Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS AUG 2024 is a -7% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS AUG 2024 & WP Cross-Site Scripting category:
Admin Dashboard RSS Feed | Cross-Site Scripting (XSS) |
AdPush | Cross-Site Scripting (XSS) |
Advanced post slider | Cross-Site Scripting (XSS) |
Affiliate Manager | Cross-Site Scripting (XSS) |
Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
AllinOne Video Gallery | Cross-Site Scripting (XSS) via Video Shortcode |
Amazing Hover Effects | Cross-Site Scripting (XSS) |
AMP for WP | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Animated AL List | Cross-Site Scripting (XSS) |
Animated Typed JS Shortcode | Cross-Site Scripting (XSS) |
Apollo13 Framework Extensions | Cross-Site Scripting (XSS) |
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | Cross-Site Scripting (XSS) |
ARForms Form Builder | Cross-Site Scripting (XSS) |
Arkhe Blocks | Cross-Site Scripting (XSS) |
ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
aThemes Starter Sites | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
Basil Theme | Cross-Site Scripting (XSS) |
bbPress Notify | Cross-Site Scripting (XSS) |
Beaver Builder | Cross-Site Scripting (XSS) |
Blog, Posts and Category Filter for Elementor | Cross-Site Scripting (XSS) via Post and Category Filter Widget |
Bold Page Builder | Cross-Site Scripting (XSS) via bt_bb_button Shortcode |
Booking Calendar | Cross-Site Scripting (XSS) via bookingform Shortcode |
Booking Ultra Pro | Cross-Site Scripting (XSS) |
Boot Store Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Bradmax Player | Cross-Site Scripting (XSS) |
BSK PDF Manager | Cross-Site Scripting (XSS) |
Bug Library | Cross-Site Scripting (XSS) |
Calendar.online / Kalender.digital | Cross-Site Scripting (XSS) |
Caxton – Create Pro page layouts in Gutenberg | Cross-Site Scripting (XSS) |
CC & BCC for Woocommerce Order Emails | Cross-Site Scripting (XSS) |
Change From Email | Cross-Site Scripting (XSS) |
ChatBot | Cross-Site Scripting (XSS) |
CM PopUp banners | Cross-Site Scripting (XSS) |
CodePen Embedded Pens Shortcode | Cross-Site Scripting (XSS) |
codoc | Cross-Site Scripting (XSS) |
Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
ConeBlog – WordPress Blog Widgets | Cross-Site Scripting (XSS) |
Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Contest Gallery | Cross-Site Scripting (XSS) |
CopySafe Web Protection | Cross-Site Scripting (XSS) |
CopySafe Web Protection | Cross-Site Scripting (XSS) |
Cost Calculator Builder | Cross-Site Scripting (XSS) |
counterpoint Theme | Cross-Site Scripting (XSS) |
CoziPress Theme | Cross-Site Scripting (XSS) |
Create by Mediavine | Cross-Site Scripting (XSS) |
Ditty | Cross-Site Scripting (XSS) |
DN Footer Contacts | Cross-Site Scripting (XSS) |
Donation Block For PayPal | Unauthenticated Cross-Site Scripting (XSS) |
Download Button for Elementor | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) via Shortcode |
Easy Custom Code (LESS/CSS/JS) – Live editing | Cross-Site Scripting (XSS) |
Easy Google Maps | Cross-Site Scripting (XSS) |
Easy Pixels | Unauthenticated Cross-Site Scripting (XSS) |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Easy Testimonials | Cross-Site Scripting (XSS) via Shortcode |
EazyDocs | Cross-Site Scripting (XSS) |
EazyDocs | Cross-Site Scripting (XSS) |
ElementInvader Addons for Elementor | Cross-Site Scripting (XSS) |
Elementor Addons, Widgets and Enhancements – Stax | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | DOMBased Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
Email Encoder Bundle | Cross-Site Scripting (XSS) |
Embed Peertube Playlist | Cross-Site Scripting (XSS) |
Eventin | Cross-Site Scripting (XSS) |
EventON | Cross-Site Scripting (XSS) via event subtitle |
EventON | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC) |
Events Manager | Cross-Site Scripting (XSS) |
Extensions for Elementor | Cross-Site Scripting (XSS) via url Parameter |
