XSS SEP 2021 – Cross-Site Scripting SEP 2021
Tailored WordPress Security Report
Be informed about the latest Cross-Site Scripting SEP 2021, identified and reported publicly. As these XSS SEP 2021 vulnerabilities have a severe negative impact on any WordPress Security, consider our FREE security AUDIT.
An estimated jaw-dropping 8.699.000+ active WordPress installations were susceptible to these attack types, considering only the publicly disclosed and available numbers. The estimated number can increase by 20-25% with premium versions as they are private purchases.
Furthermore, the initial estimation can triple if we consider (1) the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain; and (2) the closed “uncounted” versions remain active on domains already running the plugins, as nobody is maintaining security. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind new / protected areas, possibly exposing other clean WP to different attack types.
It is a mind-boggling 1973% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: ALERT:150 XSS AUG 2021 – Cross-Site Scripting AUG 2021 Blast and 11 XSS – Cross-Site Scripting – WordPress Security DEC. The following cases made headlines PUBLICLY just last month in the XSS SEP 2021 category:
Hire security geeks to protect your WP from publicly reported cases of XSS SEP 2021 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
- Alojapro Widget – Authenticated Stored Cross-Site Scripting (XSS)
- Basic search box with check-in and check-out dates to make a search on Alojapro booking engine. Also allows to set and email and/or a discount code. The Iframe functionality allows the user to integrate the bookings search results into any page. Active installations: 10+
- Shortcodes Ultimate – Contributor+ Stored XSS
- Shortcodes Ultimate is a comprehensive collection of various visual and functional elements, which you can use in the post editor, text widgets or even in template files. Using Shortcodes Ultimate you can easily create tabs, buttons, boxes, sliders and carousels, responsive videos and much, much more. Active installations: 800,000+
- Post Views Counter – Authenticated Stored XSS
- Post Views Counter allows you to display how many times a post, page or custom post type had been viewed with this simple, fast and easy to use plugin. Active installations: 100,000+
- SMTP Mail – Authenticated SQL Injections
- SMTP Mail – Reflected Cross-Site Scripting (XSS)
- SMTP settings, mail function, send test, save submited data (phpmailer). It is very easy to configure and fast. Active installations: 2,000+
- Live Scores for SportsPress – Reflected Cross-Site Scripting
- Live Scores for SportsPress – Authenticated Local File Inclusion
- Treat your visitors with live scores directly on your site. This plugin is an extension for SportsPress. Define the structure of your sport and deliver real-time minutes to your visitors. You can define periods that track minutes such as 1st & 2nd Half in Soccer and periods which do not track time (and even pause it) such as Timeouts (Basketball, Handball) or Penalties (after 120 minutes in soccer) Active installations: 500+
- TextMe SMS – Authenticated Stored XSS
- This plugin allows you to send SMS messages from your WordPress dashboard to the site owner or to your end users. Enter the needed credentials. Define the events to trigger the SMS submission. Write custom messages to be sent to your users. Increase user engagment using dynamic fields inside your message to create personalized messages. Active installations: 600+
- Picture Gallery – Frontend Image Uploads, AJAX Photo List – Authenticated Stored XSS
- Picture Gallery plugin enables users to upload and share pictures from frontend or backend. Generates thumbs, adds pictures and thumbs to WordPress Media Library and integrate galleries for custom posts. Active installations: 600+
- Station Pro Plugin – Reflected Cross-Site Scripting (XSS)
- Now in its newest version the station Pro has more features and is compatible with most browsers and mobile device with a new technology for easily play in your radio station. Now you can customize your Player yourself through wordpress! Now it’s easy to have your radio station where you’ll install your URL and let Station Pro work for you with a simple, fast and functional touch! Active installations: 3,000+
- Events Shortcodes For The Events Calendar – Reflected Cross-Site Scripting (XSS)
- Best addon for The Events Calendar plugin to show your events anywhere inside your page or post using events shortcode builder or Gutenberg blocks. This events calendar addon also provides free stunning events list design templates in which you can select custom colors and fonts. Active installations: 10,000+
- WP Statistics – Reflected Cross-Site Scripting (XSS)
- Do you need a simple tool to know your website statistics? Do you need to represent these statistics? Are you caring about your users’ privacy while analyzing who are interested in your business or website? With WP Statistics you can know your website statistics without any need to send your users’ data anywhere. You can know how many people visit your personal or business website, where they’re coming from, what browsers and search engines they use, and which of your contents, categories, tags and users get more visits. Active installations: 600,000+
- WooCommerce Dynamic Pricing & Discounts – Unauthenticated Settings Import to Stored XSS
- WooCommerce Dynamic Pricing & Discounts – Unauthenticated Settings Export
- WooCommerce Dynamic Pricing & Discounts is an all-purpose pricing and promotion tool for online retailers. Its power lies in its flexibility – loads of pricing methods and conditions can be combined to fit virtually any pricing strategy. Active installations: N/A
- Watu Quiz – Reflected XSS
- Create exams, surveys, and quizzes and display the result immediately after the user completes the questionnaire. You can assign grades and point levels for every grade in the exam / quiz. Then assign points to every answer to a question and Watu Quiz will figure out the grade based on the total number of points collected. Active installations: 7,000+
- WP Upload Restriction – Missing Access Control
- WP Upload Restriction – Authenticated Stored XSS
- This plugin allows you to restrict your site users from uploading files of certain types and control the maximum file upload size. Administrator can select the file types and file upload limit by user role. This plugin restricts users from uploading unwanted files using the WordPress media uploader. Active installations: 2,000+
- ELEX WooCommerce Google Shopping (Google Product Feed) – Reflected Cross-Site Scripting (XSS)
- The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Google so that when online shoppers search for on Google, they can find your products in the Google search results and Google Shopping Ads. Even though if you have implemented the best SEO strategy for your WooCommerce product pages to come up in the Google SERPs, this free Google product feed plugin for WooCommerce shows the preview of the product with information like product title, product image, price, availability, color, and so on. Active installations: 2,000+
- My Chatbot – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of July 28, 2022 and is not available for download. Reason: Security Issue.
- Business Directory Plugin | GeoDirectory – Authenticated (admin+) Stored Cross-Site Scripting (XSS)
- Turn any WordPress theme into a lightning-fast global business directory. Now 100% compatible with Gutenberg and the most popular page builders such as Elementor, Beaver Builder, Divi, SiteOrigin Page Builder, and more! It includes an extensive new set of shortcodes, Gutenberg Blocks, and Widgets. Active installations: 10,000+
- Coming Soon and Maintenance Mode – Authenticated Stored XSS
- Coming soon and Maintenance mode plugin is an awesome tool to show your website visitors that you are working on your website for making it better. It’s not easy to create under construction page for WordPress without coding knowledge. That’s why our team do his best to help WordPress users to create maintenance pages easily and quickly. Active installations: 10,000+
- SEO Redirection Plugin – 301 Redirect Manager – Arbitrary Redirect Deletion via CSRF
- SEO Redirection Plugin – 301 Redirect Manager – Reflected Cross-Site Scripting
- SEO Redirection Plugin – 301 Redirect Manager – Authenticated Stored Cross-Site Scripting (XSS)
- SEO Redirection is a powerful redirect manager to manage 301 redirects, you can build and manage redirects easily for your site, This plugin is useful if you want to migrating pages from an old website, or are changing the directory of your WordPress website. Active installations: 30,000+
- 4k Icons for Visual Composer – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed and is no longer available for download.
