WP XSS JUN 2024

WP XSS JUN 2024: 288 Effortless WP Cross-Site Scripting

Sponsored by:

Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.

Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS JUN 2024 is a -16% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.

WP XSS JUN 2024

As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS JUN 2024 & WP Cross-Site Scripting category:

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Cross-Site Scripting (XSS) via Bookmark URL
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Cross-Site Scripting (XSS)
AA Cash Calculator Cross-Site Scripting (XSS) via invoice
Add Custom CSS and JS Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
ADFO Cross-Site Scripting (XSS)
Advanced Ads – Ad Manager & AdSense Cross-Site Scripting (XSS) via Ad Widget
Advanced iFrame Cross-Site Scripting (XSS)
All Bootstrap Blocks Cross-Site Scripting (XSS)
Atarim Unauthenticated Cross-Site Scripting (XSS)
Automatic Cross-Site Scripting (XSS) via autoplay Parameter
Automatic Translator with Auto Translate Cross-Site Scripting (XSS) via Custom Font
Awesome Contact Form7 for Elementor Cross-Site Scripting (XSS) via AEP Contact Form Widget
AWSOM News Announcement Cross-Site Scripting (XSS)
Base64 Encoder/Decoder Cross-Site Scripting (XSS)
Base64 Encoder/Decoder Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Beaver Builder Cross-Site Scripting (XSS)
Beaver Builder Cross-Site Scripting (XSS) via photo widget crop attribute
Better Elementor Addons Cross-Site Scripting (XSS)
Blocksy Companion Cross-Site Scripting (XSS) via SVG Upload (BAC)s
Blocksy Theme Cross-Site Scripting (XSS)
Blocksy Theme Cross-Site Scripting (XSS)
BlogLentor Cross-Site Scripting (XSS)
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg Cross-Site Scripting (XSS)
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg Cross-Site Scripting (XSS) via Multiple Widgets
Breakdance Cross-Site Scripting (XSS)
Brozzme Scroll Top Cross-Site Scripting (XSS)
BuddyPress Cross-Site Scripting (XSS)
Button contact VR Cross-Site Scripting (XSS)
Carousel Slider Cross-Site Scripting (XSS)
ChaosTheory Theme Cross-Site Scripting (XSS)
Comments Evolved for WordPress Cross-Site Scripting (XSS)
Comparison Slider Cross-Site Scripting (XSS)
Configure Login Timeout Cross-Site Scripting (XSS)
Contact Form & Lead Form Elementor Builder Cross-Site Scripting (XSS)
Content Blocks (Custom Post Widget) Cross-Site Scripting (XSS)
Content Views Cross-Site Scripting (XSS) via pagingType Parameter
Conversational Forms for ChatBot Cross-Site Scripting (XSS)
Corona Virus (COVID-19) Banner & Live Data Cross-Site Scripting (XSS)
Cost Calculator Builder Pro Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC)
Counter Up Cross-Site Scripting (XSS)
Crelly Slider Cross-Site Scripting (XSS)
Custom Field Suite Cross-Site Scripting (XSS)
Custom Fonts – Host Your Fonts Locally Cross-Site Scripting (XSS)
Custom Post Type Attachment Cross-Site Scripting (XSS) via pdf_attachment Shortcode
Debug Info Cross-Site Scripting (XSS)
DethemeKit For Elementor Cross-Site Scripting (XSS)
DethemeKit For Elementor Cross-Site Scripting (XSS) via Multiple Widgets
DethemeKit For Elementor Cross-Site Scripting (XSS) via slitems Attribute
Ditty Cross-Site Scripting (XSS)
Divi Builder DOM-Based Cross-Site Scripting (XSS)