Extensions for Elementor | Cross-Site Scripting (XSS) via EE Events and EE Flipbox Widget |
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Cross-Site Scripting (XSS) |
Feeds for YouTube | DOMBased Cross-Site Scripting (XSS) |
Floating Social Media Links | Cross-Site Scripting (XSS) |
FluentForm | Cross-Site Scripting (XSS) |
FormFlow | Cross-Site Scripting (XSS) |
Formidable Forms | Cross-Site Scripting (XSS) |
Form Maker by 1Web | Cross-Site Scripting (XSS) |
FULL Customer | Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter |
Funnel Builder for WordPress by FunnelKit | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Fusion | Cross-Site Scripting (XSS) |
Genesis Blocks | Cross-Site Scripting (XSS) via Sharing Block Attributes |
Giveaways and Contests by RafflePress | Cross-Site Scripting (XSS) |
Goftino | Cross-Site Scripting (XSS) |
Goya Theme | Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters |
GPT3 AI Content Writer | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Gutenberg | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | DOMBased Cross-Site Scripting (XSS) via HTML Data Attributes |
Gutenverse | Cross-Site Scripting (XSS) |
GutSlider – All in One Block Slider | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via Gradient Heading Widget |
Happy Addons for Elementor | Cross-Site Scripting (XSS) via PDF View Widget |
HelloAsso | Cross-Site Scripting (XSS) |
Himalayas Theme | Cross-Site Scripting (XSS) |
Himer Theme | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
HTML Forms | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
IfSo Dynamic Content Personalization | Cross-Site Scripting (XSS) |
Image Hover Effects Caption Hover with Carousel | Cross-Site Scripting (XSS) |
Image Hover Effects – Elementor Addon | Cross-Site Scripting (XSS) via eihe_link Parameter |
Image Photo Gallery Final Tiles Grid | Cross-Site Scripting (XSS) |
Index WP MySQL For Speed | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Inline Related Posts | Cross-Site Scripting (XSS) |
Job Board Manager | Cross-Site Scripting (XSS) |
Leaflet Maps Marker | Cross-Site Scripting (XSS) |
Link Library | Cross-Site Scripting (XSS) |
Link To Bible | Cross-Site Scripting (XSS) |
LiteSpeed Cache | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Livemesh Addons for Beaver Builder | Cross-Site Scripting (XSS) |
Livemesh Addons for Elementor | Multiple Cross-Site Scripting (XSS) |
Login by Auth | Cross-Site Scripting (XSS) via wle |
Login Logo Editor | Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
Magical Posts Display – Elementor & Gutenberg Posts Blocks | Cross-Site Scripting (XSS) |
MakeCommerce for WooCommerce | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Currency WP | Cross-Site Scripting (XSS) via Currency Converter Form Shortcode |
Master Popups | Cross-Site Scripting (XSS) |
MaxButtons | Cross-Site Scripting (XSS) |
MBE eShip | Cross-Site Scripting (XSS) |
Media Library Assistant | Cross-Site Scripting (XSS) |
Mega Elements | Cross-Site Scripting (XSS) |
Meks Easy Ads Widget | Cross-Site Scripting (XSS) |
Meks Smart Author Widget | Cross-Site Scripting (XSS) |
Moloni | Cross-Site Scripting (XSS) |
MP3 Audio Player for Music, Radio & Podcast by Sonaar | Cross-Site Scripting (XSS) via sonaar_audioplayer Shortcode |
Multisite Content Copier/Updater | Cross-Site Scripting (XSS) |
Newspack Ads | Cross-Site Scripting (XSS) |
Newspack Campaigns | Cross-Site Scripting (XSS) |
NEXForms – Ultimate Form Builder | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) |
NextGEN Gallery | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) |
oik | Cross-Site Scripting (XSS) via bw_button Shortcode |
One Click Order ReOrder | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
OnePress Theme | Cross-Site Scripting (XSS) |
OpenPGP Form Encryption | Cross-Site Scripting (XSS) |
Pagerank Tools | Cross-Site Scripting (XSS) |
Panda Video | Cross-Site Scripting (XSS) |
ParityPress | Cross-Site Scripting (XSS) |
