support AI | Cross-Site Scripting (XSS) |
CM Pop-Up banners | Cross-Site Scripting (XSS) |
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Cross-Site Scripting (XSS) |
Common Tools for Site | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Community by PeepSo | Cross-Site Scripting (XSS) from content Parameter |
Confetti Fall Animation | Cross-Site Scripting (XSS) |
Contact Form 7 Math Captcha | Cross-Site Scripting (XSS) |
Contact Form to Any API | Unauthenticated Cross-Site Scripting (XSS) from Contact Form |
Content Blocks (Custom Post Widget) | Cross-Site Scripting (XSS) |
Copyscape Premium | CSRF to Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
CP Polls | Cross-Site Scripting (XSS) |
Create Theme | Cross-Site Scripting (XSS) |
Cron Jobs | Cross-Site Scripting (XSS) |
CubeWP Forms – All-in-One Form Builder | Cross-Site Scripting (XSS) |
Delicate Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Depicter Slider | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
Dynamic Featured Image | Cross-Site Scripting (XSS) from dfiFeatured Parameter |
ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
Elementor Addon Elements | Cross-Site Scripting (XSS) |
Elementor Website Builder | Cross-Site Scripting (XSS) in the URL Parameter in Multiple Widgets |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) from Video Widget |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
Email Obfuscate Shortcode | Cross-Site Scripting (XSS) |
Enter Addons | Cross-Site Scripting (XSS) |
Envira Photo Gallery | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) from Fancy Text Widget |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
EventON | Cross-Site Scripting (XSS) |
Exit Notifier | Cross-Site Scripting (XSS) |
Flaming Forms | Cross-Site Scripting (XSS) |
Flaming Forms | Unauthenticated Cross-Site Scripting (XSS) |
Flipping Cards | Cross-Site Scripting (XSS) |
Floating Contact Button | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Full frame Theme | Cross-Site Scripting (XSS) |
Fusion Builder | Cross-Site Scripting (XSS) from fusion_button Shortcode |
Gallery Lightbox | Cross-Site Scripting (XSS) |
Garden Gnome Package | Cross-Site Scripting (XSS) |
Geo Mashup | Cross-Site Scripting (XSS) |
GEO my WordPress | Cross-Site Scripting (XSS) |
GF Custom Style | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
Google Calendar Events | Cross-Site Scripting (XSS) |
Graphicsly | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Greenshift – animation and page builder blocks | Cross-Site Scripting (XSS) |
GS Logo Slider | Cross-Site Scripting (XSS) |
GTM Server Side | Cross-Site Scripting (XSS) |
GTM Server Side | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Gutenberg Blocks – Un blocks For Gutenberg | Cross-Site Scripting (XSS) |
GutenGeek Free Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
IMPress for IDX Broker | Cross-Site Scripting (XSS) |
Include Fussballde Widgets | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
JobSearch | Cross-Site Scripting (XSS) |
Keap Official Opt-in Forms | Cross-Site Scripting (XSS) |
king_IE | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Koko Analytics | Cross-Site Scripting (XSS) |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Cross-Site Scripting (XSS) from piechart_settings Parameter |
Logo Carousel – Clients logo carousel for WP | Cross-Site Scripting (XSS) |
Logo Manager For Enamad | Cross-Site Scripting (XSS) from Widget |
Loops & Logic | Cross-Site Scripting (XSS) |
Lucas String Replace | Cross-Site Scripting (XSS) |
MailOptin | Cross-Site Scripting (XSS) |
Mapplic Lite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Master Addons for Elementor | Cross-Site Scripting (XSS) from data-jltma-wrapper-link Element |
