WP XSS JUL 2024

WP XSS JUL 2024: 304 Effortless WP Cross-Site Scripting

Sponsored by:

Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.

Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUL 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.

WP XSS JUL 2024

As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS JUL 2024 & WP Cross-Site Scripting category:

12 Step Meeting List Cross-Site Scripting (XSS)
3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Cross-Site Scripting (XSS)
Accordions Cross-Site Scripting (XSS)
Active Products Tables for WooCommerce Cross-Site Scripting (XSS)
Activity Reactions For Buddypress Cross-Site Scripting (XSS)
Advanced Woo Labels Cross-Site Scripting (XSS)
Ajax Load More Cross-Site Scripting (XSS)
Ali2Woo Lite Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Ali2Woo Lite Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Ali2Woo Lite Cross-Site Scripting (XSS)
All In One Redirection Cross-Site Scripting (XSS)
Amelia Cross-Site Scripting (XSS)
Anima Theme Cross-Site Scripting (XSS)
ARForms Cross-Site Scripting (XSS)
ARI Fancy Lightbox Cross-Site Scripting (XSS)
Atarim Cross-Site Scripting (XSS)
Auto Coupons for WooCommerce Cross-Site Scripting (XSS)
Bible Text Cross-Site Scripting (XSS)
BlockArt Blocks Cross-Site Scripting (XSS)
Block for Font Awesome Cross-Site Scripting (XSS)
Blocksy Theme Cross-Site Scripting (XSS)
Bloglo Theme Cross-Site Scripting (XSS)
Blogmentor – Blog Layouts for Elementor Cross-Site Scripting (XSS)
Blogmentor – Blog Layouts for Elementor Cross-Site Scripting (XSS)
Bookly Cross-Site Scripting (XSS) via Color Profile Parameter
Boostify Header Footer Builder for Elementor Cross-Site Scripting (XSS) via size Parameter
Branda Cross-Site Scripting (XSS) via SVG Upload
Branda Cross-Site Scripting (XSS)
Brave Popup Builder Cross-Site Scripting (XSS)
Brizy – Page Builder Multiple Store Cross-Site Scripting (XSS)
Brizy – Page Builder Unauthenticated Cross-Site Scripting (XSS) via Form
BSK PDF Manager Cross-Site Scripting (XSS)
Cards for Beaver Builder Cross-Site Scripting (XSS) via Cards Widget
Cards for Beaver Builder Cross-Site Scripting (XSS)
CB (legacy) Cross-Site Scripting (XSS)
Chained Quiz Cross-Site Scripting (XSS)
Chaty Cross-Site Scripting (XSS)
Church Admin Cross-Site Scripting (XSS)
Clever Addons for Elementor Cross-Site Scripting (XSS) via Multiple CAFE Widgets
Clever Fox Cross-Site Scripting (XSS)
CoBlocks Cross-Site Scripting (XSS) via Social Profiles
CoDesigner WooCommerce Builder for Elementor Cross-Site Scripting (XSS) via Multiple Widgets
Colibri Page Builder Cross-Site Scripting (XSS) via Shortcode
Collapse-O-Matic Cross-Site Scripting (XSS) via Shortcode
Contact Form Manager Cross-Site Scripting (XSS)
Conversios.io Cross-Site Scripting (XSS)
Cowidgets – Elementor Addons Cross-Site Scripting (XSS)
Create by Mediavine Cross-Site Scripting (XSS) via Schema Meta Shortcode
CSSable Countdown Cross-Site Scripting (XSS)
Custom Dash Cross-Site Scripting (XSS)
Custom Field Suite Cross-Site Scripting (XSS)
Custom Field Suite Cross-Site Scripting (XSS)
Custom Field Template Cross-Site Scripting (XSS)
Custom Field Template Cross-Site Scripting (XSS)
Custom Field Template Cross-Site Scripting (XSS)
Dashboard Widgets Suite Cross-Site Scripting (XSS)
Demo Awesome Cross-Site Scripting (XSS)
Depicter Slider Cross-Site Scripting (XSS)
DethemeKit For Elementor Cross-Site Scripting (XSS) via URL Parameter of the De Gallery Widget
