WP XSS SEP 2024
WP Cross-Site Scripting
Tailored WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS SEP 2024 is a -11% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS SEP 2024 & WP Cross-Site Scripting category:
| 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
| Admission AppManager | Cross-Site Scripting (XSS) |
| Ajax Search Lite | Cross-Site Scripting (XSS) |
| All Bootstrap Blocks | Cross-Site Scripting (XSS) |
| Allegiant Theme | Cross-Site Scripting (XSS) |
| ARMember | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| azurecurve Toggle Show/Hide | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) via type Parameter |
| Betheme Theme | Cross-Site Scripting (XSS) via Shortcode |
| BetterDocs | Cross-Site Scripting (XSS) |
| Black Widgets For Elementor | Cross-Site Scripting (XSS) |
| Blockspare | Cross-Site Scripting (XSS) |
| Blog2Social | Cross-Site Scripting (XSS) via File Upload (BAC) |
| Bold Timeline Lite | Cross-Site Scripting (XSS) |
| Booking Calendar | Cross-Site Scripting (XSS) |
| BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Bravada Theme | Cross-Site Scripting (XSS) |
| Breakdance | Cross-Site Scripting (XSS) |
| Brickscore | Cross-Site Scripting (XSS) |
| BSK Forms Blacklist | Cross-Site Scripting (XSS) |
| Busiprof Theme | Cross-Site Scripting (XSS) |
| Bus Ticket Booking with Seat Reservation | Cross-Site Scripting (XSS) |
| Button contact VR | Cross-Site Scripting (XSS) |
| Card Elements for Elementor | Cross-Site Scripting (XSS) |
| Category Posts Widget | Cross-Site Scripting (XSS) |
| Child Theme Creator | Cross-Site Scripting (XSS) |
| Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Classic Addons – WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Clever Addons for Elementor | Cross-Site Scripting (XSS) |
| CM Tooltip Glossary | Cross-Site Scripting (XSS) |
| CoBlocks | Cross-Site Scripting (XSS) |
| Collapsing Archives | Cross-Site Scripting (XSS) |
| collectchat | Cross-Site Scripting (XSS) |
| ComboBlocks | Cross-Site Scripting (XSS) via redirectURL Parameter of Date Countdown Widget |
| ComboBlocks | Cross-Site Scripting (XSS) |
| ComboBlocks | Cross-Site Scripting (XSS) via Accordion Block |
| Community Events | Cross-Site Scripting (XSS) |
| Cooked | Persistent Cross-Site Scripting (XSS) via Shortcode |
| Cookie Notice & Compliance for GDPR / CCPA | Cross-Site Scripting (XSS) |
| Cryptocurrency Widgets – Price Ticker & Coins List | Cross-Site Scripting (XSS) |
| Custom 404 Pro | Cross-Site Scripting (XSS) |
| Custom Field Template | Cross-Site Scripting (XSS) |
| Custom Layouts – Post + Product grids made easy | Cross-Site Scripting (XSS) |
| Custom Permalinks | Cross-Site Scripting (XSS) |
| Custom Query Blocks | Cross-Site Scripting (XSS) |
| DearFlip | Cross-Site Scripting (XSS) |
| Delicious Recipes – WordPress Recipe Plugin | Cross-Site Scripting (XSS) |
| Depicter Slider | Cross-Site Scripting (XSS) |
| Ditty | Cross-Site Scripting (XSS) |
| DL Robots.txt | Cross-Site Scripting (XSS) |
| DSGVO All in one for WP | Cross-Site Scripting (XSS) |
| e2pdf | Cross-Site Scripting (XSS) |
| Easy Digital Downloads | Cross-Site Scripting (XSS) via Agreement Text |
| EasyJobs | Cross-Site Scripting (XSS) |
| Easy Table of Contents | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Custom Gallery and Countdown Widgets |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) via title_tag |
| Element Pack Pro | Cross-Site Scripting (XSS) via Wrapper Link URL |
| ElementsKit Pro | Cross-Site Scripting (XSS) |
| EmbedPress | Cross-Site Scripting (XSS) |
| Enfold Theme | Cross-Site Scripting (XSS) via wrapper_class and class Parameters |
| Enter Addons | Cross-Site Scripting (XSS) |
| Envo’s Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
| Esotera Theme | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) via no_more_items_text Parameter |
| Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
| EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
| Eventin | Cross-Site Scripting (XSS) |
| Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
| Extensions for Elementor | Cross-Site Scripting (XSS) |
| Filmix Theme | Cross-Site Scripting (XSS) |
| Filr – Secure document library | Cross-Site Scripting (XSS) |
| Filter & Grids | Cross-Site Scripting (XSS) |
| Fluida Theme | Cross-Site Scripting (XSS) |
| Folders | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
| FooBox Image Lightbox | DOM-Based Cross-Site Scripting (XSS) via HTML Data Attributes |