PayPlus Payment Gateway | Cross-Site Scripting (XSS) |
Phlox Portfolio | Cross-Site Scripting (XSS) via ' Grid Portfolios' |
Plugin Notes Plus | Cross-Site Scripting (XSS) |
Plum: Spin Wheel & Email Popup | Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
Post Layouts for Gutenberg | Cross-Site Scripting (XSS) |
Post Meta Data Manager | Cross-Site Scripting (XSS) |
Power BI Embedded for WordPress | Cross-Site Scripting (XSS) |
PowerPress Podcasting | Cross-Site Scripting (XSS) via media_url Parameter |
Premium Addons for Elementor | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | Cross-Site Scripting (XSS) via Countdown Widget |
Premium Addons for Elementor | DOMBased Cross-Site Scripting (XSS) via Animated Text Widget |
Premium Blocks – Gutenberg Blocks for WordPress | Cross-Site Scripting (XSS) |
Pretty Simple Popup Builder | Cross-Site Scripting (XSS) |
Product Enquiry for WooCommerce | Cross-Site Scripting (XSS) |
Qi Blocks | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Rank Math SEO | Cross-Site Scripting (XSS) |
ReCaptcha Integration for WordPress | Cross-Site Scripting (XSS) |
Redux Framework | Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS) |
RegLevel | Cross-Site Scripting (XSS) |
Request a Quote | Cross-Site Scripting (XSS) |
Responsive Mobile Theme | Cross-Site Scripting (XSS) |
Responsive Tabs | Cross-Site Scripting (XSS) |
REVIEWS.io | Cross-Site Scripting (XSS) |
Rife Elementor Extensions & Templates | Cross-Site Scripting (XSS) via Writing Effect Headline Widget |
Robo Gallery | Cross-Site Scripting (XSS) via Gallery Title |
Royal Elementor Addons | DOMBased Cross-Site Scripting (XSS) via Magazine Grid/Slider Widget |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Schema & Structured Data for WP & AMP | Cross-Site Scripting (XSS) via url Attribute |
Secure Copy Content Protection and Content Locking | Cross-Site Scripting (XSS) |
Send email only on Reply to My Comment | Cross-Site Scripting (XSS) |
Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Seriously Simple Podcasting | Cross-Site Scripting (XSS) |
Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) |
Simple Alert Boxes | Cross-Site Scripting (XSS) via Alert Shortcode |
Simple AL Slider | Cross-Site Scripting (XSS) |
Simple Popup | Cross-Site Scripting (XSS) |
Simple Post Notes | Cross-Site Scripting (XSS) |
Simple Responsive Slider | Cross-Site Scripting (XSS) |
Simple Social Share | Cross-Site Scripting (XSS) |
Simple Video Directory | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) via read_more_text Parameter |
SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) in Image Grid widget |
sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SKT Skill Bar | Cross-Site Scripting (XSS) |
Sky Addons for Elementor | Cross-Site Scripting (XSS) |
Slider by 1Web | Cross-Site Scripting (XSS) |
Slider by 1Web | Cross-Site Scripting (XSS) |
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | Cross-Site Scripting (XSS) |
Social Auto Poster | Cross-Site Scripting (XSS) |
Social Auto Poster | Unauthenticated Cross-Site Scripting (XSS) |
Social Media & Share Icons | Cross-Site Scripting (XSS) |
Social Media Widget | Cross-Site Scripting (XSS) |
SpiderContacts | Cross-Site Scripting (XSS) |
SportsPress – Sports Club & League Manager | Cross-Site Scripting (XSS) |
Squelch Tabs and Accordions Shortcodes | Cross-Site Scripting (XSS) via tab Shortcode |
Stock Ticker | Cross-Site Scripting (XSS) via stock_ticker Shortcode |
SULly | Cross-Site Scripting (XSS) |
SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SuperSaaS – online appointment scheduling | Cross-Site Scripting (XSS) |
Support SVG | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
SVG Block | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
SVG Support | Cross-Site Scripting (XSS) via SVG |
Swift Framework Page Builder | Cross-Site Scripting (XSS) |
Swift Framework Page Builder | Cross-Site Scripting (XSS) via Settings |
Tabs For WPBakery Page Builder | Cross-Site Scripting (XSS) |