DImage 360 Cross-Site Scripting (XSS)
Divi Theme Cross-Site Scripting (XSS)
DiviTorque – Divi Theme, Divi Builder and Extra Theme Cross-Site Scripting (XSS) via SVG Upload
DOP Shortcodes Cross-Site Scripting (XSS) via Shortcode
Download Attachments Cross-Site Scripting (XSS)
Download Manager Self-Based Cross-Site Scripting (XSS)
Download Manager Cross-Site Scripting (XSS)
Download Manager Cross-Site Scripting (XSS) via wpdm_modal_login_form Shortcode
e2pdf Cross-Site Scripting (XSS)
Easy Age Verify Cross-Site Scripting (XSS)
EasyAzon Cross-Site Scripting (XSS) via easyazon-cloaking-locale
Easy Social Like Box – Popup – Sidebar Widget Cross-Site Scripting (XSS) via Shortcode
Easy Table of Contents Cross-Site Scripting (XSS)
Eduma Theme Cross-Site Scripting (XSS)
Elegant Themes Icons Cross-Site Scripting (XSS)
Elementor Addon Elements Cross-Site Scripting (XSS)
Elementor – Header, Footer & Blocks Template Cross-Site Scripting (XSS) via Site Title Widget
Elementor Pro Cross-Site Scripting (XSS)
Element Pack Elementor Addons Cross-Site Scripting (XSS)
ElementsKit Pro Cross-Site Scripting (XSS)
ElementsReady Addons for Elementor Cross-Site Scripting (XSS)
Elespare Cross-Site Scripting (XSS) via Horizontal Nav Menu Widget
EmbedPress Cross-Site Scripting (XSS) via EmbedPress PDF Widget
EmbedPress Cross-Site Scripting (XSS)
EmbedSocial Cross-Site Scripting (XSS)
Empty Cart Button for WooCommerce Cross-Site Scripting (XSS)
Enfold Theme Cross-Site Scripting (XSS)
Enter Addons Cross-Site Scripting (XSS)
Envo Extra Cross-Site Scripting (XSS) via Button Widget
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Pro Cross-Site Scripting (XSS) via Lightbox and Modal Widget
Essential Real Estate Cross-Site Scripting (XSS) via Shortcode
Esteem Theme Cross-Site Scripting (XSS)
Events Addon for Elementor Cross-Site Scripting (XSS) via Multiple Widgets
Events Manager Cross-Site Scripting (XSS) via event, location, and event_category Shortcodes
Event Theme Cross-Site Scripting (XSS)
Event Tickets with Ticket Scanner Cross-Site Scripting (XSS)
Excellent Theme Cross-Site Scripting (XSS)
Exclusive Addons Elementor Cross-Site Scripting (XSS) via Card Widget
Flatsome Theme Cross-Site Scripting (XSS) via Shortcode
Flatsome Theme Cross-Site Scripting (XSS) via Shortcodes
Fluid Notification Bar Cross-Site Scripting (XSS)
FooGallery Cross-Site Scripting (XSS) via Gallery Custom URL
FooGallery Premium Cross-Site Scripting (XSS)
Formula Theme Cross-Site Scripting (XSS)
Formula Theme Cross-Site Scripting (XSS)
Frontend Checklist Cross-Site Scripting (XSS)
FS Product Inquiry Cross-Site Scripting (XSS)
FS Product Inquiry Unauthenticated Cross-Site Scripting (XSS)
Funnel Builder by CartFlows Cross-Site Scripting (XSS)
Futurio Extra Cross-Site Scripting (XSS) via Advanced Text Block Widget
Gallery Blocks with Lightbox Cross-Site Scripting (XSS) via galleryID and className Parameters
Gallery Slideshow Cross-Site Scripting (XSS)
GamiPress – Link Cross-Site Scripting (XSS)
GDPR CCPA Compliance Support Missing Authorization (BAC) to Settings Update (BAC) and Cross-Site Scripting (XSS)
GiveWP Cross-Site Scripting (XSS)
Google CSE Cross-Site Scripting (XSS)
GP Premium Cross-Site Scripting (XSS)
Greenshift – animation and page builder blocks Cross-Site Scripting (XSS)
Grey Opaque Theme Cross-Site Scripting (XSS) via Download-Button Shortcode
Groundhogg Cross-Site Scripting (XSS)
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS) via titleFont Parameter