- Ad Blocker Notify Lite – Reflected Cross-Site Scripting (XSS)
- Detect AdBlock and notify users. Whether you are running a personal blog or a magazine website, Ad Blocker Notify will help you block AdBlockers (eg: AdBlock Plus) and increase your ad revenue.
Ad Blocker Notify is a very easy to use plugin with get around options and a lot of settings. A smart dashboard widget with counter & statistics is included! Active installations: 5,000+
- Detect AdBlock and notify users. Whether you are running a personal blog or a magazine website, Ad Blocker Notify will help you block AdBlockers (eg: AdBlock Plus) and increase your ad revenue.
- Affiliate PRO – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed and is no longer available for download.
- AMP extensions – Reflected Cross-Site Scripting (XSS)
- The AMP Project is an open-source initiative aiming to make the web better for all. The project enables the creation of websites and ads that are consistently fast, beautiful and high-performing across devices and distribution platforms. Active installations: 10+
- Aoi Tori – Reflected Cross-Site Scripting (XSS)
- Aoi Tori is the successor to Twitter Stream, a WordPress plugin I authored quite a long time ago. It is designed to add features I wanted to add back then, but didn’t have the knowledge to implement. Active installations: 30+
- Awesome Support – WordPress HelpDesk & Support Plugin – Reflected Cross-Site Scripting (XSS)
- Awesome Support is the most versatile and feature-rich support plugin for WordPress. It is the only helpdesk & support ticketing plugin that can match the feature set of an SAAS solution such as Zendesk or Helpscout. Active installations: 10,000+
- BetterOptin – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed and is no longer available for download.
- Border Loading Bar – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of September 7, 2022 and is not available for download. Reason: Security Issue.
- Catchers Helpdesk and Ticket system for Support – Reflected Cross-Site Scripting (XSS)
- If your users are confused and need help, how can you get that help to them? A help desk. Help desk software lets you accept client queries, organize them, and respond in a streamlined manner. Active installations: 200+
- Bootstrap Categories Gallery – Reflected Cross-Site Scripting (XSS)
- This simple plugin lets you show all post categories in gallery format. Active installations: 10+
- Affiliate PRO – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed and is no longer available for download.
- Woocommerce Categories in gallery format – Reflected Cross-Site Scripting (XSS)
- This simple plugin lets you show all product categories in gallery format. Active installations: 10+
- WordPress Form Customizer | CF7 Customizer – Reflected Cross-Site Scripting (XSS)
- Customize, style and theme your WordPress Contact Forms. An intuitive plugin to design your contact forms via WordPress live customizer, right at the front-end. Active installations: 9,000+
- ClinicalWP Core – Reflected Cross-Site Scripting (XSS)
- ClinicalWP takes the power of WordPress & mixes it with the expert knowledge of Code Clinic’s award winning development team to create the Ultimate WordPress user experience. Active installations: 20+
- Facebook Page Feed Timeline – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of July 15, 2019 and is not available for download. This closure is permanent. Reason: Author Request.
- Custom Scrollbar Designer – Reflected Cross-Site Scripting (XSS)
- This simple plugin lets you customize your website scrollbar with colors and design. Active installations: 10+
- Custom Text Selection Colors – Reflected Cross-Site Scripting (XSS)
- This simple plugin lets you change text selection colors when you select or highlight paragraphs or text on your website. Your visitors will able to see matching color of your brand making it your website more appealing and memorable. Active installations: 10+
- Disable Image Right Click – Reflected Cross-Site Scripting (XSS)
- Protect your images from theft by disabling right click and disable drag n drop images to browser menu to avoid images from getting downloaded by users. Active installations: 10+
- Easy Gallery Slideshow – Reflected Cross-Site Scripting (XSS)
- Easily add a simple gallery to posts and pages with a shortcode. You can add selcect multiple images and add to a specific post. The gallery is responsive and has button to autoplay the slideshow. Users can also browse the thumbnail from the toolbar added to the slideshow. Active installations: 10+
- Easy Google Map – Reflected Cross-Site Scripting (XSS)
- A easy to use Google Map plugin for WordPress to display your business location on map. Active installations: 20+
- Easy Justified Gallery – Reflected Cross-Site Scripting (XSS)
- A common problem, for people who create sites, is to create an elegant image gallery that manages the various sizes of thumbnails. Active installations: 20+
- Share Posts To Email – Reflected Cross-Site Scripting (XSS)
- Your visitors will be able to share your blog posts via email. Increase your readership/members and followers. Active installations: 10+
- Exit Popup Show – Reflected Cross-Site Scripting (XSS)
- Enable exit popup to show marketing banners or use contact forms, shortcodes, html, videos or images when the visitor intends to leave your website. Active installations: 10+
- Flight Search Widget and Blocks – Reflected Cross-Site Scripting (XSS)
- WordPress Gutenberg Block Plugin — Flight Search Widget and Blocks is the easiest way to start earning money with SkyScanner affiliate program. Plugin adds Skyscanner widgets as gutenberg editor customizable blocks and WordPress widgets. Active installations: 100+
- Icons with Links Widget – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of July 5, 2022 and is not available for download. Reason: Security Issue.
- ICustomizer – Reflected Cross-Site Scripting (XSS)
- Plugins de personnalisation de votre administration et de votre site web. Active installations: 100+
- Live Chat for Fanpage – Reflected Cross-Site Scripting (XSS)
- Add a chat to your website, using the messenger and your Fb fanpage. Active installations: 90+
- Media Mirror – Reflected Cross-Site Scripting (XSS)
- Plugin for integration with Media Mirror affiliate panel. Imports your affiliates links, create and sorts tables. Enable POPUP. Active installations: 10+
- WP Mobile Menu – The Mobile-Friendly Responsive Menu – Reflected Cross-Site Scripting (XSS)
- WP Mobile Menu is the best WordPress responsive mobile menu. Provide to your mobile visitor an easy access to your site content using any device smartphone/tablet/desktop. Active installations: 90,000+
- Popup Modal For Youtube – Reflected Cross-Site Scripting (XSS)
- This plugin lets you show youtube video in a popup modal when the post or page loads. Active installations: 10+
- Project2App – Turn Your WordPress Site into an Android App – Reflected Cross-Site Scripting (XSS)
- The best WordPress plugin for creating your own mobile app. Awesome user interface and very user friendly and straightforward mobil app plugin. On our website, we offer mobile app themes that are compatible with the plugin’s customizer. This way you can build a beautiful WordPress app within minutes. Active installations: 30+
- Seatgeek Affiliate Tickets – Reflected Cross-Site Scripting (XSS)
- Show events and affiliate tickets from Seatgeek website using a simple shortcode, you can also add your affiliate link so you can earn money when anyone buys a ticket from your website. Active installations: 10+
- SEO-Dashboard by gutewebsites.de – Reflected Cross-Site Scripting (XSS)
- Das SEO-Dashboard für WordPress hilft dir deine SEO-Routinen um bis zu 400 % zu beschleunigen. Active installations: 40+
- Share Woocommerce to Email – Reflected Cross-Site Scripting (XSS)
- Your visitors will be able to share your rpoducts via email. Increase your readership/members and followers. Active installations: 10+
- Simple Behance Portfolio – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of August 12, 2022 and is not available for download. Reason: Security Issue.
