WP XSS AUG 2024

WP XSS AUG 2024: 283 Effortless WP Cross-Site Scripting

Sponsored by:

Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.

Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS AUG 2024 is a -7% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.

WP XSS AUG 2024

As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS AUG 2024 & WP Cross-Site Scripting category:

Admin Dashboard RSS Feed Cross-Site Scripting (XSS)
AdPush Cross-Site Scripting (XSS)
Advanced post slider Cross-Site Scripting (XSS)
Affiliate Manager Cross-Site Scripting (XSS)
Affiliate Manager Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
AllinOne Video Gallery Cross-Site Scripting (XSS) via Video Shortcode
Amazing Hover Effects Cross-Site Scripting (XSS)
AMP for WP Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Animated AL List Cross-Site Scripting (XSS)
Animated Typed JS Shortcode Cross-Site Scripting (XSS)
Apollo13 Framework Extensions Cross-Site Scripting (XSS)
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps Cross-Site Scripting (XSS)
ARForms Form Builder Cross-Site Scripting (XSS)
Arkhe Blocks Cross-Site Scripting (XSS)
ArtPlacer Widget Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
aThemes Starter Sites Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Basil Theme Cross-Site Scripting (XSS)
bbPress Notify Cross-Site Scripting (XSS)
Beaver Builder Cross-Site Scripting (XSS)
Blog, Posts and Category Filter for Elementor Cross-Site Scripting (XSS) via Post and Category Filter Widget
Bold Page Builder Cross-Site Scripting (XSS) via bt_bb_button Shortcode
Booking Calendar Cross-Site Scripting (XSS) via bookingform Shortcode
Booking Ultra Pro Cross-Site Scripting (XSS)
Boot Store Theme Cross-Site Scripting (XSS) via Button Shortcode
Bradmax Player Cross-Site Scripting (XSS)
BSK PDF Manager Cross-Site Scripting (XSS)
Bug Library Cross-Site Scripting (XSS)
Calendar.online / Kalender.digital Cross-Site Scripting (XSS)
Caxton – Create Pro page layouts in Gutenberg Cross-Site Scripting (XSS)
CC & BCC for Woocommerce Order Emails Cross-Site Scripting (XSS)
Change From Email Cross-Site Scripting (XSS)
ChatBot Cross-Site Scripting (XSS)
CM PopUp banners Cross-Site Scripting (XSS)
CodePen Embedded Pens Shortcode Cross-Site Scripting (XSS)
codoc Cross-Site Scripting (XSS)
Comment Reply Email Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
ConeBlog – WordPress Blog Widgets Cross-Site Scripting (XSS)
Contact Form Summary and Print Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Contest Gallery Cross-Site Scripting (XSS)
CopySafe Web Protection Cross-Site Scripting (XSS)
CopySafe Web Protection Cross-Site Scripting (XSS)
Cost Calculator Builder Cross-Site Scripting (XSS)
counterpoint Theme Cross-Site Scripting (XSS)
CoziPress Theme Cross-Site Scripting (XSS)
Create by Mediavine Cross-Site Scripting (XSS)
Ditty Cross-Site Scripting (XSS)
DN Footer Contacts Cross-Site Scripting (XSS)
Donation Block For PayPal Unauthenticated Cross-Site Scripting (XSS)
Download Button for Elementor Cross-Site Scripting (XSS)
Download Manager Cross-Site Scripting (XSS) via Shortcode
Easy Custom Code (LESS/CSS/JS) – Live editing Cross-Site Scripting (XSS)
Easy Google Maps Cross-Site Scripting (XSS)
Easy Pixels Unauthenticated Cross-Site Scripting (XSS)
