Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUL 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS JUL 2024 & WP Cross-Site Scripting category:
| 12 Step Meeting List | Cross-Site Scripting (XSS) |
| 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
| Accordions | Cross-Site Scripting (XSS) |
| Active Products Tables for WooCommerce | Cross-Site Scripting (XSS) |
| Activity Reactions For Buddypress | Cross-Site Scripting (XSS) |
| Advanced Woo Labels | Cross-Site Scripting (XSS) |
| Ajax Load More | Cross-Site Scripting (XSS) |
| Ali2Woo Lite | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Ali2Woo Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ali2Woo Lite | Cross-Site Scripting (XSS) |
| All In One Redirection | Cross-Site Scripting (XSS) |
| Amelia | Cross-Site Scripting (XSS) |
| Anima Theme | Cross-Site Scripting (XSS) |
| ARForms | Cross-Site Scripting (XSS) |
| ARI Fancy Lightbox | Cross-Site Scripting (XSS) |
| Atarim | Cross-Site Scripting (XSS) |
| Auto Coupons for WooCommerce | Cross-Site Scripting (XSS) |
| Bible Text | Cross-Site Scripting (XSS) |
| BlockArt Blocks | Cross-Site Scripting (XSS) |
| Block for Font Awesome | Cross-Site Scripting (XSS) |
| Blocksy Theme | Cross-Site Scripting (XSS) |
| Bloglo Theme | Cross-Site Scripting (XSS) |
| Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
| Blogmentor – Blog Layouts for Elementor | Cross-Site Scripting (XSS) |
| Bookly | Cross-Site Scripting (XSS) via Color Profile Parameter |
| Boostify Header Footer Builder for Elementor | Cross-Site Scripting (XSS) via size Parameter |
| Branda | Cross-Site Scripting (XSS) via SVG Upload |
| Branda | Cross-Site Scripting (XSS) |
| Brave Popup Builder | Cross-Site Scripting (XSS) |
| Brizy – Page Builder | Multiple Store Cross-Site Scripting (XSS) |
| Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
| BSK PDF Manager | Cross-Site Scripting (XSS) |
| Cards for Beaver Builder | Cross-Site Scripting (XSS) via Cards Widget |
| Cards for Beaver Builder | Cross-Site Scripting (XSS) |
| CB (legacy) | Cross-Site Scripting (XSS) |
| Chained Quiz | Cross-Site Scripting (XSS) |
| Chaty | Cross-Site Scripting (XSS) |
| Church Admin | Cross-Site Scripting (XSS) |
| Clever Addons for Elementor | Cross-Site Scripting (XSS) via Multiple CAFE Widgets |
| Clever Fox | Cross-Site Scripting (XSS) |
| CoBlocks | Cross-Site Scripting (XSS) via Social Profiles |
| CoDesigner WooCommerce Builder for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| Colibri Page Builder | Cross-Site Scripting (XSS) via Shortcode |
| Collapse-O-Matic | Cross-Site Scripting (XSS) via Shortcode |
| Contact Form Manager | Cross-Site Scripting (XSS) |
| Conversios.io | Cross-Site Scripting (XSS) |
| Cowidgets – Elementor Addons | Cross-Site Scripting (XSS) |
| Create by Mediavine | Cross-Site Scripting (XSS) via Schema Meta Shortcode |
| CSSable Countdown | Cross-Site Scripting (XSS) |
| Custom Dash | Cross-Site Scripting (XSS) |
| Custom Field Suite | Cross-Site Scripting (XSS) |
| Custom Field Suite | Cross-Site Scripting (XSS) |
| Custom Field Template | Cross-Site Scripting (XSS) |
| Custom Field Template | Cross-Site Scripting (XSS) |
| Custom Field Template | Cross-Site Scripting (XSS) |
| Dashboard Widgets Suite | Cross-Site Scripting (XSS) |
| Demo Awesome | Cross-Site Scripting (XSS) |
| Depicter Slider | Cross-Site Scripting (XSS) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) via URL Parameter of the De Gallery Widget |
| DImage 360 | Cross-Site Scripting (XSS) |
| Divi Theme | Cross-Site Scripting (XSS) |