Material Design Icons | Cross-Site Scripting (XSS) from mdi-icon Shortcode |
MC4WP | Cross-Site Scripting (XSS) |
MC4WP | Cross-Site Scripting (XSS) |
Medical Addon for Elementor | Cross-Site Scripting (XSS) |
Mega Elements | Cross-Site Scripting (XSS) |
Meta slider and carousel with lightbox | Cross-Site Scripting (XSS) |
MM-Breaking News | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
MM-Breaking News | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
Move Addons for Elementor | Cross-Site Scripting (XSS) |
Multipurpose Ticket Booking Manager | Cross-Site Scripting (XSS) |
My Sticky Bar | Cross-Site Scripting (XSS) |
Neighborly Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Newsletters | Cross-Site Scripting (XSS) |
NEX-Forms – Ultimate Form Builder | Cross-Site Scripting (XSS) |
NiceJob | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
NiceJob | Cross-Site Scripting (XSS) |
Ninja Forms File Upload Extension | Unauthenticated Cross-Site Scripting (XSS) from File Upload (BAC) |
Ninja Forms | Cross-Site Scripting (XSS) |
Ninja Forms | Self-Based Cross-Site Scripting (XSS) from Referer |
NinjaTeam Header Footer Custom Code | Cross-Site Scripting (XSS) |
nm-visitors | Unauthenticated Cross-Site Scripting (XSS) from HTTP Header |
Nova Blocks by Pixelgrade | Cross-Site Scripting (XSS) from align Attribute |
OneElements – Best Elementor Addons | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
OSM – OpenStreetMap | Cross-Site Scripting (XSS) from osm_map and osm_map_v Shortcodes |
Page-list | Cross-Site Scripting (XSS) |
PDF Thumbnail Generator | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Pixel Cat | Cross-Site Scripting (XSS) |
Pocket Widget | Cross-Site Scripting (XSS) |
Popup Maker | Cross-Site Scripting (XSS) |
Post Grid and Gutenberg Blocks | Cross-Site Scripting (XSS) |
Preloader Plus - WordPress Loading Screen Plugin | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) from Media Grid Widget |
Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
Primary Addon for Elementor | Cross-Site Scripting (XSS) |
Product Slider for WooCommerce | Cross-Site Scripting (XSS) |
ProfileGrid | Cross-Site Scripting (XSS) |
Quick Code | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Quill Forms | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Radio Player | Cross-Site Scripting (XSS) from align Attribute |
RD Station | Cross-Site Scripting (XSS) |
Restaurant & Cafe Addon for Elementor | Cross-Site Scripting (XSS) |
Review & testimonial widgets | Cross-Site Scripting (XSS) |
Robokassa payment gateway for Woocommerce | Cross-Site Scripting (XSS) |
Roles & Capabilities | Cross-Site Scripting (XSS) |
RomethemeKit For Elementor | Cross-Site Scripting (XSS) |
Roseta Theme | Cross-Site Scripting (XSS) |
Search Atlas SEO | Cross-Site Scripting (XSS) |
Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
Septera Theme | Cross-Site Scripting (XSS) |
Seriously Simple Stats | Cross-Site Scripting (XSS) |
Share This Image | Cross-Site Scripting (XSS) from alignment Parameter |
Share This Image | Cross-Site Scripting (XSS) from STI Buttons Shortcode |
Share This Image | Cross-Site Scripting (XSS) |
ShiftController Employee Shift Scheduling | Cross-Site Scripting (XSS) |
ShopLentor | DOM-Based Cross-Site Scripting (XSS) |
Sign-up Sheets | Cross-Site Scripting (XSS) |
Simple LDAP Login | Cross-Site Scripting (XSS) |
Simple LDAP Login | Cross-Site Scripting (XSS) |
SKT Templates – Elementor & Gutenberg templates | Cross-Site Scripting (XSS) |
Sky Addons for Elementor | Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Scripting (XSS) |
SliceWP | Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) |