Easy Table of Contents Cross-Site Scripting (XSS)
Easy Testimonials Cross-Site Scripting (XSS) via Shortcode
EazyDocs Cross-Site Scripting (XSS)
EazyDocs Cross-Site Scripting (XSS)
ElementInvader Addons for Elementor Cross-Site Scripting (XSS)
Elementor Addons, Widgets and Enhancements – Stax Cross-Site Scripting (XSS)
Elementor – Header, Footer & Blocks Template DOMBased Cross-Site Scripting (XSS)
Element Pack Elementor Addons Cross-Site Scripting (XSS)
Email Encoder Bundle Cross-Site Scripting (XSS)
Embed Peertube Playlist Cross-Site Scripting (XSS)
Eventin Cross-Site Scripting (XSS)
EventON Cross-Site Scripting (XSS) via event subtitle
EventON Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC)
Events Manager Cross-Site Scripting (XSS)
Extensions for Elementor Cross-Site Scripting (XSS) via url Parameter
Extensions for Elementor Cross-Site Scripting (XSS) via EE Events and EE Flipbox Widget
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor Cross-Site Scripting (XSS)
Feeds for YouTube DOMBased Cross-Site Scripting (XSS)
Floating Social Media Links Cross-Site Scripting (XSS)
FluentForm Cross-Site Scripting (XSS)
FormFlow Cross-Site Scripting (XSS)
Formidable Forms Cross-Site Scripting (XSS)
Form Maker by 1Web Cross-Site Scripting (XSS)
FULL Customer Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter
Funnel Builder for WordPress by FunnelKit Cross-Site Scripting (XSS) via SVG Upload (BAC)
Fusion Cross-Site Scripting (XSS)
Genesis Blocks Cross-Site Scripting (XSS) via Sharing Block Attributes
Giveaways and Contests by RafflePress Cross-Site Scripting (XSS)
Goftino Cross-Site Scripting (XSS)
Goya Theme Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters
GPT3 AI Content Writer Cross-Site Scripting (XSS)
Gum Elementor Addon Cross-Site Scripting (XSS)
Gutenberg Cross-Site Scripting (XSS)
Gutenberg Blocks by Kadence Blocks DOMBased Cross-Site Scripting (XSS) via HTML Data Attributes
Gutenverse Cross-Site Scripting (XSS)
GutSlider – All in One Block Slider Cross-Site Scripting (XSS)
Happy Addons for Elementor Cross-Site Scripting (XSS) via Gradient Heading Widget
Happy Addons for Elementor Cross-Site Scripting (XSS) via PDF View Widget
HelloAsso Cross-Site Scripting (XSS)
Himalayas Theme Cross-Site Scripting (XSS)
Himer Theme Cross-Site Scripting (XSS)
Hostel Cross-Site Scripting (XSS)
HTML Forms Cross-Site Scripting (XSS)
IdeaPush Cross-Site Scripting (XSS)
IfSo Dynamic Content Personalization Cross-Site Scripting (XSS)
Image Hover Effects Caption Hover with Carousel Cross-Site Scripting (XSS)
Image Hover Effects – Elementor Addon Cross-Site Scripting (XSS) via eihe_link Parameter
Image Photo Gallery Final Tiles Grid Cross-Site Scripting (XSS)
Index WP MySQL For Speed Cross-Site Scripting (XSS)
Inline Related Posts Cross-Site Scripting (XSS)
Inline Related Posts Cross-Site Scripting (XSS)
Job Board Manager Cross-Site Scripting (XSS)
Leaflet Maps Marker Cross-Site Scripting (XSS)
Link Library Cross-Site Scripting (XSS)
Link To Bible Cross-Site Scripting (XSS)
LiteSpeed Cache Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Livemesh Addons for Beaver Builder Cross-Site Scripting (XSS)
Livemesh Addons for Elementor Multiple Cross-Site Scripting (XSS)
Login by Auth Cross-Site Scripting (XSS) via wle