| DiviTorque – Divi Theme, Divi Builder and Extra Theme | Cross-Site Scripting (XSS) via SVG Upload |
| DOP Shortcodes | Cross-Site Scripting (XSS) via Shortcode |
| Download Attachments | Cross-Site Scripting (XSS) |
| Download Manager | Self-Based Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) |
| Download Manager | Cross-Site Scripting (XSS) via wpdm_modal_login_form Shortcode |
| e2pdf | Cross-Site Scripting (XSS) |
| Easy Age Verify | Cross-Site Scripting (XSS) |
| EasyAzon | Cross-Site Scripting (XSS) via easyazon-cloaking-locale |
| Easy Social Like Box – Popup – Sidebar Widget | Cross-Site Scripting (XSS) via Shortcode |
| Easy Table of Contents | Cross-Site Scripting (XSS) |
| Eduma Theme | Cross-Site Scripting (XSS) |
| Elegant Themes Icons | Cross-Site Scripting (XSS) |
| Elementor Addon Elements | Cross-Site Scripting (XSS) |
| Elementor – Header, Footer & Blocks Template | Cross-Site Scripting (XSS) via Site Title Widget |
| Elementor Pro | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| ElementsKit Pro | Cross-Site Scripting (XSS) |
| ElementsReady Addons for Elementor | Cross-Site Scripting (XSS) |
| Elespare | Cross-Site Scripting (XSS) via Horizontal Nav Menu Widget |
| EmbedPress | Cross-Site Scripting (XSS) via EmbedPress PDF Widget |
| EmbedPress | Cross-Site Scripting (XSS) |
| EmbedSocial | Cross-Site Scripting (XSS) |
| Empty Cart Button for WooCommerce | Cross-Site Scripting (XSS) |
| Enfold Theme | Cross-Site Scripting (XSS) |
| Enter Addons | Cross-Site Scripting (XSS) |
| Envo Extra | Cross-Site Scripting (XSS) via Button Widget |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor Pro | Cross-Site Scripting (XSS) via Lightbox and Modal Widget |
| Essential Real Estate | Cross-Site Scripting (XSS) via Shortcode |
| Esteem Theme | Cross-Site Scripting (XSS) |
| Events Addon for Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| Events Manager | Cross-Site Scripting (XSS) via event, location, and event_category Shortcodes |
| Event Theme | Cross-Site Scripting (XSS) |
| Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
| Excellent Theme | Cross-Site Scripting (XSS) |
| Exclusive Addons Elementor | Cross-Site Scripting (XSS) via Card Widget |
| Flatsome Theme | Cross-Site Scripting (XSS) via Shortcode |
| Flatsome Theme | Cross-Site Scripting (XSS) via Shortcodes |
| Fluid Notification Bar | Cross-Site Scripting (XSS) |
| FooGallery | Cross-Site Scripting (XSS) via Gallery Custom URL |
| FooGallery Premium | Cross-Site Scripting (XSS) |
| Formula Theme | Cross-Site Scripting (XSS) |
| Formula Theme | Cross-Site Scripting (XSS) |
| Frontend Checklist | Cross-Site Scripting (XSS) |
| FS Product Inquiry | Cross-Site Scripting (XSS) |
| FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
| Funnel Builder by CartFlows | Cross-Site Scripting (XSS) |
| Futurio Extra | Cross-Site Scripting (XSS) via Advanced Text Block Widget |
| Gallery Blocks with Lightbox | Cross-Site Scripting (XSS) via galleryID and className Parameters |
| Gallery Slideshow | Cross-Site Scripting (XSS) |
| GamiPress – Link | Cross-Site Scripting (XSS) |
| GDPR CCPA Compliance Support | Missing Authorization (BAC) to Settings Update (BAC) and Cross-Site Scripting (XSS) |
| GiveWP | Cross-Site Scripting (XSS) |
| Google CSE | Cross-Site Scripting (XSS) |
| GP Premium | Cross-Site Scripting (XSS) |
| Greenshift – animation and page builder blocks | Cross-Site Scripting (XSS) |
| Grey Opaque Theme | Cross-Site Scripting (XSS) via Download-Button Shortcode |