- Stars Menu – Reflected Cross-Site Scripting (XSS)
- StarsMenu is a powerful, advanced, user-friendly and absolutely responsive Plugin which is designed for WordPress. By using this Plugin, you can automatically convert your menu(s) to a modern and attractive hamburger shaped menu. This Plugin allows you to add an interesting responsive mobile navigation menu to your website which is similar to popular and native menus of Mobile Applications. You can completely customize the styles and other settings of your menus using theme editor and easily build attractive, professional and special menus. Indeed, the StarsMenu Plugin is a Menu Builder for WordPress which allows to build any layout for your menu by Drag and Drop function. Active installations: 30+
- Station Pro Plugin – Reflected Cross-Site Scripting (XSS)
- Now in its newest version the station Pro has more features and is compatible with most browsers and mobile device with a new technology for easily play in your radio station. Active installations: 100+
- Sticky Related Posts – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of January 28, 2022 and is not available for download. This closure is permanent. Reason: Author Request.
- tcS3 – Reflected Cross-Site Scripting (XSS)
- This all-inclusive plugin uses the AWS SDK for PHP to facilitate uploads directly from your WordPress instance to S3. Amazon’s inexpensive, unlimited cloud storage system is an excellent asset backend for all websites and this plugin allows you to seamlessly interact with your S3 bucket right from within your dashboard. Active installations: 200+
- Titan Framework – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of March 16, 2022 and is not available for download. This closure is permanent. Reason: Author Request.
- Total Sales For Woocommerce – Reflected Cross-Site Scripting (XSS)
- Easily show total sales for each products on product pages and shop loop pages. Active installations: 10+
- TR Easy Google Analytics – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of October 23, 2018 and is not available for download. Reason: Guideline Violation.
- Venture Event Manager – Reflected Cross-Site Scripting (XSS)
- It’s the event management platform you’ve been looking for, available in both free and Pro versions. Active installations: 70+
- W3SCloud Contact Form 7 to Zoho CRM – Reflected Cross-Site Scripting (XSS)
- This plugin integrate Zoho CRM with Contact Form 7 plugin. Whenever user submit a Contact Form 7 form, if a integration is created for the form then form entry will be inserted to CRM automatically. Active installations: 100+
- WebHotelier for WordPress – Reflected Cross-Site Scripting (XSS)
- This WordPress Plugin is a form generator/manager exlusively designed to aid WebHotelier Clients on generating and managing forms which are linked to their WebHotelier accounts so that their website visitors can directly search for room availability. Active installations: 200+
- Product Limited Time Availability Date for woocommerce – Reflected Cross-Site Scripting (XSS)
- Add product availability date to woocommerce products. Active installations: 10+
- Request Quote via Whatsapp for Woocommerce – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of September 25, 2019 and is not available for download. Reason: Licensing/Trademark Violation.
- Woosaleskit Bar – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of May 2, 2019 and is not available for download. Reason: Guideline Violation.
- Yandex Money button – Reflected Cross-Site Scripting (XSS)
- The Yandex Money Button plugin is a complex solution for accepting payments for individuals: a Woocommerce payment gateway, a block for Gutenberg and a widget. Active installations: 1,000+
- Podcast Subscribe Buttons – Stored XSS
- This plugin helps to easily include 60+ custom and Podcast-specific Subscribe (follow) Buttons anywhere within your site with a simple shortcode. Active installations: 7,000+
- WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster – Reflected Cross-Site Scripting (XSS)
- OptinMonster is the best popup builder and marketing plugin that helps you get more email subscribers, increase sales, and grow your business. Active installations: 1+ million
- WP Job Manager – Phar Deserialization
- WP Job Manager – Unauthenticated Object Injection
- WP Job Manager – Unauthenticated Arbitrary File Upload
- WP Job Manager – Reflected Cross-Site Scripting (XSS)
- WP Job Manager is a lightweight job listing plugin for adding job-board like functionality to your WordPress site. Being shortcode based, it can work with any theme (given a bit of CSS styling) and is really simple to setup. Active installations: 100,000+
- Limit Login Attempts – Unauthenticated Stored Cross-Site Scripting
- WordPress Firewall, Advanced SQL Injection, Cross-Site Scripting, Remote File Inclusion, Brute Force Login Security, Spam Protection (Anti spam) & Limit Login Attempts for Login Protection, IP Blocking, Database backup, protect site from hacks and malware. Brute Force protection, anti spam & Limit Login Attempts provides Login Security, Registrations Security, Brute Force attacks protection, IP monitoring and IP Blacklisting, strong passwords enforcement. Brute Force login attack can be conducted in number of ways. We provide you enterprise level security, protecting your WP website from hackers and malwares. Active installations: 3,000+
- Fonts Plugin | Google Fonts Typography – Contributor+ Stored Cross-Site Scripting
- The Google Fonts library currently contains 998 unique fonts. This plugin allows you to easily use any of them on your WordPress website. Active installations: 100,000+
- Timetable and Event Schedule by MotoPress – Unauthorised Event TimeSlot Deletion
- Timetable and Event Schedule by MotoPress – Unauthorised Event TimeSlot Update
- Timetable and Event Schedule by MotoPress – Arbitrary User’s Hashed Password/Email/Username Disclosure
- Timetable and Event Schedule by MotoPress – Author+ Stored Cross-Site Scripting