Login Logo Editor Cross-Site Scripting (XSS)
Magical Addons For Elementor Cross-Site Scripting (XSS)
Magical Posts Display – Elementor & Gutenberg Posts Blocks Cross-Site Scripting (XSS)
MakeCommerce for WooCommerce Cross-Site Scripting (XSS)
Master Addons for Elementor Cross-Site Scripting (XSS)
Master Currency WP Cross-Site Scripting (XSS) via Currency Converter Form Shortcode
Master Popups Cross-Site Scripting (XSS)
MaxButtons Cross-Site Scripting (XSS)
MBE eShip Cross-Site Scripting (XSS)
Media Library Assistant Cross-Site Scripting (XSS)
Mega Elements Cross-Site Scripting (XSS)
Meks Easy Ads Widget Cross-Site Scripting (XSS)
Meks Smart Author Widget Cross-Site Scripting (XSS)
Moloni Cross-Site Scripting (XSS)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (XSS) via sonaar_audioplayer Shortcode
Multisite Content Copier/Updater Cross-Site Scripting (XSS)
Newspack Ads Cross-Site Scripting (XSS)
Newspack Campaigns Cross-Site Scripting (XSS)
NEXForms – Ultimate Form Builder Cross-Site Scripting (XSS)
NextGEN Gallery Cross-Site Scripting (XSS)
NextGEN Gallery Cross-Site Scripting (XSS)
Ocean Extra Cross-Site Scripting (XSS)
oik Cross-Site Scripting (XSS) via bw_button Shortcode
One Click Order ReOrder Missing Authorization (BAC) to Cross-Site Scripting (XSS)
OnePress Theme Cross-Site Scripting (XSS)
OpenPGP Form Encryption Cross-Site Scripting (XSS)
Pagerank Tools Cross-Site Scripting (XSS)
Panda Video Cross-Site Scripting (XSS)
ParityPress Cross-Site Scripting (XSS)
PayPlus Payment Gateway Cross-Site Scripting (XSS)
Phlox Portfolio Cross-Site Scripting (XSS) via ' Grid Portfolios'
Plugin Notes Plus Cross-Site Scripting (XSS)
Plum: Spin Wheel & Email Popup Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Post Layouts for Gutenberg Cross-Site Scripting (XSS)
Post Meta Data Manager Cross-Site Scripting (XSS)
Power BI Embedded for WordPress Cross-Site Scripting (XSS)
PowerPress Podcasting Cross-Site Scripting (XSS) via media_url Parameter
Premium Addons for Elementor Cross-Site Scripting (XSS)
Premium Addons for Elementor Cross-Site Scripting (XSS) via Countdown Widget
Premium Addons for Elementor DOMBased Cross-Site Scripting (XSS) via Animated Text Widget
Premium Blocks – Gutenberg Blocks for WordPress Cross-Site Scripting (XSS)
Pretty Simple Popup Builder Cross-Site Scripting (XSS)
Product Enquiry for WooCommerce Cross-Site Scripting (XSS)
Qi Blocks Cross-Site Scripting (XSS)
Quiz And Survey Master Cross-Site Scripting (XSS)
Quiz And Survey Master Cross-Site Scripting (XSS)
Rank Math SEO Cross-Site Scripting (XSS)
ReCaptcha Integration for WordPress Cross-Site Scripting (XSS)
Redux Framework Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS)
RegLevel Cross-Site Scripting (XSS)
Request a Quote Cross-Site Scripting (XSS)
Responsive Mobile Theme Cross-Site Scripting (XSS)
Responsive Tabs Cross-Site Scripting (XSS)
REVIEWS.io Cross-Site Scripting (XSS)
Rife Elementor Extensions & Templates Cross-Site Scripting (XSS) via Writing Effect Headline Widget
Robo Gallery Cross-Site Scripting (XSS) via Gallery Title
Royal Elementor Addons DOMBased Cross-Site Scripting (XSS) via Magazine Grid/Slider Widget
Save as PDF plugin by Pdfcrowd Cross-Site Scripting (XSS)
Schema & Structured Data for WP & AMP Cross-Site Scripting (XSS) via url Attribute