Divi Theme DOM-Based Cross-Site Scripting (XSS)
Download Alt Text AI Cross-Site Scripting (XSS)
Download Manager Cross-Site Scripting (XSS) via wpdm-all-packages Shortcode
Easy Affiliate Links Cross-Site Scripting (XSS)
EasyEvent Cross-Site Scripting (XSS)
Edge Theme Cross-Site Scripting (XSS)
Elegant Addons for elementor Cross-Site Scripting (XSS) via HTML tags
Elegant Blocks Cross-Site Scripting (XSS)
Elementor – Header, Footer & Blocks Template Cross-Site Scripting (XSS)
Elementor – Header, Footer & Blocks Template Cross-Site Scripting (XSS)
Elementor Pro DOM-Based Cross-Site Scripting (XSS)
Elementor Website Builder DOM-Based Cross-Site Scripting (XSS)
Element Pack Elementor Addons Cross-Site Scripting (XSS) via custom_attributes
Elements kit Elementor addons Cross-Site Scripting (XSS) via Image Accordion Widget
ElementsKit Pro Cross-Site Scripting (XSS)
ElementsReady Addons for Elementor Cross-Site Scripting (XSS)
EmbedPress Cross-Site Scripting (XSS) via id Parameter
Enter Addons Cross-Site Scripting (XSS) via Heading widget
Envo Extra Cross-Site Scripting (XSS)
Envo's Elementor Templates & Widgets for WooCommerce Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS) via 'Interactive Circles'
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS) via Twitter Feed
Essential Addons for Elementor Pro Cross-Site Scripting (XSS) via Team Member Carousel Widget
Essential Blocks for Gutenberg Cross-Site Scripting (XSS)
Exclusive Addons Elementor Cross-Site Scripting (XSS) via Team Member Widget
Extra Theme DOM-Based Cross-Site Scripting (XSS)
Falang multilanguage Cross-Site Scripting (XSS)
Fancy Elementor Flipbox Cross-Site Scripting (XSS)
Fancy Product Designer Cross-Site Scripting (XSS)
Featured Content Gallery Cross-Site Scripting (XSS)
Fetch JFT Cross-Site Scripting (XSS)
Flattr Cross-Site Scripting (XSS)
FluentForm Cross-Site Scripting (XSS)
FluentForm Cross-Site Scripting (XSS)
Folders Cross-Site Scripting (XSS) via User First Name and Last Name
Follow Us Badges Cross-Site Scripting (XSS) via wpsite_follow_us_badges Shortcode
Form Maker by 10Web Cross-Site Scripting (XSS)
Forty Four – 404 Plugin for WordPress Cross-Site Scripting (XSS)
FV Flowplayer Video Player Cross-Site Scripting (XSS)
gee Search Plus Cross-Site Scripting (XSS)
Gianism Cross-Site Scripting (XSS)
GiveWP Cross-Site Scripting (XSS)
Gold Addons for Elementor Cross-Site Scripting (XSS)
Graphina Cross-Site Scripting (XSS) via Multiple Widgets
Gum Elementor Addon Cross-Site Scripting (XSS) via Price Table and Post Slider Widgets
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS)
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS) via Block Link
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS)
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS)
Gutenverse Cross-Site Scripting (XSS)
Happy Addons for Elementor Cross-Site Scripting (XSS) via Image Stack Group Widget
Happy Addons for Elementor Cross-Site Scripting (XSS) via _id Parameter
Happy Addons for Elementor Cross-Site Scripting (XSS) via Post Navigation Widget
Hash Elements Cross-Site Scripting (XSS)
Himalayas Theme Cross-Site Scripting (XSS)
HL Twitter Cross-Site Scripting (XSS) via Widget
HT Mega Cross-Site Scripting (XSS) via Tooltip & Popover Widget
HT Mega Cross-Site Scripting (XSS)
Html5 Audio Player Cross-Site Scripting (XSS) via Multiple Widgets