| Groundhogg | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via titleFont Parameter |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) in Google Maps Widget |
| Gutenberg & Elementor Templates Importer For Responsive | Cross-Site Scripting (XSS) |
| Heateor Social Login | Cross-Site Scripting (XSS) |
| Heateor Social Login | Cross-Site Scripting (XSS) |
| HT Feed | Cross-Site Scripting (XSS) |
| HT Mega | Cross-Site Scripting (XSS) via Multiple Widgets |
| Html5 Audio Player | Cross-Site Scripting (XSS) |
| IdeaPush | Cross-Site Scripting (XSS) |
| Idyllic Theme | Cross-Site Scripting (XSS) |
| Infinite Photography Theme | Cross-Site Scripting (XSS) via project_url Parameter |
| Interactive Content – H5P | Cross-Site Scripting (XSS) |
| Interface Theme | Cross-Site Scripting (XSS) |
| Jeg Elementor Kit | Cross-Site Scripting (XSS) |
| JetWidgets For Elementor | Cross-Site Scripting (XSS) |
| jQuery T(-) Countdown Widget | Cross-Site Scripting (XSS) |
| Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor | Cross-Site Scripting (XSS) |
| Kimili Flash Embed | Cross-Site Scripting (XSS) |
| Kognetiks Chatbot for WordPress | Cross-Site Scripting (XSS) |
| Link Library | Cross-Site Scripting (XSS) |
| Login with phone number | Cross-Site Scripting (XSS) |
| Logo Manager For Enamad | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Magical Addons For Elementor | Cross-Site Scripting (XSS) |
| Mailster | Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) |
| Master Slider | Cross-Site Scripting (XSS) |
| Master Slider | Cross-Site Scripting (XSS) |
| Materialis Companion | Store Cross-Site Scripting (XSS) via materialis_contact_form Shortcode |
| MaxGalleria | Cross-Site Scripting (XSS) |
| Mime Types Extended | Cross-Site Scripting (XSS) via SVG Upload |
| MIMO Woocommerce Order Tracking | Cross-Site Scripting (XSS) |
| Mosaic Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| My Favorites | Cross-Site Scripting (XSS) |
| Nafeza Prayer Time | Cross-Site Scripting (XSS) |
| Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
| Newsletters | Cross-Site Scripting (XSS) |
| Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Cross-Site Scripting (XSS) |
| NextScripts | Cross-Site Scripting (XSS) |
| Ninja Beaver Add-ons for Beaver Builder | Cross-Site Scripting (XSS) |
| Ocean Extra | Cross-Site Scripting (XSS) via Flickr Widget |
| One Page Express Companion | Cross-Site Scripting (XSS) via one_page_express_contact_form Shortcode |
| Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
| Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Scripting (XSS) |
| Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
| Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) |
| OSM Map Widget for Elementor | Cross-Site Scripting (XSS) via id Parameter |
| Page Builder: Live Composer | Shortcode Cross-Site Scripting (XSS) |
| Page Builder: Live Composer | Cross-Site Scripting (XSS) |
| Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
| Page Builder Sandwich – Front-End Page Builder | Cross-Site Scripting (XSS) |
| PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
| PDF Embedder | Cross-Site Scripting (XSS) |
| PDF.js Viewer | Cross-Site Scripting (XSS) |
| PDF Poster - PDF Embedder Plugin for WordPress | Cross-Site Scripting (XSS) |
| PDF Viewer | Cross-Site Scripting (XSS) |
| PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
| PDF Viewer for Elementor | Cross-Site Scripting (XSS) |
| Permalink Manager Lite | Cross-Site Scripting (XSS) |
| Photo Gallery by 10Web | Cross-Site Scripting (XSS) via Zipped SVG |