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS) in Google Maps Widget
Gutenberg & Elementor Templates Importer For Responsive Cross-Site Scripting (XSS)
Heateor Social Login Cross-Site Scripting (XSS)
Heateor Social Login Cross-Site Scripting (XSS)
HT Feed Cross-Site Scripting (XSS)
HT Mega Cross-Site Scripting (XSS) via Multiple Widgets
Html5 Audio Player Cross-Site Scripting (XSS)
IdeaPush Cross-Site Scripting (XSS)
Idyllic Theme Cross-Site Scripting (XSS)
Infinite Photography Theme Cross-Site Scripting (XSS) via project_url Parameter
Interactive Content – H5P Cross-Site Scripting (XSS)
Interface Theme Cross-Site Scripting (XSS)
Jeg Elementor Kit Cross-Site Scripting (XSS)
JetWidgets For Elementor Cross-Site Scripting (XSS)
jQuery T(-) Countdown Widget Cross-Site Scripting (XSS)
Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor Cross-Site Scripting (XSS)
Kimili Flash Embed Cross-Site Scripting (XSS)
Kognetiks Chatbot for WordPress Cross-Site Scripting (XSS)
Link Library Cross-Site Scripting (XSS)
Login with phone number Cross-Site Scripting (XSS)
Logo Manager For Enamad Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Magical Addons For Elementor Cross-Site Scripting (XSS)
Mailster Cross-Site Scripting (XSS)
Master Addons for Elementor Cross-Site Scripting (XSS)
Master Addons for Elementor Cross-Site Scripting (XSS)
Master Slider Cross-Site Scripting (XSS)
Master Slider Cross-Site Scripting (XSS)
Materialis Companion Store Cross-Site Scripting (XSS) via materialis_contact_form Shortcode
MaxGalleria Cross-Site Scripting (XSS)
Mime Types Extended Cross-Site Scripting (XSS) via SVG Upload
MIMO Woocommerce Order Tracking Cross-Site Scripting (XSS)
Mosaic Theme Cross-Site Scripting (XSS) via Button Shortcode
My Favorites Cross-Site Scripting (XSS)
Nafeza Prayer Time Cross-Site Scripting (XSS)
Newsletter Unauthenticated Cross-Site Scripting (XSS) via np
Newsletters Cross-Site Scripting (XSS)
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Cross-Site Scripting (XSS)
NextScripts Cross-Site Scripting (XSS)
Ninja Beaver Add-ons for Beaver Builder Cross-Site Scripting (XSS)
Ocean Extra Cross-Site Scripting (XSS) via Flickr Widget
One Page Express Companion Cross-Site Scripting (XSS) via one_page_express_contact_form Shortcode
Online Booking & Scheduling Calendar for WordPress by vcita Cross-Site Scripting (XSS)
Online Booking & Scheduling Calendar for WordPress by vcita Cross-Site Scripting (XSS)
Online Booking & Scheduling Calendar for WordPress by vcita Unauthenticated Cross-Site Scripting (XSS)
Orbit Fox by ThemeIsle Cross-Site Scripting (XSS)
OSM Map Widget for Elementor Cross-Site Scripting (XSS) via id Parameter
Page Builder: Live Composer Shortcode Cross-Site Scripting (XSS)
Page Builder: Live Composer Cross-Site Scripting (XSS)
Page Builder Sandwich – Front-End Page Builder Cross-Site Scripting (XSS)
Page Builder Sandwich – Front-End Page Builder Cross-Site Scripting (XSS)
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode Cross-Site Scripting (XSS)
PDF Embedder Cross-Site Scripting (XSS)
PDF.js Viewer Cross-Site Scripting (XSS)
PDF Poster - PDF Embedder Plugin for WordPress Cross-Site Scripting (XSS)
PDF Viewer Cross-Site Scripting (XSS)
PDF Viewer for Elementor Cross-Site Scripting (XSS)
PDF Viewer for Elementor Cross-Site Scripting (XSS)
Permalink Manager Lite Cross-Site Scripting (XSS)
Photo Gallery by 10Web Cross-Site Scripting (XSS) via Zipped SVG
