WP XSS SEP 2024
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS SEP 2024 is a -11% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS SEP 2024 & WP Cross-Site Scripting category:
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
Admission AppManager | Cross-Site Scripting (XSS) |
Ajax Search Lite | Cross-Site Scripting (XSS) |
All Bootstrap Blocks | Cross-Site Scripting (XSS) |
Allegiant Theme | Cross-Site Scripting (XSS) |
ARMember | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
azurecurve Toggle Show/Hide | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) via type Parameter |
Betheme Theme | Cross-Site Scripting (XSS) via Shortcode |
BetterDocs | Cross-Site Scripting (XSS) |
Black Widgets For Elementor | Cross-Site Scripting (XSS) |
Blockspare | Cross-Site Scripting (XSS) |
Blog2Social | Cross-Site Scripting (XSS) via File Upload (BAC) |
Bold Timeline Lite | Cross-Site Scripting (XSS) |
Booking Calendar | Cross-Site Scripting (XSS) |
BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Bravada Theme | Cross-Site Scripting (XSS) |
Breakdance | Cross-Site Scripting (XSS) |
Brickscore | Cross-Site Scripting (XSS) |
BSK Forms Blacklist | Cross-Site Scripting (XSS) |
Busiprof Theme | Cross-Site Scripting (XSS) |
Bus Ticket Booking with Seat Reservation | Cross-Site Scripting (XSS) |
Button contact VR | Cross-Site Scripting (XSS) |
Card Elements for Elementor | Cross-Site Scripting (XSS) |
Category Posts Widget | Cross-Site Scripting (XSS) |
Child Theme Creator | Cross-Site Scripting (XSS) |
Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Classic Addons – WPBakery Page Builder | Cross-Site Scripting (XSS) |
Clever Addons for Elementor | Cross-Site Scripting (XSS) |
CM Tooltip Glossary | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) |
Collapsing Archives | Cross-Site Scripting (XSS) |
collectchat | Cross-Site Scripting (XSS) |
ComboBlocks | Cross-Site Scripting (XSS) via redirectURL Parameter of Date Countdown Widget |
ComboBlocks | Cross-Site Scripting (XSS) |
ComboBlocks | Cross-Site Scripting (XSS) via Accordion Block |
Community Events | Cross-Site Scripting (XSS) |
Cooked | Persistent Cross-Site Scripting (XSS) via Shortcode |
Cookie Notice & Compliance for GDPR / CCPA | Cross-Site Scripting (XSS) |
Cryptocurrency Widgets – Price Ticker & Coins List | Cross-Site Scripting (XSS) |
Custom 404 Pro | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Layouts – Post + Product grids made easy | Cross-Site Scripting (XSS) |
Custom Permalinks | Cross-Site Scripting (XSS) |
Custom Query Blocks | Cross-Site Scripting (XSS) |
DearFlip | Cross-Site Scripting (XSS) |
Delicious Recipes – WordPress Recipe Plugin | Cross-Site Scripting (XSS) |
Depicter Slider | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DL Robots.txt | Cross-Site Scripting (XSS) |
DSGVO All in one for WP | Cross-Site Scripting (XSS) |
e2pdf | Cross-Site Scripting (XSS) |
Easy Digital Downloads | Cross-Site Scripting (XSS) via Agreement Text |
EasyJobs | Cross-Site Scripting (XSS) |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Custom Gallery and Countdown Widgets |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) via title_tag |
Element Pack Pro | Cross-Site Scripting (XSS) via Wrapper Link URL |
ElementsKit Pro | Cross-Site Scripting (XSS) |
EmbedPress | Cross-Site Scripting (XSS) |
Enfold Theme | Cross-Site Scripting (XSS) via wrapper_class and class Parameters |
Enter Addons | Cross-Site Scripting (XSS) |
Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
Esotera Theme | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) via no_more_items_text Parameter |
Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
Eventin | Cross-Site Scripting (XSS) |
Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
Extensions for Elementor | Cross-Site Scripting (XSS) |
Filmix Theme | Cross-Site Scripting (XSS) |
Filr – Secure document library | Cross-Site Scripting (XSS) |
Filter & Grids | Cross-Site Scripting (XSS) |
Fluida Theme | Cross-Site Scripting (XSS) |
Folders | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
FooBox Image Lightbox | DOM-Based Cross-Site Scripting (XSS) via HTML Data Attributes |
Football Pool | Cross-Site Scripting (XSS) |