- MotoPress Timetable and Event Schedule is an all-around organizer plugin developed to help you create and manage online schedules for a single or multiple events, customize the appearance of each event, add date, time, description and display all the needed items in a carefully-crafted timetable. It also comes with Upcoming events widget that will help you keep the sidebar clutter-free. Active installations: 40,000+
- WP Video Lightbox – Contributor+ Stored Cross-Site Scripting
- The WordPress Video Lightbox plugin allows you to embed videos on a page using lightbox overlay display. This plugin can be used to display images, flash, YouTube, Vimeo, iFrame etc in a lightbox overlay. The embedded videos can be viewed on iPhone and iPad too. Active installations: 60,000+
- Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery – Authenticated Stored Cross-Site Scripting
- SimpLy Gallery Blocks is a friendly, easy-to-use gallery plugin with a list of advanced options for creating responsive Image, Video, Audio galleries. Active installations: 10,000+
- Recipe Card Blocks for Gutenberg & Elementor – Contributor+ Stored Cross-Site Scripting
- Recipe Card Blocks for Gutenberg & Elementor – Reflected Cross-Site Scripting
- Inspired by our popular food blog theme Foodica, Recipe Card Blocks by WPZOOM is our newest plugin that adds beautiful blocks to the new Gutenberg editor to help you create recipe cards easily in your posts. Active installations: 9,000+
- WooCommerce Affiliate Plugin – Coupon Affiliates – Reflected Cross-Site Scripting
- Easily create an advanced coupon based affiliate program for WooCommerce, and display detailed coupon usage statistics. Give your affiliates access to a user-friendly affiliate dashboard for their coupons, via a unique link, to view coupon usage statistics, recent orders, commission earned, referral URLs and more. Active installations: 1,000+
- Contact List – Easy Business Directory, Staff Directory and Address Book Plugin – Reflected Cross-Site Scripting
- Create an address book or a company directory with ease. With this business directory plugin you can list any contact data including i.e. name, email, phone and social media links. Contacts or businesses may also have necessary custom fields. Active installations: 400+
- Live Scores for SportsPress – Reflected Cross-Site Scripting
- Live Scores for SportsPress – Authenticated Local File Inclusion
- Treat your visitors with live scores directly on your site. This plugin is an extension for SportsPress. Define the structure of your sport and deliver real-time minutes to your visitors. You can define periods that track minutes such as 1st & 2nd Half in Soccer and periods which do not track time (and even pause it) such as Timeouts (Basketball, Handball) or Penalties (after 120 minutes in soccer) Active installations: 500+
- Contact Form Entries – Contact Form 7, WPforms and more – Reflected Cross-Site Scripting
- Contact Form 7 Entries Plugin automatically saves form submissions from Contact Form 7, WPforms, CRM Perks Forms and many other popular contact form plugins to wordpress database when anyone submits a form. Active installations: 30,000+
- Moova for WooCommerce – Reflected Cross-Site Scripting
- Integrate with moova to get same-day shipping at affordable rates. This extension would allow clients to from Uruguay, Argentina, Mexico, Chile, Peru, Guatemala, and Panama to automate your shippings. Active installations: 100+
- Responsive Poll – Reflected Cross-Site Scripting
- The plugin allows you to create awesome poll on your WordPress site. It has many powerful features to create very beautiful and easy to use polls on your website. You can create / edit polls change the color and background color. If you are looking for a simple, easy but very professional polls for your website,so, you find it! This plugin is what you are looking for. Active installations: 80,000+
- Integration for Contact Form 7 and Zoho – Reflected Cross-Site Scripting
- Contact Form 7 Zoho Plugin sends form submissions from Contact Form 7, Contact Forms Entries Plugin and many other popular contact form plugins to Zoho CRM when someone submits a form. Learn more at crmperks.com Active installations: 4,000+
- WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots – Reflected Cross-Site Scripting
- WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots – Authenticated SQL Injections
- Bad bots consume bandwidth, put SPAM in your comments and contact form, slow down and overload your server and can hack your server, steal your content and look for vulnerability to compromise your server. Active installations: 10,000+
- MX Time Zone Clocks – Contributor+ Cross-Site Scripting
- Clocks with different time zones for your website. You can place several different clocks with different time zones to your website. How does it work? Active installations: 1,000+
- WordPress Real Media Library: Media Library Folder & File Manager – Author Stored Cross-Site Scripting
- Real Media Library helps you with media management. Organize thousands of uploaded files into folders, collections and galleries. A real file manager that allows you to manage large amounts of files such as pictures, videos or documents in WordPress. Media library folders for everyone! Active installations: 40,000+
- MPL-Publisher – Self-publish your ebook & audiobook – Reflected Cross-Site Scripting
- MPL – Publisher 📚 helps you self-publishing an ebook, print-ready PDF book, HTML for Kindle Direct Publishing, or audiobook from your WordPress posts. If you are an author ✍️, it will solve the “how to publish my digital book” problem, doing it the simplest possible way 👌, easing the process of converting your book or ebook to ePub, print-ready PDF, mp3, Kindle, Mobi… etc. Active installations: 100+
- WooCommerce PDF Invoice Bulk Download – Reflected Cross-Site Scripting
- This plugin has been closed as of August 25, 2022 and is not available for download. Reason: Security Issue.
- Read Offline – Reflected Cross-Site Scripting
- This plugin has been closed as of August 25, 2022 and is not available for download. Reason: Security Issue.