HUSKY Cross-Site Scripting (XSS) via Shortcode
iFrame Cross-Site Scripting (XSS)
Image Hover Effects – Elementor Addon DOM-based Cross-Site Scripting (XSS) via Image Hover Effects Widget
ImageMagick Sharpen Resized Images Cross-Site Scripting (XSS)
Import and export users and customers Cross-Site Scripting (XSS)
Jetpack Cross-Site Scripting (XSS) via wpvideo Shortcode
KKProgressbar2 Free Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Landing Page Builder Cross-Site Scripting (XSS)
LA-Studio Element Kit for Elementor Cross-Site Scripting (XSS) via LaStudioKit Post Author Widget
LA-Studio Element Kit for Elementor Cross-Site Scripting (XSS)
LayerSlider Cross-Site Scripting (XSS)
Leaflet Maps Marker Cross-Site Scripting (XSS) via Shortcode
LearnPress Cross-Site Scripting (XSS) via layout_html Parameter
LearnPress Cross-Site Scripting (XSS) via id Parameter
LetterPress Cross-Site Scripting (XSS)
Link Library Cross-Site Scripting (XSS) via link-library Shortcode
List categories Cross-Site Scripting (XSS) via Shortcode
Logo Slider Cross-Site Scripting (XSS)
LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor Cross-Site Scripting (XSS)
LuckyWP Table of Contents Cross-Site Scripting (XSS)
LuckyWP Table of Contents Cross-Site Scripting (XSS)
LuckyWP Table of Contents Cross-Site Scripting (XSS)
Magazine Blocks Cross-Site Scripting (XSS)
Magical Addons For Elementor Cross-Site Scripting (XSS)
Magical Addons For Elementor Cross-Site Scripting (XSS) via Text Effect Widget
Master Addons for Elementor Cross-Site Scripting (XSS)
Master Addons for Elementor Cross-Site Scripting (XSS)
Master Slider Cross-Site Scripting (XSS)
Media Library Assistant Cross-Site Scripting (XSS) via lang
Mega Elements Cross-Site Scripting (XSS) via Button Widget
Memberpress Cross-Site Scripting (XSS) via arglist Parameter
Menu Icons by ThemeIsle Cross-Site Scripting (XSS) via SVG Upload (BAC)
Meow Gallery Cross-Site Scripting (XSS)
Mesmerize Companion Cross-Site Scripting (XSS) via mesmerize_contact_form Shortcode
MF Gig Calendar Cross-Site Scripting (XSS)
Mhr Post Ticker Cross-Site Scripting (XSS)
Mihdan: Yandex Turbo Feed Cross-Site Scripting (XSS) via Shortcode
month name translation benaceur Cross-Site Scripting (XSS)
Move Addons for Elementor Cross-Site Scripting (XSS)
Move Addons for Elementor Cross-Site Scripting (XSS) via Multiple Widgets
ND Shortcodes For Visual Composer Cross-Site Scripting (XSS)
Newsletter Popup Cross-Site Scripting (XSS)
NextGEN Gallery Cross-Site Scripting (XSS)
NextScripts Unauthenticated Cross-Site Scripting (XSS) via User Agent
Opal Estate Pro Cross-Site Scripting (XSS)
Optimole Cross-Site Scripting (XSS) via SVG Upload (BAC)
OptinMonster Cross-Site Scripting (XSS)
Page Builder by SiteOrigin Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode Cross-Site Scripting (XSS)
Pearl Cross-Site Scripting (XSS) via Shortcode
Pet Manager Cross-Site Scripting (XSS)
Picture Gallery Cross-Site Scripting (XSS)
Piotnet Addons For Elementor Cross-Site Scripting (XSS) via Multiple Widgets
Playlist for Youtube Cross-Site Scripting (XSS)
Pods Cross-Site Scripting (XSS) via Pod Form Redirect URL
Pootle Pagebuilder – WordPress Page builder Cross-Site Scripting (XSS)
Popup4Phone Unauthenticated Cross-Site Scripting (XSS)
Popup4Phone Cross-Site Scripting (XSS)