Football Pool | Cross-Site Scripting (XSS) |
FormFacade | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Front End Users | Cross-Site Scripting (XSS) via Shortcode |
Funnel Kit Funnel Builder PRO | Cross-Site Scripting (XSS) via allow_iframe_tag_in_post |
Fuse Social Floating Sidebar | Cross-Site Scripting (XSS) via File Upload (BAC) |
GHActivity | Cross-Site Scripting (XSS) |
GivingPress Lite Theme | Cross-Site Scripting (XSS) |
Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Graphina | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via "Days Label" |
Gutentor | Cross-Site Scripting (XSS) via pTitleTag |
Gutentor | Cross-Site Scripting (XSS) |
Gutenverse | Cross-Site Scripting (XSS) |
Happyforms | Cross-Site Scripting (XSS) |
Hotel Galaxy Theme | Cross-Site Scripting (XSS) |
House Manager | Cross-Site Scripting (XSS) |
Houzez Theme | Cross-Site Scripting (XSS) |
HubSpot | Cross-Site Scripting (XSS) via HubSpot Meeting Widget |
Icegram | Cross-Site Scripting (XSS) |
IntoTheDark Theme | Cross-Site Scripting (XSS) |
Invite Anyone | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) via SVG File |
JetBlocks For Elementor | Cross-Site Scripting (XSS) |
JetElements For Elementor | Cross-Site Scripting (XSS) |
JetSearch | Cross-Site Scripting (XSS) |
Kahuna Theme | Cross-Site Scripting (XSS) |
Kodex Posts likes | Cross-Site Scripting (XSS) |
Kubio AI Page Builder | Cross-Site Scripting (XSS) |
LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
LatePoint | Cross-Site Scripting (XSS) |
LH Add Media From Url | Cross-Site Scripting (XSS) |
Like Button Rating | Cross-Site Scripting (XSS) |
Liquido Theme | Cross-Site Scripting (XSS) |
LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
Livemesh Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) |
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Magic Post Thumbnail | Cross-Site Scripting (XSS) |
Magic Post Thumbnail | Cross-Site Scripting (XSS) |
Mantra Theme | Cross-Site Scripting (XSS) |
MDx Theme | Cross-Site Scripting (XSS) via mdx_list_item Shortcode |
Mediavine Control Panel | Cross-Site Scripting (XSS) |
Mega Addons For Elementor | Cross-Site Scripting (XSS) |
Memberpress | Cross-Site Scripting (XSS) via mepr_screenname and mepr_key Parameters |
Message Filter for Contact Form 7 | Cross-Site Scripting (XSS) |
Meta Field Block | Cross-Site Scripting (XSS) |
Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Modal Window | Cross-Site Scripting (XSS) |
Music Request Manager | Cross-Site Scripting (XSS) |
Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
myCred | Cross-Site Scripting (XSS) |
My Sticky Bar | Cross-Site Scripting (XSS) |
Mystique Theme | Cross-Site Scripting (XSS) |
Name Directory | Cross-Site Scripting (XSS) |
Newsletters | Cross-Site Scripting (XSS) |
Ninja Forms | Cross-Site Scripting (XSS) |
Ninja Tables | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Nirvana Theme | Cross-Site Scripting (XSS) |
Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
Opor Ayam Theme | Cross-Site Scripting (XSS) |
Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Organization chart | Cross-Site Scripting (XSS) via title_input and node_description Parameters |
OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
PageLayer | Cross-Site Scripting (XSS) |
Parabola Theme | Cross-Site Scripting (XSS) |
ParcelPanel | Cross-Site Scripting (XSS) |
Phlox Portfolio | Cross-Site Scripting (XSS) |
Phlox PRO Theme | Cross-Site Scripting (XSS) via Search Parameters |
Photo Engine | Cross-Site Scripting (XSS) |
Pinpoint Booking System | Cross-Site Scripting (XSS) |
Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Podlove Podcast Publisher | Cross-Site Scripting (XSS) |
Popup Maker | Cross-Site Scripting (XSS) |
Posterity Theme | Cross-Site Scripting (XSS) |
Post Grid Master | Cross-Site Scripting (XSS) |
PowerPack for Beaver Builder | Cross-Site Scripting (XSS) |
Products, Order & Customers Export for WooCommerce | Cross-Site Scripting (XSS) |
Purity Of Soul Theme | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
RegistrationMagic | Cross-Site Scripting (XSS) |
RegistrationMagic | Cross-Site Scripting (XSS) |
Responsive Blocks | Cross-Site Scripting (XSS) |