- Integration for Contact Form 7 and Mailchimp – Reflected Cross-Site Scripting
- Contact Form 7 Mailchimp extension sends form submissions from Contact Form 7, Contact Form Entries and many other popular contact form plugins to Mailchimp when anyone submits a form. Active installations: 9,000+
- Integration for Contact Form 7 HubSpot – Reflected Cross-Site Scripting
- Contact Form 7 hubspot Plugin sends form submissions from Contact Form 7, Contact Form Entries Plugin and many other popular contact form plugins to HubSpot CRM. Active installations: 7,000+
- WooCommerce Zoho Integration – CRM, Books, Invoice, Inventory – Reflected Cross-Site Scripting
- Easily create leads, contacts, accounts, deals or any object in Zoho (CRM, Books, Inventory, Invoice) when an order is placed via WooCommerce. Free version supports Contacts in Zoho Books, Zoho Inventory and Zoho Invoice, all other features are available in Premium version. Active installations: 3,000+
- Integration for Contact Form 7 and Salesforce – Reflected Cross-Site Scripting
- Contact Form 7 salesforce Plugin sends form submissions from Contact Form 7, Contact Form Entries Plugin and many other popular contact form plugins to Salesforce when someone submits a form. Active installations: 2,000+
- Connector for Gravity Forms and Google Sheets – Reflected Cross-Site Scripting
- Gravity Forms Google Sheets Connector sends form submissions from Gravity Forms to Google Sheets when anyone submits a form on your site. Active installations: 2,000+
- Integration for WooCommerce and QuickBooks – Reflected Cross-Site Scripting
- Easily create Invoice, customer or any object in QuickBooks Online when an order is placed via WooCommerce. Active installations: 1,000+
- Gravity Forms Salesforce – Reflected Cross-Site Scripting
- Gravity Forms salesforce Add-on sends form submissions from Gravity Forms to Salesforce CRM when anyone submits a form on your site. Active installations: 1,000+
- Integration for Contact Form 7 and Infusionsoft – Reflected Cross-Site Scripting
- Contact Form 7 infusionsoft Plugin sends form submissions from Contact Form 7, Contact Form Entries Plugin and many other popular contact form plugins to Infusionsoft/Keap CRM when anyone submits a form. Active installations: 700+
- Integration for Contact Form 7 and Pipedrive – Reflected Cross-Site Scripting
- Contact Form 7 Pipedrive extension sends form submissions from Contact Form 7, Contact Form Entries and many other popular contact form plugins to Pipedrive when anyone submits a form. Active installations: 700+
- Gravity Forms Infusionsoft – Reflected Cross-Site Scripting
- Gravity Forms infusionsoft Add-on automatically sends form submissions to Infusionsoft/Keap CRM when someone submits a form. Active installations: 700+
- Contact Form 7 Zendesk – Reflected Cross-Site Scripting
- Contact Form 7 Zendesk Plugin sends form submissions from Contact Form 7, CRM Perks Forms and many other popular contact form plugins to zendesk when anyone submits a contact form. Active installations: 600+
- WP Gravity Forms Zoho CRM Add-on – Reflected Cross-Site Scripting
- Easily create or update lead, contact or any other object in Zoho crm when an entry is created in Gravity Forms. Active installations: 500+
- Gravity Forms HubSpot – Reflected Cross-Site Scripting
- Gravity Forms HubSpot Add-on automatically sends form submissions to HubSpot when someone submits a form. Active installations: 500+
- WooCommerce Salesforce Integration – Reflected Cross-Site Scripting
- Easily create leads, contacts or any object in Salesforce when an order is placed via WooCommerce. Active installations: 400+
- WP Insightly for Contact Form 7 and Ninja Forms – Reflected Cross-Site Scripting
- Contact Form 7 insightly Plugin sends form submissions from Contact Form 7, Ninja Forms, Contact Form Entries and many other popular contact form plugins to Insightly CRM when someone submits a form. Active installations: 200+
- WP Gravity Forms Zendesk – Reflected Cross-Site Scripting
- Gravity Forms Zendesk Add-on automatically sends form submissions to Zendesk when someone submits a form. You can create a ticket or Contact in Zendesk. Active installations: 200+
- Gravity Forms Constant Contact Plugin – Reflected Cross-Site Scripting
- Gravity Forms Constant Contact Plugin sends form submissions from Gravity Forms to Constant Contact when anyone submits a form on your site. Active installations: 100+
- Integration for Gravity Forms and Pipedrive – Reflected Cross-Site Scripting
- Gravity Forms Pipedrive Add-on sends form submissions from Gravity Forms to Pipedrive CRM when anyone submits a form on your site. You can create a Contact, Organization OR Deal in Pipedrive. Active installations: 100+
- WP Gravity Forms Insightly – Reflected Cross-Site Scripting
- Gravity Forms Insightly Add-on automatically sends form submissions to Insightly when anyone submits a contact form. Active installations: 80+
- NewsPlugin – CSRF to Stored Cross-Site Scripting
- NewsPlugin is the ultimate FREE news plugin for WordPress. Create custom newsfeeds and watch the fresh relevant news headlines appear on your website. Choose keywords, number of articles and other settings, put the feed wherever you want using widgets or shortcodes. You can always shape the news right from your website, remove unwanted articles or star the good ones. Active installations: 1,000+
- PostX – Gutenberg Blocks for Post Grid – Private Content Disclosure
- PostX – Gutenberg Blocks for Post Grid – Contributor+ Stored Cross-Site Scripting
- PostX – Gutenberg Blocks for Post Grid – Missing Access Controls
- PostX is a highly customizable Gutenberg Post Block Plugins, anyone can create Post grid blocks, Post Listing Blocks, Post Slider Blocks, News Blocks, Magazine Blocks, And Post Carousel with ease. Active installations: 10,000+
- Scout bazar – Reflected Cross-Site Scripting
- Implementation of a simple bazaar with the possibility of online booking via email. Active installations: 90+
- Donate With QRCode – Stored Cross-Site Scripting
- This plugin has been closed as of September 26, 2022 and is not available for download. This closure is temporary, pending a full review.
- Integration for Contact Form 7 and Constant Contact – Reflected Cross-Site Scripting
- Contact Form 7 Constant Contact Plugin sends form submissions from Contact Form 7, Contact Forms Entries Plugin and many other popular contact form plugins data to Constant Contact when someone submit a contact form on your site. Active installations: 1,000+
- WP Infusionsoft WooCommerce Plugin – Reflected Cross-Site Scripting
- Easily create contact, company, Order in Infusionsoft when an order is placed via WooCommerce. Active installations: 200+
- Integration for Contact Form 7 and ActiveCampaign – Reflected Cross-Site Scripting
- Contact Form 7 ActiveCampaign extension sends form submissions from Contact Form 7, Contact Form Entries to ActiveCampaign when anyone submits a form. Active installations: 100+
- Integration for HubSpot and WooCommerce – Reflected Cross-Site Scripting
- Easily create Contact, Company, Task, Deal in HubSpot when an order is placed via WooCommerce. Active installations: 100+
- Gravity Forms FreshDesk Plugin – Reflected Cross-Site Scripting
- This Plugin sends Gravity Form entries into FreshDesk. You can create a Ticket or Contact in FreshDesk from Gravity Forms entry. Active installations: 200+
- Gravity Forms Dynamics CRM – Reflected Cross-Site Scripting
- Gravity Forms Dynamics CRM Add-on automatically sends form submissions to Dynamics CRM Online when someone submits a form. Active installations: 100+
- User Activity Log – Reflected Cross-Site Scripting
- Does your site have many users for various admin side activity? Do you stuck with the issue to track user activity on your website admin side? do you want to secure your site by tracking log of all user activity? Do you want to get notified when the particular user logged in? Just relax, Now with the help of “User Activity Log” Plugin, you can track all users activity on your website. Active installations: 10,000+
- Cookie Notice & Compliance for GDPR / CCPA – Stored Cross-Site Scripting
- Cookie Notice provides a simple, customizable website banner that can be used to help your website comply with certain cookie consent requirements under the EU GDPR cookie law and CCPA regulations and includes seamless integration with Cookie Compliance to help your site comply with the latest updates to existing consent laws. Active installations: 1+ million
- Translate Multilingual sites – TranslatePress – Authenticated Stored Cross-Site Scripting
- Experience a better way to translate your WordPress site and go multilingual, directly from the front-end using a visual translation interface. Active installations: 100,000+
- CoolClock – a Javascript Analog Clock – Stored Cross-Site Scripting
- This plugin integrates CoolClock – The Javascript Analog Clock into your WordPress site. You can add it as a widget to your sidebar or insert it into your posts and pages with a shortcode. Active installations: 3,000+
- OAuth Single Sign On – SSO (OAuth Client) – Reflected Cross-Site Scripting
- WordPress Single Sign-On ( SSO ) with OAuth & OpenID Connect plugin allows login ( Single Sign On ) with your Azure AD, Azure B2C, WSO2, Office 365, Azure AD, Clever, AWS Cognito, WSO2, Ping, Keycloak, WHMCS, Okta, LinkedIn, Onelogin, Salesforce, Invision Community, Slack, Amazon, Discord, Twitter, Apple, G Suite / Google Apps or other custom OAuth 2.0 & OpenID Connect providers. WordPress SSO ( Login ) plugin supports SSO with many OAuth 2.0 and OpenID Connect ( OIDC ) 1.0 providers. It also provides unlimited User Authentication with OAuth & OpenID Connect protocol and allows authorized user to login into the WordPress site. Support provided for Single-site & Multisite Network environments. You can checkout below video tutorial to know how to setup SSO with your OAuth / OpenID Connect providers. Active installations: 2,000+
- Docket Cache – Object Cache Accelerator – Reflected Cross-Site Scripting