Secure Copy Content Protection and Content Locking Cross-Site Scripting (XSS)
Send email only on Reply to My Comment Cross-Site Scripting (XSS)
Send email only on Reply to My Comment Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Seriously Simple Podcasting Cross-Site Scripting (XSS)
Shortcodes Ultimate Pro Cross-Site Scripting (XSS) Cross-Site Scripting (XSS)
Simple Alert Boxes Cross-Site Scripting (XSS) via Alert Shortcode
Simple AL Slider Cross-Site Scripting (XSS)
Simple Popup Cross-Site Scripting (XSS)
Simple Post Notes Cross-Site Scripting (XSS)
Simple Responsive Slider Cross-Site Scripting (XSS)
Simple Social Share Cross-Site Scripting (XSS)
Simple Video Directory Cross-Site Scripting (XSS)
Sina Extension for Elementor Cross-Site Scripting (XSS) via read_more_text Parameter
SiteOrigin Widgets Bundle Cross-Site Scripting (XSS) in Image Grid widget
sitetweet Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
SKT Addons for Elementor Cross-Site Scripting (XSS)
SKT Skill Bar Cross-Site Scripting (XSS)
Sky Addons for Elementor Cross-Site Scripting (XSS)
Slider by 1Web Cross-Site Scripting (XSS)
Slider by 1Web Cross-Site Scripting (XSS)
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) Cross-Site Scripting (XSS)
Social Auto Poster Cross-Site Scripting (XSS)
Social Auto Poster Unauthenticated Cross-Site Scripting (XSS)
Social Media & Share Icons Cross-Site Scripting (XSS)
Social Media Widget Cross-Site Scripting (XSS)
SpiderContacts Cross-Site Scripting (XSS)
SportsPress – Sports Club & League Manager Cross-Site Scripting (XSS)
Squelch Tabs and Accordions Shortcodes Cross-Site Scripting (XSS) via tab Shortcode
Stock Ticker Cross-Site Scripting (XSS) via stock_ticker Shortcode
SULly Cross-Site Scripting (XSS)
SULly Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
SuperSaaS – online appointment scheduling Cross-Site Scripting (XSS)
Support SVG Cross-Site Scripting (XSS) via SVG Upload (BAC)
SVG Block Cross-Site Scripting (XSS) via SVG File Upload (BAC)
SVG Support Cross-Site Scripting (XSS) via SVG
Swift Framework Page Builder Cross-Site Scripting (XSS)
Swift Framework Page Builder Cross-Site Scripting (XSS) via Settings
Tabs For WPBakery Page Builder Cross-Site Scripting (XSS)
Team Members Cross-Site Scripting (XSS)
Template Kit – Export Cross-Site Scripting (XSS)
Testimonials Widget Cross-Site Scripting (XSS)
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS) via Countdown Widget
The Post Grid Cross-Site Scripting (XSS) via section title tag
Timeline Module for Beaver Builder Cross-Site Scripting (XSS)
TOCHAT.BE Unauthenticated Cross-Site Scripting (XSS)
Tournamatch Cross-Site Scripting (XSS)
Tournamatch Cross-Site Scripting (XSS) via Ladders
Tutor LMS Cross-Site Scripting (XSS)
Typebot Cross-Site Scripting (XSS)
Ultimate Addons for WPBakery Page Builder Cross-Site Scripting (XSS) via Shortcode
Ultimate Blocks – Gutenberg Blocks Plugin Cross-Site Scripting (XSS)
Ultimate Blocks – Gutenberg Blocks Plugin Cross-Site Scripting (XSS)
Ultimate Classified Listings Cross-Site Scripting (XSS)
UltraAddons Elementor Lite Cross-Site Scripting (XSS) via Multiple Widgets
UltraAddons Elementor Lite Cross-Site Scripting (XSS)