Slider comparison image before and after | Cross-Site Scripting (XSS) |
Slideshow Gallery | Cross-Site Scripting (XSS) |
Social Auto Poster | Cross-Site Scripting (XSS) |
Spice Starter Sites | Cross-Site Scripting (XSS) |
Spiffy Calendar | Cross-Site Scripting (XSS) |
Spiffy Calendar | Cross-Site Scripting (XSS) |
Starbox | Cross-Site Scripting (XSS) |
Starbox | Cross-Site Scripting (XSS) |
Starter Templates | Cross-Site Scripting (XSS) |
Store Hours for WooCommerce | Cross-Site Scripting (XSS) |
Super Testimonials | Cross-Site Scripting (XSS) from alignment Parameter |
tagDiv Composer | Cross-Site Scripting (XSS) from envato_code[] |
Team Showcase | Cross-Site Scripting (XSS) |
Terms descriptions | Cross-Site Scripting (XSS) |
Thanh Toán Quét Mã QR Code Tự Động | Unauthenticated Cross-Site Scripting (XSS) |
The Events Calendar | Unauthenticated Cross-Site Scripting (XSS) |
Themedy Toolbox | Cross-Site Scripting (XSS) from Multiple Shortcodes |
Themesflat Addons For Elementor | Multiple Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Scripting (XSS) |
The Post Grid | Cross-Site Scripting (XSS) via Grid Creation |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) from page |
TNC PDF viewer | Cross-Site Scripting (XSS) |
Triton Lite Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Tweaker5 Theme | Cross-Site Scripting (XSS) from Button Shortcode |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Un Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) |
VdoCipher | Cross-Site Scripting (XSS) |
Verbosa Theme | Cross-Site Scripting (XSS) |
viala Theme | Cross-Site Scripting (XSS) |
Waitlist Woocommerce ( Back in stock notifier ) | Cross-Site Scripting (XSS) |
WCFM Marketplace | Cross-Site Scripting (XSS) |
Web Directory Free | Cross-Site Scripting (XSS) |
WP Abstracts | Cross-Site Scripting (XSS) |
WP AdCenter | Cross-Site Scripting (XSS) from ad_alignment Attribute |
WP Booking System | Cross-Site Scripting (XSS) |
WP Bulk Delete | Cross-Site Scripting (XSS) |
WP Category Dropdown | Cross-Site Scripting (XSS) from align Parameter |
WPCOM Member | Cross-Site Scripting (XSS) |
WP Compress – Image Optimiser [All-In-One] | Cross-Site Scripting (XSS) |
WP Custom Fields Search | Cross-Site Scripting (XSS) from wpcfs-preset Shortcode |
WP Datepicker | Cross-Site Scripting (XSS) |
WP-DownloadManager | Cross-Site Scripting (XSS) |
WPFactory Helper | Cross-Site Scripting (XSS) |
WP GPX Map | Cross-Site Scripting (XSS) from sgpx Shortcode |
WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
WP Mail Catcher | Cross-Site Scripting (XSS) |
WP Meta SEO | Cross-Site Scripting (XSS) |
WPMobileApp | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) |
WP MyLinks | Cross-Site Scripting (XSS) |
WP Simple Booking Calendar | Cross-Site Scripting (XSS) |
WP Test Email | Cross-Site Scripting (XSS) |
WP Timeline – Vertical and Horizontal timeline plugin | Cross-Site Scripting (XSS) |
WP Travel | Cross-Site Scripting (XSS) |
WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
WP ULike | Cross-Site Scripting (XSS) |
WP-WebAuthn | Cross-Site Scripting (XSS) |
WPZOOM Portfolio | Cross-Site Scripting (XSS) from align Attribute |
WPZOOM Shortcodes | Cross-Site Scripting (XSS) from box Shortcode |
WS Form LITE | Cross-Site Scripting (XSS) |
XLTab – Accordions and Tabs for Elementor Page Builder | Cross-Site Scripting (XSS) |
XT Ajax Add To Cart for WooCommerce | Cross-Site Scripting (XSS) |
YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
YITH Custom Login | Cross-Site Scripting (XSS) |
YITH WooCommerce Product Add-Ons | Cross-Site Scripting (XSS) |
Zoho Forms | Cross-Site Scripting (XSS) |
Zotpress | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 2430 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.