PopupAlly Cross-Site Scripting (XSS)
Popup box Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Popup Builder Cross-Site Scripting (XSS)
Popup Maker WP Cross-Site Scripting (XSS)
Popup More Popups Cross-Site Scripting (XSS)
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Cross-Site Scripting (XSS)
Post Grid Cross-Site Scripting (XSS)
Post Grid Elementor Addon Cross-Site Scripting (XSS)
Post Grid Master Auth Cross-Site Scripting (XSS)
PostX – Gutenberg Blocks for Post Grid Cross-Site Scripting (XSS)
PowerPack Addons for Elementor DOM-Based Cross-Site Scripting (XSS)
Praison SEO WordPress Cross-Site Scripting (XSS)
Premium Addons for Elementor Cross-Site Scripting (XSS)
Premium Addons for Elementor Cross-Site Scripting (XSS)
Primary Addon for Elementor Cross-Site Scripting (XSS) via Pricing Table Widget
Prime Slider – Addons For Elementor Cross-Site Scripting (XSS)
ProfilePress Cross-Site Scripting (XSS) via ProfilePress User Panel Widget
PropertyHive Cross-Site Scripting (XSS)
Propovoice CRM Cross-Site Scripting (XSS)
Pure Chat Cross-Site Scripting (XSS)
QuickieBar Cross-Site Scripting (XSS)
raindrops Theme Cross-Site Scripting (XSS)
Rank Math SEO Cross-Site Scripting (XSS)
Rank Math SEO Cross-Site Scripting (XSS)
reCAPTCHA Jetpack Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Remote Content Shortcode Cross-Site Scripting (XSS)
Reviews and Rating – Google My Business Cross-Site Scripting (XSS)
Royal Elementor Addons Cross-Site Scripting (XSS) via Form Builder Widget
Sailthru Triggermail Cross-Site Scripting (XSS)
Sailthru Triggermail Cross-Site Scripting (XSS)
Save as PDF plugin by Pdfcrowd Cross-Site Scripting (XSS)
ShareThis Share Buttons Cross-Site Scripting (XSS)
Sheets To WP Table Live Sync Cross-Site Scripting (XSS)
ShopLentor Cross-Site Scripting (XSS) via _id
ShopLentor Cross-Site Scripting (XSS)
ShopLentor Cross-Site Scripting (XSS) via woolentorsearch Shortcode
Shortcodes Ultimate Cross-Site Scripting (XSS)
Shortcodes Ultimate Cross-Site Scripting (XSS) via su_members Shortcode
Simple Basic Contact Form Cross-Site Scripting (XSS)
Simple Image Popup Cross-Site Scripting (XSS) (XSS)
Simple Like Page Cross-Site Scripting (XSS) via Shortcode
Simple Membership Cross-Site Scripting (XSS) via Shortcode
Simple Popup Manager Cross-Site Scripting (XSS)
Simply Schedule Appointments Cross-Site Scripting (XSS)
SiteOrigin Widgets Bundle Cross-Site Scripting (XSS) via 'siteorigin_widget' Shortcode
SKT Addons for Elementor Cross-Site Scripting (XSS)
SKT Addons for Elementor Cross-Site Scripting (XSS)
SliceWP Cross-Site Scripting (XSS)
Slider Revolution Cross-Site Scripting (XSS)
Slider Revolution Cross-Site Scripting (XSS) via htmltag Parameter
Social Icons Widget & Block by WPZOOM Cross-Site Scripting (XSS)
Spectra Cross-Site Scripting (XSS)
Spectra Cross-Site Scripting (XSS)
Starter Templates Cross-Site Scripting (XSS)
Sticky banner Cross-Site Scripting (XSS)
Sticky Social Link Cross-Site Scripting (XSS)
Stockholm Core Cross-Site Scripting (XSS)
Supreme Modules Lite DOM-Based Cross-Site Scripting (XSS)
Survey Maker Cross-Site Scripting (XSS) via Plugin Settings
Swift Framework Cross-Site Scripting (XSS) via Shortcodes
Swift Framework Page Builder Cross-Site Scripting (XSS) via Shortcode
Sydney Toolbox Cross-Site Scripting (XSS)