- The Docket cache is a persistent WordPress Object Cache that is stored as a plain PHP code. Intends to provide an alternative option for those who can’t use Redis or Memcached server. Active installations: 1,000+
- WordPress Geo Plugin – CF Geo Plugin – Reflected Cross-Site Scripting
- CF Geo Plugin is a GeoMarketing tool that allows you to have full geo control of your WordPress. CF Geo Plugin gives you ability to attach content, geographic information, geo tags, Google Maps to posts, pages, widgets and custom templates by using simple options, shortcodes, PHP code or JavaScript. It also lets you specify a default geographic location for your entire WordPress blog, do SEO redirection, spam protection, WooCommerce control and many more. CF Geo Plugin help you to increase conversion, do better SEO, capture leads on your blog or landing pages. Active installations: 1,000+
- underConstruction – Reflected Cross-Site Scripting
- Creates a ‘Coming Soon’ page that will show for all users who are not logged in. Useful for developing a site on a live server, without the world being able to see it Active installations: 80,000+
- Software License Manager – Stored Cross-Site Scripting
- Software License Manager – Arbitrary Domain Deletion via CSRF
- Software license management solution for your web applications (WordPress plugins, Themes, PHP based membership script etc.) Active installations: 1,000+
- Easy Social Icons – Reflected Cross-Site Scripting
- You can upload your own social icon or font-awesome social icons, set your social URL, choose whether you want to display vertically or horizontally, left or right or center aligned, icon width height or margins. Active installations: 40,000+
- XO Event Calendar – Reflected Cross-Site Scripting
- XO Event Calendar is a simple event calendar plugin. Other events can set holidays. Active installations: 8,000+
- WP Mapa Politico España – Authenticated Stored Cross-Site Scripting
- Este plugin permite insertar un mapa político de España en post o páginas. En la página del plugin se pueden definir los titles e hipervínculos de cada una de las provincias. Active installations: 700+
- User Registration – Custom Registration Form, Login Form And User Profile For WordPress – Low Privilege Stored Cross-Site Scripting
- Are you a beginner with absolutely zero coding skills? No problem! User Registration’s drag and drop form builder lets you create custom registration forms of any kind for your WordPress site. Go for simple forms or create complex multi-step forms. It’s all up to you. Active installations: 70,000+
- Appointment Hour Booking – WordPress Booking Plugin – Stored Cross-Site Scripting
- Appointment Hour Booking is a WordPress plugin for creating booking forms for appointments with a start time and a defined duration over a schedule. The start time is visually selected by the end user from a set of start times calculated based in the “open” hours and service duration. The duration/schedule is defined in the “service” selected by the customer. Each calendar can have multiple services with different duration and prices. Active installations: 3,000+
- UsersWP – User Registration & User Profile – Reflected Cross-Site Scripting
- Today UsersWP is by far the simplest solution available to manage users on WordPress. It takes seconds to setup, it is super fast and it’s perfect to create a community of users within your website. Active installations: 10,000+
- PublishPress: Editorial Calendar, Workflow, Comments, Notifications and Statuses – Reflected Cross-Site Scripting
- PublishPress has all the tools you need to manage WordPress content, including an editorial calendar to plan content. You can create custom status and notifications for content updates. Active installations: 6,000+
- Better Find and Replace – Reflected Cross-Site Scripting
- This plugin automatically find a specific word and will replace it with your own word. The changes will be automatically done before the website renders to the browser’s. It doesn’t affect any other plugins files or your database. Active installations: 10,000+
- CM Tooltip Glossary – Better SEO and UEX for your WP site – Stored Cross-Site Scripting
- CM Glossary Tooltip is a WordPress plugin that enables you to check posts or pages for defined glossary terms, by adding links to a glossary term page that contains the definition of the term used. Active installations: 7,000+
- Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop – Reflected Cross-Site Scripting
- Accept Bitcoin / Altcoin payment from WooCommerce store or WooCommerce Multivendor Marketplace without help of middle man! Receive payment instantly and directly to your own coin address without rotating to 3rd party wallet. Active installations: 1,000+
- Modern Events Calendar Lite – Stored Cross-Site Scripting
- WordPress event calendar plugin is the best tool used for managing events websites. Modern Events Calendar is a comprehensive events management plugin. It is a FREE events management plugin which is extremely user-friendly and well-designed for displaying the events calendar on the websites, ever easier. Active installations: 100,000+
- Duplicate Page – Stored Cross-Site Scripting
- Duplicate Posts, Pages and Custom Posts easily using single click. You can duplicate your pages, posts and custom post by just one click and it will save as your selected options (draft, private, public, pending). Active installations: 2+ million
- Weather Effect – Christmas Santa Snow Falling – CSRF to Stored Cross-Site Scripting
- Weather Effect – Christmas Santa Snow Falling – Stored Cross-Site Scripting
- The weather effect WordPress plugin applies falling objects on websites like snow, flakes, candy, stars, sleigh, snowman, ball, Christmas bells, Halloween bats, autumn and spring leaves, raindrops and umbrella, valentine heart and rose, thanksgiving day turkey, new year balloon and stickers. Active installations: 3,000+
- Chained Quiz – Stored Cross-Site Scripting
- This is an unique chained / conditional logic quiz plugin that lets you create quizzes where the next question depends on the answer to the previous question. Active installations: 3,000+
- WP Academic People List – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Konnichiwa! Membership – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- 3D Cover Carousel – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- More From Google – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- simpleSAMLphp Authentication – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Custom Menu Plugin – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Twitter Friends Widget – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- RentPress – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- User Activation Email – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WP Google Maps – Multiple Admin+ Stored Cross-Site Scripting
- Add a customized Google map or Store Locator to your WordPress posts and/or pages quickly and easily with the supplied shortcode. No fuss. No iFrames and super easy to use! Perfect for contact page maps, routes, maps showing delivery areas and any other use you can think of! Active installations: 400,000+
- Post Title Counter – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- YouTube Video Inserter – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Notices – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- On Page SEO + Social Live Chat (Formerly OPS) – Reflected Cross-Site Scripting
- Improve your Website Indexing: On-Page SEO is the No #1 Plugin for allowing website crawling by all Search Engines. Whatsapp Chat message option now is available on all pages. Active installations: 100+
- Advanced Search – Reflected Cross-Site Scripting
- With Advanced Search, you can create number of search forms. It can cater you with voice search for posts, categories, tags, users and attachments. Active installations: 100+
- Bug Library – Reflected Cross-Site Scripting
- This plugin provides an easy way to incorporate a bug/enhancement tracking system to a WordPress site. By adding a shortcode to a page, users will be able to display a bug list and allow visitors to submit new bugs / enhancements. The plugin will also provide search and sorting capabilities. A captcha and approval mechanism will allow the site admin to avoid spam. Active installations: 100+
- DJ EmailPublish – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Yet Another bol.com Plugin – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WP-T-Wap – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WP Scrippets – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WP Design Maps & Places – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Wise Agent Capture Forms – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Edit Comments XT – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- RSVPMaker Excel – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Border Loading Bar – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Simple Matted Thumbnails – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WordPress Simple Shop – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Custom Website Data – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Advance Search – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Integration of Moneybird for WooCommerce – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Spideranalyse – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- OSD Subscribe – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Feedify Web Push Notifications – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Dropdown and scrollable Text – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- GNU-Mailman Integration – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- SMS OVH – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- MoolaMojo – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WordPress InviteBox Plugin – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- WP Publications – Reflected Cross-Site Scripting
- This plugin has been closed as of September 7, 2022 and is not available for download. This closure is temporary, pending a full review.
