Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUL 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS JUL 2024 & WP Cross-Site Scripting category:
12 Step Meeting List | Cross-Site Scripting (XSS) |
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
Accordions | Cross-Site Scripting (XSS) |
Active Products Tables for WooCommerce | Cross-Site Scripting (XSS) |
Activity Reactions For Buddypress | Cross-Site Scripting (XSS) |
Advanced Woo Labels | Cross-Site Scripting (XSS) |
Ajax Load More | Cross-Site Scripting (XSS) |
Ali2Woo Lite | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Ali2Woo Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ali2Woo Lite | Cross-Site Scripting (XSS) |
All In One Redirection | Cross-Site Scripting (XSS) |
Amelia | Cross-Site Scripting (XSS) |
Anima Theme | Cross-Site Scripting (XSS) |
ARForms | Cross-Site Scripting (XSS) |
ARI Fancy Lightbox | Cross-Site Scripting (XSS) |
Atarim | Cross-Site Scripting (XSS) |
Auto Coupons for WooCommerce | Cross-Site Scripting (XSS) |
Bible Text | Cross-Site Scripting (XSS) |
BlockArt Blocks | Cross-Site Scripting (XSS) |
Block for Font Awesome | Cross-Site Scripting (XSS) |
Blocksy Theme | Cross-Site Scripting (XSS) |
Bloglo Theme | Cross-Site Scripting (XSS) |
Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
Bookly | Cross-Site Scripting (XSS) via Color Profile Parameter |
Boostify Header Footer Builder for Elementor | Cross-Site Scripting (XSS) via size Parameter |
Branda | Cross-Site Scripting (XSS) via SVG Upload |
Branda | Cross-Site Scripting (XSS) |
Brave Popup Builder | Cross-Site Scripting (XSS) |
Brizy – Page Builder | Multiple Store Cross-Site Scripting (XSS) |
Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
BSK PDF Manager | Cross-Site Scripting (XSS) |
Cards for Beaver Builder | Cross-Site Scripting (XSS) via Cards Widget |
Cards for Beaver Builder | Cross-Site Scripting (XSS) |
CB (legacy) | Cross-Site Scripting (XSS) |
Chained Quiz | Cross-Site Scripting (XSS) |
Chaty | Cross-Site Scripting (XSS) |
Church Admin | Cross-Site Scripting (XSS) |
Clever Addons for Elementor | Cross-Site Scripting (XSS) via Multiple CAFE Widgets |
Clever Fox | Cross-Site Scripting (XSS) |
CoBlocks | Cross-Site Scripting (XSS) via Social Profiles |
CoDesigner WooCommerce Builder for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Colibri Page Builder | Cross-Site Scripting (XSS) via Shortcode |
Collapse-O-Matic | Cross-Site Scripting (XSS) via Shortcode |
Contact Form Manager | Cross-Site Scripting (XSS) |
Conversios.io | Cross-Site Scripting (XSS) |
Cowidgets – Elementor Addons | Cross-Site Scripting (XSS) |
Create by Mediavine | Cross-Site Scripting (XSS) via Schema Meta Shortcode |
CSSable Countdown | Cross-Site Scripting (XSS) |
Custom Dash | Cross-Site Scripting (XSS) |
Custom Field Suite | Cross-Site Scripting (XSS) |
Custom Field Suite | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Custom Field Template | Cross-Site Scripting (XSS) |
Dashboard Widgets Suite | Cross-Site Scripting (XSS) |
Demo Awesome | Cross-Site Scripting (XSS) |
Depicter Slider | Cross-Site Scripting (XSS) |
DethemeKit For Elementor | Cross-Site Scripting (XSS) via URL Parameter of the De Gallery Widget |
DImage 360 | Cross-Site Scripting (XSS) |
Divi Theme | Cross-Site Scripting (XSS) |
DiviTorque – Divi Theme, Divi Builder and Extra Theme | Cross-Site Scripting (XSS) via SVG Upload |
DOP Shortcodes | Cross-Site Scripting (XSS) via Shortcode |
Download Attachments | Cross-Site Scripting (XSS) |
Download Manager | Self-Based Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) |
Download Manager | Cross-Site Scripting (XSS) via wpdm_modal_login_form Shortcode |
e2pdf | Cross-Site Scripting (XSS) |
Easy Age Verify | Cross-Site Scripting (XSS) |
EasyAzon | Cross-Site Scripting (XSS) via easyazon-cloaking-locale |
Easy Social Like Box – Popup – Sidebar Widget | Cross-Site Scripting (XSS) via Shortcode |
Easy Table of Contents | Cross-Site Scripting (XSS) |
Eduma Theme | Cross-Site Scripting (XSS) |
Elegant Themes Icons | Cross-Site Scripting (XSS) |
Elementor Addon Elements | Cross-Site Scripting (XSS) |
Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) via Site Title Widget |
Elementor Pro | Cross-Site Scripting (XSS) |
Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
ElementsKit Pro | Cross-Site Scripting (XSS) |
ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
Elespare | Cross-Site Scripting (XSS) via Horizontal Nav Menu Widget |
EmbedPress | Cross-Site Scripting (XSS) via EmbedPress PDF Widget |
EmbedPress | Cross-Site Scripting (XSS) |
EmbedSocial | Cross-Site Scripting (XSS) |
Empty Cart Button for WooCommerce | Cross-Site Scripting (XSS) |
Enfold Theme | Cross-Site Scripting (XSS) |
Enter Addons | Cross-Site Scripting (XSS) |
Envo Extra | Cross-Site Scripting (XSS) via Button Widget |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor | Cross-Site Scripting (XSS) |
Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via Lightbox and Modal Widget |
Essential Real Estate | Cross-Site Scripting (XSS) via Shortcode |
Esteem Theme | Cross-Site Scripting (XSS) |
Events Addon for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
Events Manager | Cross-Site Scripting (XSS) via event, location, and event_category Shortcodes |
Event Theme | Cross-Site Scripting (XSS) |
Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
Excellent Theme | Cross-Site Scripting (XSS) |
Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Card Widget |
Flatsome Theme | Cross-Site Scripting (XSS) via Shortcode |
Flatsome Theme | Cross-Site Scripting (XSS) via Shortcodes |
Fluid Notification Bar | Cross-Site Scripting (XSS) |
FooGallery | Cross-Site Scripting (XSS) via Gallery Custom URL |
FooGallery Premium | Cross-Site Scripting (XSS) |
Formula Theme | Cross-Site Scripting (XSS) |
Formula Theme | Cross-Site Scripting (XSS) |
Frontend Checklist | Cross-Site Scripting (XSS) |
FS Product Inquiry | Cross-Site Scripting (XSS) |
FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
Funnel Builder by CartFlows | Cross-Site Scripting (XSS) |
Futurio Extra | Cross-Site Scripting (XSS) via Advanced Text Block Widget |
Gallery Blocks with Lightbox | Cross-Site Scripting (XSS) via galleryID and className Parameters |
Gallery Slideshow | Cross-Site Scripting (XSS) |
GamiPress – Link | Cross-Site Scripting (XSS) |
GDPR CCPA Compliance Support | Missing Authorization (BAC) to Settings Update (BAC) and Cross-Site Scripting (XSS) |
GiveWP | Cross-Site Scripting (XSS) |
Google CSE | Cross-Site Scripting (XSS) |
GP Premium | Cross-Site Scripting (XSS) |
Greenshift – animation and page builder blocks | Cross-Site Scripting (XSS) |
Grey Opaque Theme | Cross-Site Scripting (XSS) via Download-Button Shortcode |
Groundhogg | Cross-Site Scripting (XSS) |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via titleFont Parameter |
Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) in Google Maps Widget |
Gutenberg & Elementor Templates Importer For Responsive | Cross-Site Scripting (XSS) |
Heateor Social Login | Cross-Site Scripting (XSS) |
Heateor Social Login | Cross-Site Scripting (XSS) |
HT Feed | Cross-Site Scripting (XSS) |
HT Mega | Cross-Site Scripting (XSS) via Multiple Widgets |
Html5 Audio Player | Cross-Site Scripting (XSS) |
IdeaPush | Cross-Site Scripting (XSS) |
Idyllic Theme | Cross-Site Scripting (XSS) |
Infinite Photography Theme | Cross-Site Scripting (XSS) via project_url Parameter |
Interactive Content – H5P | Cross-Site Scripting (XSS) |
Interface Theme | Cross-Site Scripting (XSS) |
Jeg Elementor Kit | Cross-Site Scripting (XSS) |
JetWidgets For Elementor | Cross-Site Scripting (XSS) |
jQuery T(-) Countdown Widget | Cross-Site Scripting (XSS) |
Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor | Cross-Site Scripting (XSS) |
Kimili Flash Embed | Cross-Site Scripting (XSS) |
Kognetiks Chatbot for WordPress | Cross-Site Scripting (XSS) |
Link Library | Cross-Site Scripting (XSS) |
Login with phone number | Cross-Site Scripting (XSS) |
Logo Manager For Enamad | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Magical Addons For Elementor | Cross-Site Scripting (XSS) |
Mailster | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Master Slider | Cross-Site Scripting (XSS) |