Sydney Toolbox Cross-Site Scripting (XSS) via aThemes: Portfolio Widget
Tabellen von faustball.com Cross-Site Scripting (XSS)
Table Maker Cross-Site Scripting (XSS)
Tainacan Cross-Site Scripting (XSS)
Tainacan Cross-Site Scripting (XSS)
Testimonial Carousel For Elementor Cross-Site Scripting (XSS)
Testimonial Slider Cross-Site Scripting (XSS)
The Events Calendar Cross-Site Scripting (XSS)
Themify Shortcodes Cross-Site Scripting (XSS) via themify_button Shortcode
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS)
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS)
The Plus Addons for Elementor Pro Cross-Site Scripting (XSS) via Heading Title Widget
Thim Elementor Kit Cross-Site Scripting (XSS)
Thim Elementor Kit Cross-Site Scripting (XSS) via id Parameter
Toolbar Extras for Elementor & More Cross-Site Scripting (XSS)
TT Custom Post Type Creator Cross-Site Scripting (XSS)
Uber Menu Cross-Site Scripting (XSS) via Multiple Shortcodes
Ultimate Blocks – Gutenberg Blocks Plugin Cross-Site Scripting (XSS)
UnGallery Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Cross-Site Scripting (XSS)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Cross-Site Scripting (XSS) via Text Field
Videojs HTML5 Player Cross-Site Scripting (XSS)
Viet Affiliate Link Cross-Site Scripting (XSS)
Viet Nam Affiliate Cross-Site Scripting (XSS)
Visual Footer Credit Remover Cross-Site Scripting (XSS)
Visual Portfolio, Photo Gallery & Post Grid Cross-Site Scripting (XSS) via title_tag Parameter
Webpushr Cross-Site Scripting (XSS)
WidgetKit Cross-Site Scripting (XSS)
WOLF Cross-Site Scripting (XSS)
WP Backpack Cross-Site Scripting (XSS)
WPB Elementor Addons Cross-Site Scripting (XSS)
WPCafe Cross-Site Scripting (XSS) via Reservation Form Shortcode
WPCS ( WordPress Custom Search ) Cross-Site Scripting (XSS)
wpDataTables Unauthenticated Cross-Site Scripting (XSS) via CSV Import
WP DSGVO Tools (GDPR) Cross-Site Scripting (XSS) via Shortcode
WP etracker Cross-Site Scripting (XSS)
WP Font Awesome Share Icons Cross-Site Scripting (XSS) via Shortcode
WP Front User Submit / Front Editor Cross-Site Scripting (XSS)
WP Google Maps Cross-Site Scripting (XSS)
WPKoi Templates for Elementor Cross-Site Scripting (XSS) via Multiple Parameters
WP Next Post Navi Cross-Site Scripting (XSS)
WPO365 Cross-Site Scripting (XSS)
WP Recipe Maker Cross-Site Scripting (XSS) via wprm-recipe-roundup-item Shortcode
WP SMS Cross-Site Scripting (XSS)
WP Stacker Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
WP Table Builder – WordPress Table Plugin Cross-Site Scripting (XSS)
WP To Do Cross-Site Scripting (XSS) via Settings
WP Ultimate Post Grid Cross-Site Scripting (XSS)
WP Video Lightbox Cross-Site Scripting (XSS) via width Parameter
WPZOOM Addons for Elementor (Templates, Widgets) Cross-Site Scripting (XSS) via Image Box Widget
Xpro Elementor Addons Cross-Site Scripting (XSS)
Xpro Elementor Addons Cross-Site Scripting (XSS) via Multiple Widgets
YITH WooCommerce Ajax Search Unauthenticated Cross-Site Scripting (XSS)
Yoast SEO Cross-Site Scripting (XSS)
Yoast SEO Cross-Site Scripting (XSS)
Zotpress Cross-Site Scripting (XSS)
WordPress Cross-Site Scripting (XSS) reported in 2023: 2928
WordPress Cross-Site Scripting (XSS) reported in 2024: 1342
Contact your online project manager:

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.