- Easy Accordion – Best Accordion FAQ Plugin for WordPress – Admin+ Stored Cross-Site Scripting
- Easy Accordion is the best responsive and drag & drop Accordion FAQ builder plugin for WordPress with a lot of customization options. It helps you to display multiple accordions into your site or blog quickly without writing any code. Active installations: 200,000+
- Quiz And Survey Master – Stored Cross-Site Scripting
- This plugin has been closed as of October 25, 2022 and is not available for download. This closure is temporary, pending a full review.
- Affiliate Power – Reflected Cross-Site Scripting
- As an affiliate you may know this: To get an overview over your income, you have to login into x different networks which all have different backends and statistics. Active installations: 200+
- Availability Calendar – Authenticated SQL Injection
- Availability Calendar – Authenticated Stored Cross-Site Scripting
- WordPress Availability Calendar is a FREE responsive easy to use plugin. This plugin can use for different purposes like showing holiday list of your business, availability of your days, upcoming events, conference, rents apartments, available properties etc. Active installations: 700+
- SEO Redirection Plugin – 301 Redirect Manager – Arbitrary Redirect Deletion via CSRF
- SEO Redirection Plugin – 301 Redirect Manager – Reflected Cross-Site Scripting
- SEO Redirection Plugin – 301 Redirect Manager – Authenticated Stored Cross-Site Scripting (XSS)
- SEO Redirection is a powerful redirect manager to manage 301 redirects, you can build and manage redirects easily for your site, This plugin is useful if you want to migrating pages from an old website, or are changing the directory of your WordPress website. Active installations: 30,000+
- Simple Social Media Share Buttons – Social Sharing for Everyone – Authenticated Stored Cross-Site Scripting
- Simple Social Buttons adds ( with lots of options like Sidebar, inline, above and below the posts content, on photos, popups, fly ins ) an advanced set of social media sharing buttons to your WordPress sites, such as: Facebook, WhatsApp, Viber, Twitter, Reddit, LinkedIn and Pinterest. Active installations: 40,000+
- Comments – wpDiscuz – Stored Cross-Site Scripting
- AJAX realtime comment system with custom comment form and fields. Designed to supercharge WordPress native comments. Super fast and responsive with dozens of features. This is the best alternative to Disqus and Jetpack Comments, if you want to keep your comments in your database. Active installations: 90,000+
- PDF Flipbook, 3D Flipbook WordPress – DearFlip – Stored Cross-Site Scripting
- DearFlip is a stunning 3D flipbook alternative for your flat lifeless PDFs. DearFlip’s easy post structure makes it easy to create flipbook inside WordPress. Create 3D flipbook, make your PDFs interactive and generate more customer attention. Active installations: 50,000+
- PlanSo Forms – Stored Cross-Site Scripting
- This plugin has been closed as of August 2, 2022 and is not available for download. Reason: Security Issue.
- Shopping Cart & eCommerce Store – CSRF to Stored Cross-Site Scripting
- WP EasyCart is a powerful FREE WordPress eCommerce store & WordPress Shopping Cart plugin that installs into new or existing websites. Active installations: 6,000+
- eID Easy – Reflected Cross-Site Scripting
- This plugin makes secure identification and creating Qualified Electronic Signatures using eID methods much easier than implementing these identification methods yourself. Active installations: 100+
- Page Generator – Reflected Cross-Site Scripting
- Page Generator is a mass page generator (sometimes called a bulk page generator or bulk post generator) that creates multiple pages in bulk. Active installations: 3,000+
- Post to Social Media – WordPress to Hootsuite – Reflected Cross-Site Scripting
- WordPress to Hootsuite is a plugin for WordPress that auto posts your Posts, Pages and/or Custom Post Types to your Hootsuite (hootsuite.com) account for scheduled publishing to Facebook, Twitter and LinkedIn. Active installations: 1,000+
- Auto Post to Social Media – WordPress to Buffer – Reflected Cross-Site Scripting
- Whenever you schedule, publish or update a Post, Page or Custom Post Type, WordPress to Buffer will auto post your content to your Buffer account (buffer.com), scheduling publication to social media profiles including Facebook, Twitter and LinkedIn. Active installations: 7,000+
- PDF Viewer Block for Gutenberg – Stored Cross-Site Scripting
- A simple, responsive and 100% free Gutenberg Block to display PDF Viewers / Readers on your website. Active installations: 5,000+
- YITH WooCommerce Product Add-Ons – Authenticated Local File Inclusion
- YITH WooCommerce Product Add-Ons – Reflected Cross-Site Scripting
- YITH Product Add-ons & Extra options is a powerful tool that you can use to create and sell advanced products or services by adding custom options in your product pages. And with our new redesign we’ve added a lot of new exciting features! Active installations: 10,000+
- Tutor LMS – eLearning and online course solution – Stored Cross-Site Scripting
- Tutor is a complete, feature-packed and robust WordPress LMS plugin to create & sell courses online easily. All the features of this learning management system hits all the checkpoints for a full-fledged online course marketplace. You can create challenging and fun quizzes, interactive lessons, powerful reports and stats making Tutor potentially the best free WordPress LMS plugin. Active installations: 40,000+
- One User Avatar | User Profile Picture – Stored Cross-Site Scripting
- One User Avatar | User Profile Picture – Avatar Update via CSRF
- WordPress currently only allows you to use custom avatars that are uploaded through Gravatar. One User Avatar enables you to use any photo uploaded into your Media Library as an avatar. This means you use the same uploader and library as your posts. No extra folders or image editing functions are necessary. Active installations: 10,000+
- Customer Service Software & Support Ticket System – Stored Cross-Site Scripting
- Every business needs a Customer Service Software & Support Ticket System to attract and retain customers. WP Ticket is a powerful yet easy to use help desk software to build and maintain better customer relationships. Active installations: 700+
- GamePress – The Game Database Plugin – Reflected Cross-Site Scripting
- This plugin has been closed as of August 10, 2022 and is not available for download. Reason: Security Issue.