Materialis Companion | Store Cross-Site Scripting (XSS) via materialis_contact_form Shortcode |
MaxGalleria | Cross-Site Scripting (XSS) |
Mime Types Extended | Cross-Site Scripting (XSS) via SVG Upload |
MIMO Woocommerce Order Tracking | Cross-Site Scripting (XSS) |
Mosaic Theme | Cross-Site Scripting (XSS) via Button Shortcode |
My Favorites | Cross-Site Scripting (XSS) |
Nafeza Prayer Time | Cross-Site Scripting (XSS) |
Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
Newsletters | Cross-Site Scripting (XSS) |
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Cross-Site Scripting (XSS) |
NextScripts | Cross-Site Scripting (XSS) |
Ninja Beaver Add-ons for Beaver Builder | Cross-Site Scripting (XSS) |
Ocean Extra | Cross-Site Scripting (XSS) via Flickr Widget |
One Page Express Companion | Cross-Site Scripting (XSS) via one_page_express_contact_form Shortcode |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) |
OSM Map Widget for Elementor | Cross-Site Scripting (XSS) via id Parameter |
Page Builder: Live Composer | Shortcode Cross-Site Scripting (XSS) |
Page Builder: Live Composer | Cross-Site Scripting (XSS) |
Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
PDF Embedder | Cross-Site Scripting (XSS) |
PDF.js Viewer | Cross-Site Scripting (XSS) |
PDF Poster - PDF Embedder Plugin for WordPress | Cross-Site Scripting (XSS) |
PDF Viewer | Cross-Site Scripting (XSS) |
PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
Permalink Manager Lite | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) via Zipped SVG |
PixelYourSite – Your smart PIXEL (TAG) Manager | Cross-Site Scripting (XSS) |
Pixgraphy Theme | Cross-Site Scripting (XSS) |
Popup Builder | Cross-Site Scripting (XSS) via Custom JS |
Portfolio Gallery – Image Gallery Plugin | DOM-Based Cross-Site Scripting (XSS) |
PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via Link Effects Widget |
PowerPack Lite for Beaver Builder | Cross-Site Scripting (XSS) |
Premium Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) |
prettyPhoto | Cross-Site Scripting (XSS) via url Parameter |
Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) via Pacific Widget |
Print My Blog | Cross-Site Scripting (XSS) |
Progress Planner | Cross-Site Scripting (XSS) |
PropertyHive | Cross-Site Scripting (XSS) |
Qi Addons For Elementor | Cross-Site Scripting (XSS) via Button Widget |
Qi Blocks | Cross-Site Scripting (XSS) |
Recurring PayPal Donations | Cross-Site Scripting (XSS) |
Responsive Theme | Cross-Site Scripting (XSS) |
Responsive video embed | Cross-Site Scripting (XSS) |
Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) via Shortcode |
Restaurant Reservations | Cross-Site Scripting (XSS) |
RestroPress | Cross-Site Scripting (XSS) |
Rife Free Theme | Cross-Site Scripting (XSS) |
Robo Gallery | Cross-Site Scripting (XSS) via Image Title |
Rotating Tweets | Cross-Site Scripting (XSS) via Shortcode |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) |
Royal Elementor Addons | Cross-Site Scripting (XSS) via SVG Uploads |
Sassy Social Share | Cross-Site Scripting (XSS) |
Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
Scylla lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
SellKit | Cross-Site Scripting (XSS) via id Parameter |
Sensei Pro (WC Paid Courses) | Cross-Site Scripting (XSS) |
SEOPress | Cross-Site Scripting (XSS) |
SEOPress | Cross-Site Scripting (XSS) |
Serious Slider | Cross-Site Scripting (XSS) |
Shariff | Cross-Site Scripting (XSS) via Shortcode |
ShopLentor | Cross-Site Scripting (XSS) via WL Product Horizontal Filter Widget |
Shortcode Addons | Cross-Site Scripting (XSS) |
Shortcodes by United Themes | Cross-Site Scripting (XSS) |
Shortcodes Ultimate | Cross-Site Scripting (XSS) via su_lightbox Shortcode |
Silesia Theme | Cross-Site Scripting (XSS) via Button Shortcode |
Simple Ajax Chat | Cross-Site Scripting (XSS) |
Simple Image Popup Shortcode | Cross-Site Scripting (XSS) via Shortcode |
Simple Photoswipe | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | Cross-Site Scripting (XSS) |