Uncanny Automator Pro Cross-Site Scripting (XSS)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Cross-Site Scripting (XSS) via 'username'
URL Shortener by MyThemeShop Cross-Site Scripting (XSS)
User Feedback Unauthenticated Cross-Site Scripting (XSS) via Name Parameter
User Submitted Posts Cross-Site Scripting (XSS)
VForm Unauthenticated Cross-Site Scripting (XSS)
VK All in One Expansion Unit Cross-Site Scripting (XSS)
Void Contact Form Widget For Elementor Page Builder Cross-Site Scripting (XSS) via cf_redirect_page Attribute
WANotifier Cross-Site Scripting (XSS)
Watu Quiz Cross-Site Scripting (XSS)
Web Directory Free Cross-Site Scripting (XSS)
Webico Slider Flatsome Addons Cross-Site Scripting (XSS) via wbc_image Shortcode
Website Content in Page or Post Cross-Site Scripting (XSS)
Widget4Call Cross-Site Scripting (XSS)
Woffice Cross-Site Scripting (XSS)
Woffice Core Site Wide Cross-Site Scripting (XSS)
Woffice Theme Cross-Site Scripting (XSS)
WooCommerce Predictive Search Cross-Site Scripting (XSS)
WooCommerce Product Table Lite Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WooCommerce Report Cross-Site Scripting (XSS)
WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WordPress Notification Bar Cross-Site Scripting (XSS)
WP Ajax Contact Form Cross-Site Scripting (XSS)
WP Announcement Cross-Site Scripting (XSS)
WPBITS Addons For Elementor Page Builder Cross-Site Scripting (XSS)
WPBITS Addons For Elementor Page Builder Cross-Site Scripting (XSS) via Multiple Widgets
WP Cookie Law Info Cross-Site Scripting (XSS)
WP Directory Kit Cross-Site Scripting (XSS)
WP eMember Cross-Site Scripting (XSS)
WP eMember Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF)
WP eMember Cross-Site Scripting (XSS) via Member Edit
WP eMember Unauthenticated Cross-Site Scripting (XSS) via Member Registration
WP eStore Multiple Cross-Site Scripting (XSS)
WP Event Aggregator Cross-Site Scripting (XSS)
WP Event Manager Cross-Site Scripting (XSS) via 'events' Shortcode
WPFavicon Cross-Site Scripting (XSS)
WP GoToWebinar Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP GoToWebinar Cross-Site Scripting (XSS)
WP Lightbox 2 DOMBased Cross-Site Scripting (XSS)
WP Photo Album Plus Cross-Site Scripting (XSS)
WPQA Builder forms Addon Cross-Site Scripting (XSS)
WP QuickLaTeX Cross-Site Scripting (XSS) in Background Color field
WP QuickLaTeX Cross-Site Scripting (XSS)
WpStickyBar Cross-Site Scripting (XSS)
WP To Do Cross-Site Scripting (XSS)
WP Total Branding Cross-Site Scripting (XSS) via title Parameter
WP Travel Engine Cross-Site Scripting (XSS)
WP ULike Cross-Site Scripting (XSS)
WS Contact Form Cross-Site Scripting (XSS)
XPlainer WooCommerce Product FAQ Cross-Site Scripting (XSS)
XPlainer WooCommerce Product FAQ Missing Authorization (BAC) to Cross-Site Scripting (XSS)
YITH WooCommerce Ajax Product Filter Cross-Site Scripting (XSS)
zBench Theme Cross-Site Scripting (XSS)
Zenon Lite Theme Cross-Site Scripting (XSS) via Button Shortcode
Zephyr Project Manager Cross-Site Scripting (XSS)
Zoho Campaigns Cross-Site Scripting (XSS)
Zoho CRM Lead Magnet Cross-Site Scripting (XSS)
WordPress Cross-Site Scripting (XSS) reported in 2023: 2928
WordPress Cross-Site Scripting (XSS) reported in 2024: 1929
Contact your online project manager:

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.