- 微信打赏(Wechat Reward – CSRF to Stored Cross-Site Scripting
- This plugin has been closed as of August 10, 2022 and is not available for download. Reason: Security Issue.
- Sociable – Stored Cross-Site Scripting
- This plugin has been closed as of August 9, 2022 and is not available for download. Reason: Security Issue.
- BetterDocs – Best Documentation & Knowledge Base Plugin – Reflected Cross-Site Scripting
- Do you want to reduce your support pressure immediately? How about you creating a stunning and resourceful knowledge base for your customers? 🤔 Active installations: 20,000+
- Wp Cookie Choice – CSRF to Stored Cross-Site Scripting
- This plugin has been closed as of August 2, 2022 and is not available for download. Reason: Security Issue.
- Easy Twitter Feed – Stored Cross-Site Scripting
- Embed Twitter Timeline / Feed , Follow Button in Post, Page, Widget Area using shortCode. This plugin is liteweight but super powerful. Active installations: 1,000+
- Html5 Audio Player – Audio Player for WordPress – Stored Cross-Site Scripting
- Play .mp3, .wav, .ogg audio file in wordpress. A Simple, accessible, Easy to Use & fully Customizable audio player that works in all devices. You can Play embed a nice audio player in post, page, widget areas as well as templete files. It Has tons of options that can fit your audio player needs. Active installations: 10,000+
- Polo Video Gallery – Best wordpress video gallery plugin – Stored Cross-Site Scripting
- This plugin has been closed as of July 27, 2022 and is not available for download. Reason: Guideline Violation.
- StreamCast – Radio Player for WordPress – Stored Cross-Site Scripting
- A simple, accessible, user friendly and fully customizable radio player for WordPress. You can play iceCast, Shoutcast, Radionomy, Radiojar, RadioCo Live stream in WordPress website using shortcode. Active installations: 1,000+
- LearnPress – WordPress LMS Plugin – Multiple Admin+ Stored Cross-Site Scripting
- LearnPress – WordPress LMS Plugin – Unauthorised Plugin’s Setting Change
- LearnPress is a comprehensive WordPress LMS Plugin for WordPress. This is one of the best WordPress LMS Plugins which can be used to easily create & sell courses online. You can create a course curriculum with lessons & quizzes included which is managed with an easy-to-use interface for users. Active installations: 100,000+
- Frontend Uploader – Unauthenticated Stored Cross-Site Scripting
- This plugin has been closed as of July 22, 2022 and is not available for download. Reason: Security Issue.
- Allow REL= and HTML in Author Bios – Stored Cross-Site Scripting
- This plugin has been closed as of July 22, 2022 and is not available for download. Reason: Security Issue.
- WP HTML Author Bio – Stored Cross-Site Scripting
- This plugin has been closed as of July 19, 2022 and is not available for download. Reason: Security Issue.
- jQuery Reply to Comment – Stored Cross-Site Scripting
- This plugin has been closed as of July 19, 2022 and is not available for download. Reason: Security Issue.
- Video Gallery – Vimeo and YouTube Gallery – Stored Cross-Site Scripting
- A responsive multifunctional video gallery plugin with multiple ways and designs for uploading and displaying a video. Active installations: 10,000+
- Request a Quote – Stored Cross-Site Scripting
- Request a quote plugin is designed for small business owners to receive request for quotation (RFQ) or request for information (RFI) from customers. Active installations: 2,000+
- St-Daily-Tip – CSRF to Stored Cross-Site Scripting
- This plugin has been closed as of June 28, 2022 and is not available for download. Reason: Security Issue.
- Game Server Status – SQL Injection
- Game Server Status – Stored Cross-Site Scripting
- This plugin has been closed as of August 20, 2022 and is not available for download. Reason: Security Issue.
- Responsive WordPress Slider – Stored Cross-Site Scripting
- Responsive WordPress Slider – Reflected Cross-Site Scripting
- This plugin has been closed as of September 20, 2022 and is not available for download. This closure is temporary, pending a full review.
- Fetch Tweets – Reflected Cross-Site Scripting
- This plugin has been closed as of August 9, 2022 and is not available for download. Reason: Security Issue.
- Video Player for YouTube – Stored Cross-Site Scripting
- A modern, accessable, fully customizable & user friendly YouTube Video Player for wordrpess. You can play any YouTube video in wordpress Post, Page, widget area, Other Custom Post Type and Theme template file using This plugin. Active installations: 2,000+
- Cookie Bar – Stored Cross-Site Scripting
- This plugin has been closed as of August 5, 2022 and is not available for download. Reason: Security Issue.
- Easy Media Download – Stored Cross-Site Scripting
- Easy Media Download is a free download manager for WordPress. It gives your users the ability to download digital media files from your website. The plugin is lightweight and makes downloading easier. You can create beautiful download button which instantly starts the download once clicked. Active installations: 20,000+
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Unprotected REST-API to Sensitive Information Disclosure
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Unprotected REST-API to Email Injection
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Stored Cross-Site Scripting
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- iQ Block Country – Stored Cross-Site Scripting
- iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content. Active installations: 30,000+
- WordPress Popular Posts – Stored Cross-Site Scripting
- WordPress Popular Posts is a highly customizable widget that displays your most popular posts. Active installations: 200,000+
- Custom Dashboard & Login Page – AGCA – Stored Cross-Site Scripting
- With this plugin you can easily customize WordPress admin panel, login page, admin menu, admin bar etc. in tiny details. Active installations: 40,000+
Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your XSS SEP 2021 issues.
BRIEF: Cross-Site Scripting SEP 2021 is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
What is Cross-Site Scripting SEP 2021?
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
What is the impact of a XSS SEP 2021 attack?
The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:
– In a simple public application, where all users are anonymous and all information is public, the impact will often be minimal. Nothing else to steal.
– In an application holding sensitive or private/personal data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
– If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users, owners and their data.
What kind of XSS attacks are exploited?
– Reflected XSS, where the malicious script comes from the current HTTP request.
– Stored XSS, where the malicious script comes from the website’s database.
– DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
SOLVE TODAY any reported XSS SEP 2021 vulnerability! Do you suspect any Cross-Site Scripting SEP 2021 in your WordPress?