PixelYourSite – Your smart PIXEL (TAG) Manager Cross-Site Scripting (XSS)
Pixgraphy Theme Cross-Site Scripting (XSS)
Popup Builder Cross-Site Scripting (XSS) via Custom JS
Portfolio Gallery – Image Gallery Plugin DOM-Based Cross-Site Scripting (XSS)
PowerPack Addons for Elementor Cross-Site Scripting (XSS) via Link Effects Widget
PowerPack Lite for Beaver Builder Cross-Site Scripting (XSS)
Premium Addons for Elementor DOM-Based Cross-Site Scripting (XSS)
prettyPhoto Cross-Site Scripting (XSS) via url Parameter
Prime Slider – Addons For Elementor Cross-Site Scripting (XSS) via Pacific Widget
Print My Blog Cross-Site Scripting (XSS)
Progress Planner Cross-Site Scripting (XSS)
PropertyHive Cross-Site Scripting (XSS)
Qi Addons For Elementor Cross-Site Scripting (XSS) via Button Widget
Qi Blocks Cross-Site Scripting (XSS)
Recurring PayPal Donations Cross-Site Scripting (XSS)
Responsive Theme Cross-Site Scripting (XSS)
Responsive video embed Cross-Site Scripting (XSS)
Restaurant Menu – Food Ordering System – Table Reservation Cross-Site Scripting (XSS) via Shortcode
Restaurant Reservations Cross-Site Scripting (XSS)
RestroPress Cross-Site Scripting (XSS)
Rife Free Theme Cross-Site Scripting (XSS)
Robo Gallery Cross-Site Scripting (XSS) via Image Title
Rotating Tweets Cross-Site Scripting (XSS) via Shortcode
Royal Elementor Addons Cross-Site Scripting (XSS)
Royal Elementor Addons Cross-Site Scripting (XSS)
Royal Elementor Addons Cross-Site Scripting (XSS) via SVG Uploads
Sassy Social Share Cross-Site Scripting (XSS)
Save as PDF plugin by Pdfcrowd Cross-Site Scripting (XSS)
Scylla lite Theme Cross-Site Scripting (XSS) via Button Shortcode
SellKit Cross-Site Scripting (XSS) via id Parameter
Sensei Pro (WC Paid Courses) Cross-Site Scripting (XSS)
SEOPress Cross-Site Scripting (XSS)
SEOPress Cross-Site Scripting (XSS)
Serious Slider Cross-Site Scripting (XSS)
Shariff Cross-Site Scripting (XSS) via Shortcode
ShopLentor Cross-Site Scripting (XSS) via WL Product Horizontal Filter Widget
Shortcode Addons Cross-Site Scripting (XSS)
Shortcodes by United Themes Cross-Site Scripting (XSS)
Shortcodes Ultimate Cross-Site Scripting (XSS) via su_lightbox Shortcode
Silesia Theme Cross-Site Scripting (XSS) via Button Shortcode
Simple Ajax Chat Cross-Site Scripting (XSS)
Simple Image Popup Shortcode Cross-Site Scripting (XSS) via Shortcode
Simple Photoswipe Cross-Site Scripting (XSS)
Sina Extension for Elementor Cross-Site Scripting (XSS)
Sina Extension for Elementor DOM-Based Cross-Site Scripting (XSS)
Sinatra Theme Cross-Site Scripting (XSS)
SiteOrigin Widgets Bundle Cross-Site Scripting (XSS)
Sketchfab Embed Cross-Site Scripting (XSS)
SKT Addons for Elementor Cross-Site Scripting (XSS)
Slider Revolution Cross-Site Scripting (XSS)
Slideshow SE Cross-Site Scripting (XSS)
Social Link Pages Missing Authorization (BAC) to Arbitrary Page Creation (BAC) and Cross-Site Scripting (XSS)
Social Rocket Cross-Site Scripting (XSS)
Spotify Play Button Cross-Site Scripting (XSS)
Stackable – Page Builder Gutenberg Blocks DOM-Based Cross-Site Scripting (XSS)
Stellissimo Text Box Cross-Site Scripting (XSS)
Stratum Cross-Site Scripting (XSS) via Countdown Widget
Striking Theme Cross-Site Scripting (XSS)
Supreme Modules Lite Cross-Site Scripting (XSS)
SureTriggers Cross-Site Scripting (XSS) via Trigger Link Shortcode
Table Addons for Elementor Cross-Site Scripting (XSS)
Tabs Cross-Site Scripting (XSS)