Sina Extension for Elementor | DOM-Based Cross-Site Scripting (XSS) |
Sinatra Theme | Cross-Site Scripting (XSS) |
SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) |
Sketchfab Embed | Cross-Site Scripting (XSS) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
Slider Revolution | Cross-Site Scripting (XSS) |
Slideshow SE | Cross-Site Scripting (XSS) |
Social Link Pages | Missing Authorization (BAC) to Arbitrary Page Creation (BAC) and Cross-Site Scripting (XSS) |
Social Rocket | Cross-Site Scripting (XSS) |
Spotify Play Button | Cross-Site Scripting (XSS) |
Stackable – Page Builder Gutenberg Blocks | DOM-Based Cross-Site Scripting (XSS) |
Stellissimo Text Box | Cross-Site Scripting (XSS) |
Stratum | Cross-Site Scripting (XSS) via Countdown Widget |
Striking Theme | Cross-Site Scripting (XSS) |
Supreme Modules Lite | Cross-Site Scripting (XSS) |
SureTriggers | Cross-Site Scripting (XSS) via Trigger Link Shortcode |
Table Addons for Elementor | Cross-Site Scripting (XSS) |
Tabs | Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Scripting (XSS) via button Shortcode |
Tainacan | Cross-Site Scripting (XSS) |
TemplatesNext OnePager | Cross-Site Scripting (XSS) |
Testimonial Carousel For Elementor | Cross-Site Scripting (XSS) |
The7 Theme | Cross-Site Scripting (XSS) via url Attribute |
Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Pro | Cross-Site Scripting (XSS) |
The Post Grid | Cross-Site Scripting (XSS) |
Theron Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
Tooltip CK | Cross-Site Scripting (XSS) |
Transition Slider – Responsive Image Slider and Gallery | Cross-Site Scripting (XSS) |
Typing Text | Cross-Site Scripting (XSS) |
Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Ultimate Post Kit – Addons For Elementor | Cross-Site Scripting (XSS) via Social Count (Static) Widget |
Uncanny Toolkit Pro for LearnDash | Cross-Site Scripting (XSS) |
Video Widget | Cross-Site Scripting (XSS) via Widget |
Visual Composer Website Builder | Cross-Site Scripting (XSS) |
WC Marketplace | Cross-Site Scripting (XSS) via hover_animation Parameter |
Weather Widget Pro | Cross-Site Scripting (XSS) |
Weaver Xtreme Theme Support | Cross-Site Scripting (XSS) via div Shortcode |
WebP & SVG Support | Cross-Site Scripting (XSS) via SVG |
Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
Widget Bundle | Cross-Site Scripting (XSS) |
WidgetKit | Cross-Site Scripting (XSS) |
WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
Wonder PDF Embed | Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
Woody ad snippets | Cross-Site Scripting (XSS) |
WordPress Core | Cross-Site Scripting (XSS) via HTML API |
WordPress Core | Cross-Site Scripting (XSS) via template-part |
WP Chat App | Cross-Site Scripting (XSS) |
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
wpDiscuz | Cross-Site Scripting (XSS) |
WP Docs | Cross-Site Scripting (XSS) |
WP Docs | Cross-Site Scripting (XSS) |
WP eMember | Cross-Site Scripting (XSS) |
WP Flow Plus | Cross-Site Scripting (XSS) |
WP Google Maps | Cross-Site Scripting (XSS) |
WP Google Maps | Cross-Site Scripting (XSS) |
WP Job Portal | Cross-Site Scripting (XSS) |
WP Job Portal | Cross-Site Scripting (XSS) |
WP jQuery Lightbox | Cross-Site Scripting (XSS) via title Attribute |
WP-Lister Lite for Amazon | Cross-Site Scripting (XSS) |
WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
WPMobile.App | Cross-Site Scripting (XSS) |
WP Mobile Menu | Cross-Site Scripting (XSS) via Image Alt |
WP Photo Album Plus | Cross-Site Scripting (XSS) |
WPPizza | Cross-Site Scripting (XSS) |
WP Post Author | Cross-Site Scripting (XSS) |
WP Secure Maintenance | Cross-Site Scripting (XSS) |
WP SVG images | Cross-Site Scripting (XSS) via SVG |
WP Time Slots Booking Form | Cross-Site Scripting (XSS) |
WP Visitors Tracker | Cross-Site Scripting (XSS) |
WPvivid Backup for MainWP | Cross-Site Scripting (XSS) |
WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) |
YITH Custom Login | Cross-Site Scripting (XSS) |
YITH WooCommerce Tab Manager | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 1646 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.