Team Members | Cross-Site Scripting (XSS) |
Template Kit – Export | Cross-Site Scripting (XSS) |
Testimonials Widget | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Countdown Widget |
The Post Grid | Cross-Site Scripting (XSS) via section title tag |
Timeline Module for Beaver Builder | Cross-Site Scripting (XSS) |
TOCHAT.BE | Unauthenticated Cross-Site Scripting (XSS) |
Tournamatch | Cross-Site Scripting (XSS) |
Tournamatch | Cross-Site Scripting (XSS) via Ladders |
Tutor LMS | Cross-Site Scripting (XSS) |
Typebot | Cross-Site Scripting (XSS) |
Ultimate Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) via Shortcode |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Classified Listings | Cross-Site Scripting (XSS) |
UltraAddons Elementor Lite | Cross-Site Scripting (XSS) via Multiple Widgets |
UltraAddons Elementor Lite | Cross-Site Scripting (XSS) |
Uncanny Automator Pro | Cross-Site Scripting (XSS) |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) via 'username' |
URL Shortener by MyThemeShop | Cross-Site Scripting (XSS) |
User Feedback | Unauthenticated Cross-Site Scripting (XSS) via Name Parameter |
User Submitted Posts | Cross-Site Scripting (XSS) |
VForm | Unauthenticated Cross-Site Scripting (XSS) |
VK All in One Expansion Unit | Cross-Site Scripting (XSS) |
Void Contact Form Widget For Elementor Page Builder | Cross-Site Scripting (XSS) via cf_redirect_page Attribute |
WANotifier | Cross-Site Scripting (XSS) |
Watu Quiz | Cross-Site Scripting (XSS) |
Web Directory Free | Cross-Site Scripting (XSS) |
Webico Slider Flatsome Addons | Cross-Site Scripting (XSS) via wbc_image Shortcode |
Website Content in Page or Post | Cross-Site Scripting (XSS) |
Widget4Call | Cross-Site Scripting (XSS) |
Woffice | Cross-Site Scripting (XSS) |
Woffice Core | Site Wide Cross-Site Scripting (XSS) |
Woffice Theme | Cross-Site Scripting (XSS) |
WooCommerce Predictive Search | Cross-Site Scripting (XSS) |
WooCommerce Product Table Lite | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
WooCommerce Report | Cross-Site Scripting (XSS) |
WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
WordPress Notification Bar | Cross-Site Scripting (XSS) |
WP Ajax Contact Form | Cross-Site Scripting (XSS) |
WP Announcement | Cross-Site Scripting (XSS) |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) |
WPBITS Addons For Elementor Page Builder | Cross-Site Scripting (XSS) via Multiple Widgets |
WP Cookie Law Info | Cross-Site Scripting (XSS) |
WP Directory Kit | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
WP eMember | Cross-Site Scripting (XSS) via Member Edit |
WP eMember | Unauthenticated Cross-Site Scripting (XSS) via Member Registration |
WP eStore | Multiple Cross-Site Scripting (XSS) |
WP Event Aggregator | Cross-Site Scripting (XSS) |
WP Event Manager | Cross-Site Scripting (XSS) via 'events' Shortcode |
WPFavicon | Cross-Site Scripting (XSS) |
WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP GoToWebinar | Cross-Site Scripting (XSS) |
WP Lightbox 2 | DOMBased Cross-Site Scripting (XSS) |
WP Photo Album Plus | Cross-Site Scripting (XSS) |
WPQA Builder forms Addon | Cross-Site Scripting (XSS) |
WP QuickLaTeX | Cross-Site Scripting (XSS) in Background Color field |
WP QuickLaTeX | Cross-Site Scripting (XSS) |
WpStickyBar | Cross-Site Scripting (XSS) |
WP To Do | Cross-Site Scripting (XSS) |
WP Total Branding | Cross-Site Scripting (XSS) via title Parameter |
WP Travel Engine | Cross-Site Scripting (XSS) |
WP ULike | Cross-Site Scripting (XSS) |
WS Contact Form | Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
YITH WooCommerce Ajax Product Filter | Cross-Site Scripting (XSS) |
zBench Theme | Cross-Site Scripting (XSS) |
Zenon Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Zephyr Project Manager | Cross-Site Scripting (XSS) |
Zoho Campaigns | Cross-Site Scripting (XSS) |
Zoho CRM Lead Magnet | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1929 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.