tagDiv Composer Cross-Site Scripting (XSS) via button Shortcode
Tainacan Cross-Site Scripting (XSS)
TemplatesNext OnePager Cross-Site Scripting (XSS)
Testimonial Carousel For Elementor Cross-Site Scripting (XSS)
The7 Theme Cross-Site Scripting (XSS) via url Attribute
Themesflat Addons For Elementor Cross-Site Scripting (XSS)
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS)
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS)
The Plus Addons for Elementor Pro Cross-Site Scripting (XSS)
The Post Grid Cross-Site Scripting (XSS)
Theron Lite Theme Cross-Site Scripting (XSS) via Button Shortcode
The Ultimate WordPress Toolkit – WP Extended Cross-Site Scripting (XSS)
Tooltip CK Cross-Site Scripting (XSS)
Transition Slider – Responsive Image Slider and Gallery Cross-Site Scripting (XSS)
Typing Text Cross-Site Scripting (XSS)
Ultimate Blocks – Gutenberg Blocks Plugin Cross-Site Scripting (XSS)
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Ultimate Post Kit – Addons For Elementor Cross-Site Scripting (XSS) via Social Count (Static) Widget
Uncanny Toolkit Pro for LearnDash Cross-Site Scripting (XSS)
Video Widget Cross-Site Scripting (XSS) via Widget
Visual Composer Website Builder Cross-Site Scripting (XSS)
WC Marketplace Cross-Site Scripting (XSS) via hover_animation Parameter
Weather Widget Pro Cross-Site Scripting (XSS)
Weaver Xtreme Theme Support Cross-Site Scripting (XSS) via div Shortcode
WebP & SVG Support Cross-Site Scripting (XSS) via SVG
Widget Bundle Unauthenticated Cross-Site Scripting (XSS)
Widget Bundle Cross-Site Scripting (XSS)
WidgetKit Cross-Site Scripting (XSS)
WishList Member X Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS)
Wonder PDF Embed Cross-Site Scripting (XSS)
WooCommerce Cross-Site Scripting (XSS)
Woody ad snippets Cross-Site Scripting (XSS)
WordPress Core Cross-Site Scripting (XSS) via HTML API
WordPress Core Cross-Site Scripting (XSS) via template-part
WP Chat App Cross-Site Scripting (XSS)
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Unauthenticated Cross-Site Scripting (XSS) via Client-IP header
wpDiscuz Cross-Site Scripting (XSS)
WP Docs Cross-Site Scripting (XSS)
WP Docs Cross-Site Scripting (XSS)
WP eMember Cross-Site Scripting (XSS)
WP Flow Plus Cross-Site Scripting (XSS)
WP Google Maps Cross-Site Scripting (XSS)
WP Google Maps Cross-Site Scripting (XSS)
WP Job Portal Cross-Site Scripting (XSS)
WP Job Portal Cross-Site Scripting (XSS)
WP jQuery Lightbox Cross-Site Scripting (XSS) via title Attribute
WP-Lister Lite for Amazon Cross-Site Scripting (XSS)
WP Logs Book Unauthenticated Cross-Site Scripting (XSS)
WPMobile.App Cross-Site Scripting (XSS)
WP Mobile Menu Cross-Site Scripting (XSS) via Image Alt
WP Photo Album Plus Cross-Site Scripting (XSS)
WPPizza Cross-Site Scripting (XSS)
WP Post Author Cross-Site Scripting (XSS)
WP Secure Maintenance Cross-Site Scripting (XSS)
WP SVG images Cross-Site Scripting (XSS) via SVG
WP Time Slots Booking Form Cross-Site Scripting (XSS)
WP Visitors Tracker Cross-Site Scripting (XSS)
WPvivid Backup for MainWP Cross-Site Scripting (XSS)
WPZOOM Addons for Elementor (Templates, Widgets) Cross-Site Scripting (XSS)
YITH Custom Login Cross-Site Scripting (XSS)
YITH WooCommerce Tab Manager Cross-Site Scripting (XSS)
WordPress Cross-Site Scripting (XSS) reported in 2023: 2928
WordPress Cross-Site Scripting (XSS) reported in 2024: 1646
Contact your online project manager:

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.