| Football Pool | Cross-Site Scripting (XSS) |
| Football Pool | Cross-Site Scripting (XSS) |
| FormFacade | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Front End Users | Cross-Site Scripting (XSS) via Shortcode |
| Funnel Kit Funnel Builder PRO | Cross-Site Scripting (XSS) via allow_iframe_tag_in_post |
| Fuse Social Floating Sidebar | Cross-Site Scripting (XSS) via File Upload (BAC) |
| GHActivity | Cross-Site Scripting (XSS) |
| GivingPress Lite Theme | Cross-Site Scripting (XSS) |
| Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Graphina | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via “Days Label” |
| Gutentor | Cross-Site Scripting (XSS) via pTitleTag |
| Gutentor | Cross-Site Scripting (XSS) |
| Gutenverse | Cross-Site Scripting (XSS) |
| Happyforms | Cross-Site Scripting (XSS) |
| Hotel Galaxy Theme | Cross-Site Scripting (XSS) |
| House Manager | Cross-Site Scripting (XSS) |
| Houzez Theme | Cross-Site Scripting (XSS) |
| HubSpot | Cross-Site Scripting (XSS) via HubSpot Meeting Widget |
| Icegram | Cross-Site Scripting (XSS) |
| IntoTheDark Theme | Cross-Site Scripting (XSS) |
| Invite Anyone | Cross-Site Scripting (XSS) |
| Jeg Elementor Kit | Cross-Site Scripting (XSS) via SVG File |
| JetBlocks For Elementor | Cross-Site Scripting (XSS) |
| JetElements For Elementor | Cross-Site Scripting (XSS) |
| JetSearch | Cross-Site Scripting (XSS) |
| Kahuna Theme | Cross-Site Scripting (XSS) |
| Kodex Posts likes | Cross-Site Scripting (XSS) |
| Kubio AI Page Builder | Cross-Site Scripting (XSS) |
| LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
| LatePoint | Cross-Site Scripting (XSS) |
| LH Add Media From Url | Cross-Site Scripting (XSS) |
| Like Button Rating | Cross-Site Scripting (XSS) |
| Liquido Theme | Cross-Site Scripting (XSS) |
| LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
| Livemesh Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Magic Post Thumbnail | Cross-Site Scripting (XSS) |
| Magic Post Thumbnail | Cross-Site Scripting (XSS) |
| Mantra Theme | Cross-Site Scripting (XSS) |
| MDx Theme | Cross-Site Scripting (XSS) via mdx_list_item Shortcode |
| Mediavine Control Panel | Cross-Site Scripting (XSS) |
| Mega Addons For Elementor | Cross-Site Scripting (XSS) |
| Memberpress | Cross-Site Scripting (XSS) via mepr_screenname and mepr_key Parameters |
| Message Filter for Contact Form 7 | Cross-Site Scripting (XSS) |
| Meta Field Block | Cross-Site Scripting (XSS) |
| Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Modal Window | Cross-Site Scripting (XSS) |
| Music Request Manager | Cross-Site Scripting (XSS) |
| Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
| MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| myCred | Cross-Site Scripting (XSS) |
| My Sticky Bar | Cross-Site Scripting (XSS) |
| Mystique Theme | Cross-Site Scripting (XSS) |
| Name Directory | Cross-Site Scripting (XSS) |
| Newsletters | Cross-Site Scripting (XSS) |
| Ninja Forms | Cross-Site Scripting (XSS) |
| Ninja Tables | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Nirvana Theme | Cross-Site Scripting (XSS) |
| Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
| Opor Ayam Theme | Cross-Site Scripting (XSS) |
| Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Organization chart | Cross-Site Scripting (XSS) via title_input and node_description Parameters |
| OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| PageLayer | Cross-Site Scripting (XSS) |
| Parabola Theme | Cross-Site Scripting (XSS) |
| ParcelPanel | Cross-Site Scripting (XSS) |
| Phlox Portfolio | Cross-Site Scripting (XSS) |
| Phlox PRO Theme | Cross-Site Scripting (XSS) via Search Parameters |
| Photo Engine | Cross-Site Scripting (XSS) |
| Pinpoint Booking System | Cross-Site Scripting (XSS) |
| Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| Podlove Podcast Publisher | Cross-Site Scripting (XSS) |
| Popup Maker | Cross-Site Scripting (XSS) |
| Posterity Theme | Cross-Site Scripting (XSS) |
| Post Grid Master | Cross-Site Scripting (XSS) |
| PowerPack for Beaver Builder | Cross-Site Scripting (XSS) |
| Products, Order & Customers Export for WooCommerce | Cross-Site Scripting (XSS) |
| Purity Of Soul Theme | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| RegistrationMagic | Cross-Site Scripting (XSS) |
| RegistrationMagic | Cross-Site Scripting (XSS) |
| Responsive Blocks | Cross-Site Scripting (XSS) |
| Responsive Lightbox | Cross-Site Scripting (XSS) via File Upload (BAC) |
| Responsive Video | Cross-Site Scripting (XSS) |
| Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| RT Easy Builder – Advanced addons for Elementor | Cross-Site Scripting (XSS) |
| Search Filter Pro | Cross-Site Scripting (XSS) |
| Selection Lite | Cross-Site Scripting (XSS) |
| Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Scripting (XSS) |
| Sheet to Table Live Sync for Google Sheet | Cross-Site Scripting (XSS) via STWT_Sheet_Table Shortcode |
| Shield Security | Cross-Site Scripting (XSS) |
| Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) |
| Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Simple Share | Cross-Site Scripting (XSS) |
| SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
| Slider by Soliloquy | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Sliding Door Theme | Cross-Site Scripting (XSS) |
| SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
| Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Spectra | Cross-Site Scripting (XSS) |
| Spectra Pro | Cross-Site Scripting (XSS) via Block IDs |
| StreamCast | Cross-Site Scripting (XSS) |
| String locator | Cross-Site Scripting (XSS) |
| Stripe Payments | Cross-Site Scripting (XSS) via accept_stripe_payment_ng Shortcode |
| Structured Content | Cross-Site Scripting (XSS) |
| Sunshine Photo Cart | Cross-Site Scripting (XSS) |
| Super Store Finder | Cross-Site Scripting (XSS) |
| SureCart | Cross-Site Scripting (XSS) |
| Swift Framework Page Builder | Cross-Site Scripting (XSS) |
| Taxi Booking Manager for WooCommerce | Cross-Site Scripting (XSS) |
| Team Showcase | Cross-Site Scripting (XSS) |
| Tempera Theme | Cross-Site Scripting (XSS) |
| Term And Category Based Posts Widget | Cross-Site Scripting (XSS) |
| Testimonials | Cross-Site Scripting (XSS) |
| Themify Shortcodes | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Video Widget |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| Tin Canny Reporting for LearnDash | Cross-Site Scripting (XSS) |
| Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
| Tutor LMS | Cross-Site Scripting (XSS) |
| Ultimate Addons for Beaver Builder – Lite | Cross-Site Scripting (XSS) |
| Ultimate Classified Listings | Cross-Site Scripting (XSS) |
| Ultimate Membership Pro | Cross-Site Scripting (XSS) |
| Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
| Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Viral Signup | Cross-Site Scripting (XSS) |
| Visual Composer Starter Theme | Cross-Site Scripting (XSS) |
| Void Contact Form 7 Widget For Elementor Page Builder | Cross-Site Scripting (XSS) |
| WappPress | Cross-Site Scripting (XSS) |
| WC Marketplace | Cross-Site Scripting (XSS) |
| Web and WooCommerce Addons for WPBakery Builder | Cross-Site Scripting (XSS) |
| weMail | Cross-Site Scripting (XSS) |
| White Label CMS | Cross-Site Scripting (XSS) |
| WHMpress | Cross-Site Scripting (XSS) |
| WooCommerce | Cross-Site Scripting (XSS) |
| WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
| WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
| WordPress File Upload | Cross-Site Scripting (XSS) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
| WordSurvey | Cross-Site Scripting (XSS) via sounding_title Parameter |
| WP Armour Extended | Cross-Site Scripting (XSS) |
| WPBakery Page Builder | Cross-Site Scripting (XSS) |
| WP Bannerize Pro | Cross-Site Scripting (XSS) |
| WP Dashboard Notes | Cross-Site Scripting (XSS) |
| WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| WP eStore | Cross-Site Scripting (XSS) in Customer Search |
| WP Fast Total Search | Cross-Site Scripting (XSS) |
| WP Last Modified Info | Cross-Site Scripting (XSS) via lmt-post-modified-info Shortcode |
| WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
| WPMobile.App | Cross-Site Scripting (XSS) |
| WP MultiTasking | Cross-Site Scripting (XSS) via Shortcode |
| WP-PostRatings | Cross-Site Scripting (XSS) |
| WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
| WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
| WP Telegram Widget and Join Link | Cross-Site Scripting (XSS) |
| WP Testimonial Widget | Cross-Site Scripting (XSS) |
| WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) via Post Grid Widget |
| YaMaps for WordPress | Cross-Site Scripting (XSS) |
| YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
| Zephyr Project Manager | Cross-Site Scripting (XSS) via filename Parameter |
| Zephyr Project Manager | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 2180 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