Responsive Lightbox | Cross-Site Scripting (XSS) via File Upload (BAC) |
Responsive Video | Cross-Site Scripting (XSS) |
Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
RT Easy Builder – Advanced addons for Elementor | Cross-Site Scripting (XSS) |
Search Filter Pro | Cross-Site Scripting (XSS) |
Selection Lite | Cross-Site Scripting (XSS) |
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Scripting (XSS) |
Sheet to Table Live Sync for Google Sheet | Cross-Site Scripting (XSS) via STWT_Sheet_Table Shortcode |
Shield Security | Cross-Site Scripting (XSS) |
Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) |
Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Simple Share | Cross-Site Scripting (XSS) |
SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
Slider by Soliloquy | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Sliding Door Theme | Cross-Site Scripting (XSS) |
SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Spectra | Cross-Site Scripting (XSS) |
Spectra Pro | Cross-Site Scripting (XSS) via Block IDs |
StreamCast | Cross-Site Scripting (XSS) |
String locator | Cross-Site Scripting (XSS) |
Stripe Payments | Cross-Site Scripting (XSS) via accept_stripe_payment_ng Shortcode |
Structured Content | Cross-Site Scripting (XSS) |
Sunshine Photo Cart | Cross-Site Scripting (XSS) |
Super Store Finder | Cross-Site Scripting (XSS) |
SureCart | Cross-Site Scripting (XSS) |
Swift Framework Page Builder | Cross-Site Scripting (XSS) |
Taxi Booking Manager for WooCommerce | Cross-Site Scripting (XSS) |
Team Showcase | Cross-Site Scripting (XSS) |
Tempera Theme | Cross-Site Scripting (XSS) |
Term And Category Based Posts Widget | Cross-Site Scripting (XSS) |
Testimonials | Cross-Site Scripting (XSS) |
Themify Shortcodes | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Video Widget |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
Tin Canny Reporting for LearnDash | Cross-Site Scripting (XSS) |
Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
Tutor LMS | Cross-Site Scripting (XSS) |
Ultimate Addons for Beaver Builder – Lite | Cross-Site Scripting (XSS) |
Ultimate Classified Listings | Cross-Site Scripting (XSS) |
Ultimate Membership Pro | Cross-Site Scripting (XSS) |
Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Viral Signup | Cross-Site Scripting (XSS) |
Visual Composer Starter Theme | Cross-Site Scripting (XSS) |
Void Contact Form 7 Widget For Elementor Page Builder | Cross-Site Scripting (XSS) |
WappPress | Cross-Site Scripting (XSS) |
WC Marketplace | Cross-Site Scripting (XSS) |
Web and WooCommerce Addons for WPBakery Builder | Cross-Site Scripting (XSS) |
weMail | Cross-Site Scripting (XSS) |
White Label CMS | Cross-Site Scripting (XSS) |
WHMpress | Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
WordPress File Upload | Cross-Site Scripting (XSS) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
WordSurvey | Cross-Site Scripting (XSS) via sounding_title Parameter |
WP Armour Extended | Cross-Site Scripting (XSS) |
WPBakery Page Builder | Cross-Site Scripting (XSS) |
WP Bannerize Pro | Cross-Site Scripting (XSS) |
WP Dashboard Notes | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
WP eStore | Cross-Site Scripting (XSS) in Customer Search |
WP Fast Total Search | Cross-Site Scripting (XSS) |
WP Last Modified Info | Cross-Site Scripting (XSS) via lmt-post-modified-info Shortcode |
WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
WPMobile.App | Cross-Site Scripting (XSS) |
WP MultiTasking | Cross-Site Scripting (XSS) via Shortcode |
WP-PostRatings | Cross-Site Scripting (XSS) |
WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
WP Telegram Widget and Join Link | Cross-Site Scripting (XSS) |
WP Testimonial Widget | Cross-Site Scripting (XSS) |
WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) |
Xpro Elementor Addons | Cross-Site Scripting (XSS) via Post Grid Widget |
YaMaps for WordPress | Cross-Site Scripting (XSS) |
YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
Zephyr Project Manager | Cross-Site Scripting (XSS) via filename Parameter |
Zephyr Project Manager | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 2180 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.