| PixelYourSite – Your smart PIXEL (TAG) Manager | Cross-Site Scripting (XSS) |
| Pixgraphy Theme | Cross-Site Scripting (XSS) |
| Popup Builder | Cross-Site Scripting (XSS) via Custom JS |
| Portfolio Gallery – Image Gallery Plugin | DOM-Based Cross-Site Scripting (XSS) |
| PowerPack Addons for Elementor | Cross-Site Scripting (XSS) via Link Effects Widget |
| PowerPack Lite for Beaver Builder | Cross-Site Scripting (XSS) |
| Premium Addons for Elementor | DOM-Based Cross-Site Scripting (XSS) |
| prettyPhoto | Cross-Site Scripting (XSS) via url Parameter |
| Prime Slider – Addons For Elementor | Cross-Site Scripting (XSS) via Pacific Widget |
| Print My Blog | Cross-Site Scripting (XSS) |
| Progress Planner | Cross-Site Scripting (XSS) |
| PropertyHive | Cross-Site Scripting (XSS) |
| Qi Addons For Elementor | Cross-Site Scripting (XSS) via Button Widget |
| Qi Blocks | Cross-Site Scripting (XSS) |
| Recurring PayPal Donations | Cross-Site Scripting (XSS) |
| Responsive Theme | Cross-Site Scripting (XSS) |
| Responsive video embed | Cross-Site Scripting (XSS) |
| Restaurant Menu – Food Ordering System – Table Reservation | Cross-Site Scripting (XSS) via Shortcode |
| Restaurant Reservations | Cross-Site Scripting (XSS) |
| RestroPress | Cross-Site Scripting (XSS) |
| Rife Free Theme | Cross-Site Scripting (XSS) |
| Robo Gallery | Cross-Site Scripting (XSS) via Image Title |
| Rotating Tweets | Cross-Site Scripting (XSS) via Shortcode |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) via SVG Uploads |
| Sassy Social Share | Cross-Site Scripting (XSS) |
| Save as PDF plugin by Pdfcrowd | Cross-Site Scripting (XSS) |
| Scylla lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| SellKit | Cross-Site Scripting (XSS) via id Parameter |
| Sensei Pro (WC Paid Courses) | Cross-Site Scripting (XSS) |
| SEOPress | Cross-Site Scripting (XSS) |
| SEOPress | Cross-Site Scripting (XSS) |
| Serious Slider | Cross-Site Scripting (XSS) |
| Shariff | Cross-Site Scripting (XSS) via Shortcode |
| ShopLentor | Cross-Site Scripting (XSS) via WL Product Horizontal Filter Widget |
| Shortcode Addons | Cross-Site Scripting (XSS) |
| Shortcodes by United Themes | Cross-Site Scripting (XSS) |
| Shortcodes Ultimate | Cross-Site Scripting (XSS) via su_lightbox Shortcode |
| Silesia Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| Simple Ajax Chat | Cross-Site Scripting (XSS) |
| Simple Image Popup Shortcode | Cross-Site Scripting (XSS) via Shortcode |
| Simple Photoswipe | Cross-Site Scripting (XSS) |
| Sina Extension for Elementor | Cross-Site Scripting (XSS) |
| Sina Extension for Elementor | DOM-Based Cross-Site Scripting (XSS) |
| Sinatra Theme | Cross-Site Scripting (XSS) |
| SiteOrigin Widgets Bundle | Cross-Site Scripting (XSS) |
| Sketchfab Embed | Cross-Site Scripting (XSS) |
| SKT Addons for Elementor | Cross-Site Scripting (XSS) |
| Slider Revolution | Cross-Site Scripting (XSS) |
| Slideshow SE | Cross-Site Scripting (XSS) |
| Social Link Pages | Missing Authorization (BAC) to Arbitrary Page Creation (BAC) and Cross-Site Scripting (XSS) |
| Social Rocket | Cross-Site Scripting (XSS) |
| Spotify Play Button | Cross-Site Scripting (XSS) |
| Stackable – Page Builder Gutenberg Blocks | DOM-Based Cross-Site Scripting (XSS) |
| Stellissimo Text Box | Cross-Site Scripting (XSS) |
| Stratum | Cross-Site Scripting (XSS) via Countdown Widget |
| Striking Theme | Cross-Site Scripting (XSS) |
| Supreme Modules Lite | Cross-Site Scripting (XSS) |
| SureTriggers | Cross-Site Scripting (XSS) via Trigger Link Shortcode |
| Table Addons for Elementor | Cross-Site Scripting (XSS) |
| Tabs | Cross-Site Scripting (XSS) |
| tagDiv Composer | Cross-Site Scripting (XSS) via button Shortcode |
| Tainacan | Cross-Site Scripting (XSS) |
| TemplatesNext OnePager | Cross-Site Scripting (XSS) |
| Testimonial Carousel For Elementor | Cross-Site Scripting (XSS) |
| The7 Theme | Cross-Site Scripting (XSS) via url Attribute |
| Themesflat Addons For Elementor | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Pro | Cross-Site Scripting (XSS) |
| The Post Grid | Cross-Site Scripting (XSS) |
| Theron Lite Theme | Cross-Site Scripting (XSS) via Button Shortcode |
| The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
| Tooltip CK | Cross-Site Scripting (XSS) |
| Transition Slider – Responsive Image Slider and Gallery | Cross-Site Scripting (XSS) |
| Typing Text | Cross-Site Scripting (XSS) |
| Ultimate Blocks – Gutenberg Blocks Plugin | Cross-Site Scripting (XSS) |
| Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Ultimate Post Kit – Addons For Elementor | Cross-Site Scripting (XSS) via Social Count (Static) Widget |
| Uncanny Toolkit Pro for LearnDash | Cross-Site Scripting (XSS) |
| Video Widget | Cross-Site Scripting (XSS) via Widget |
| Visual Composer Website Builder | Cross-Site Scripting (XSS) |
| WC Marketplace | Cross-Site Scripting (XSS) via hover_animation Parameter |
| Weather Widget Pro | Cross-Site Scripting (XSS) |
| Weaver Xtreme Theme Support | Cross-Site Scripting (XSS) via div Shortcode |
| WebP & SVG Support | Cross-Site Scripting (XSS) via SVG |
| Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
| Widget Bundle | Cross-Site Scripting (XSS) |
| WidgetKit | Cross-Site Scripting (XSS) |
| WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
| Wonder PDF Embed | Cross-Site Scripting (XSS) |
| WooCommerce | Cross-Site Scripting (XSS) |
| Woody ad snippets | Cross-Site Scripting (XSS) |
| WordPress Core | Cross-Site Scripting (XSS) via HTML API |
| WordPress Core | Cross-Site Scripting (XSS) via template-part |
| WP Chat App | Cross-Site Scripting (XSS) |
| WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
| wpDiscuz | Cross-Site Scripting (XSS) |
| WP Docs | Cross-Site Scripting (XSS) |
| WP Docs | Cross-Site Scripting (XSS) |
| WP eMember | Cross-Site Scripting (XSS) |
| WP Flow Plus | Cross-Site Scripting (XSS) |
| WP Google Maps | Cross-Site Scripting (XSS) |
| WP Google Maps | Cross-Site Scripting (XSS) |
| WP Job Portal | Cross-Site Scripting (XSS) |
| WP Job Portal | Cross-Site Scripting (XSS) |
| WP jQuery Lightbox | Cross-Site Scripting (XSS) via title Attribute |
| WP-Lister Lite for Amazon | Cross-Site Scripting (XSS) |
| WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
| WPMobile.App | Cross-Site Scripting (XSS) |
| WP Mobile Menu | Cross-Site Scripting (XSS) via Image Alt |
| WP Photo Album Plus | Cross-Site Scripting (XSS) |
| WPPizza | Cross-Site Scripting (XSS) |
| WP Post Author | Cross-Site Scripting (XSS) |
| WP Secure Maintenance | Cross-Site Scripting (XSS) |
| WP SVG images | Cross-Site Scripting (XSS) via SVG |
| WP Time Slots Booking Form | Cross-Site Scripting (XSS) |
| WP Visitors Tracker | Cross-Site Scripting (XSS) |
| WPvivid Backup for MainWP | Cross-Site Scripting (XSS) |
| WPZOOM Addons for Elementor (Templates, Widgets) | Cross-Site Scripting (XSS) |
| YITH Custom Login | Cross-Site Scripting (XSS) |
| YITH WooCommerce Tab Manager | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 1646 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.