🔬 Conversion Rate Optimisation for your 🌐 WordPress & 🛒 WooCommerce: skyrocket sales with modern proven methods! The purpose of recurrent CRO services is to constantly improve the likelihood of visitors taking your desired action on your domain.
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS SEP 2024 is a -11% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS SEP 2024 & WP Cross-Site Scripting category:
| 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Cross-Site Scripting (XSS) |
| Admission AppManager | Cross-Site Scripting (XSS) |
| Ajax Search Lite | Cross-Site Scripting (XSS) |
| All Bootstrap Blocks | Cross-Site Scripting (XSS) |
| Allegiant Theme | Cross-Site Scripting (XSS) |
| ARMember | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| azurecurve Toggle Show/Hide | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) |
| Beaver Builder | Cross-Site Scripting (XSS) via type Parameter |
| Betheme Theme | Cross-Site Scripting (XSS) via Shortcode |
| BetterDocs | Cross-Site Scripting (XSS) |
| Black Widgets For Elementor | Cross-Site Scripting (XSS) |
| Blockspare | Cross-Site Scripting (XSS) |
| Blog2Social | Cross-Site Scripting (XSS) via File Upload (BAC) |
| Bold Timeline Lite | Cross-Site Scripting (XSS) |
| Booking Calendar | Cross-Site Scripting (XSS) |
| BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Bravada Theme | Cross-Site Scripting (XSS) |
| Breakdance | Cross-Site Scripting (XSS) |
| Brickscore | Cross-Site Scripting (XSS) |
| BSK Forms Blacklist | Cross-Site Scripting (XSS) |
| Busiprof Theme | Cross-Site Scripting (XSS) |
| Bus Ticket Booking with Seat Reservation | Cross-Site Scripting (XSS) |
| Button contact VR | Cross-Site Scripting (XSS) |
| Card Elements for Elementor | Cross-Site Scripting (XSS) |
| Category Posts Widget | Cross-Site Scripting (XSS) |
| Child Theme Creator | Cross-Site Scripting (XSS) |
| Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Classic Addons – WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Clever Addons for Elementor | Cross-Site Scripting (XSS) |
| CM Tooltip Glossary | Cross-Site Scripting (XSS) |
| CoBlocks | Cross-Site Scripting (XSS) |
| Collapsing Archives | Cross-Site Scripting (XSS) |
| collectchat | Cross-Site Scripting (XSS) |
| ComboBlocks | Cross-Site Scripting (XSS) via redirectURL Parameter of Date Countdown Widget |
| ComboBlocks | Cross-Site Scripting (XSS) |
| ComboBlocks | Cross-Site Scripting (XSS) via Accordion Block |
| Community Events | Cross-Site Scripting (XSS) |
| Cooked | Persistent Cross-Site Scripting (XSS) via Shortcode |
| Cookie Notice & Compliance for GDPR / CCPA | Cross-Site Scripting (XSS) |
| Cryptocurrency Widgets – Price Ticker & Coins List | Cross-Site Scripting (XSS) |
| Custom 404 Pro | Cross-Site Scripting (XSS) |
| Custom Field Template | Cross-Site Scripting (XSS) |
| Custom Layouts – Post + Product grids made easy | Cross-Site Scripting (XSS) |
| Custom Permalinks | Cross-Site Scripting (XSS) |
| Custom Query Blocks | Cross-Site Scripting (XSS) |
| DearFlip | Cross-Site Scripting (XSS) |
| Delicious Recipes – WordPress Recipe Plugin | Cross-Site Scripting (XSS) |
| Depicter Slider | Cross-Site Scripting (XSS) |
| Ditty | Cross-Site Scripting (XSS) |
| DL Robots.txt | Cross-Site Scripting (XSS) |
| DSGVO All in one for WP | Cross-Site Scripting (XSS) |
| e2pdf | Cross-Site Scripting (XSS) |
| Easy Digital Downloads | Cross-Site Scripting (XSS) via Agreement Text |
| EasyJobs | Cross-Site Scripting (XSS) |
| Easy Table of Contents | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) via Custom Gallery and Countdown Widgets |
| Element Pack Elementor Addons | Cross-Site Scripting (XSS) via title_tag |
| Element Pack Pro | Cross-Site Scripting (XSS) via Wrapper Link URL |
| ElementsKit Pro | Cross-Site Scripting (XSS) |
| EmbedPress | Cross-Site Scripting (XSS) |
| Enfold Theme | Cross-Site Scripting (XSS) via wrapper_class and class Parameters |
| Enter Addons | Cross-Site Scripting (XSS) |
| Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
| Esotera Theme | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) via no_more_items_text Parameter |
| Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
| EU/UK VAT Manager for WooCommerce | Cross-Site Scripting (XSS) |
| Eventin | Cross-Site Scripting (XSS) |
| Event Tickets with Ticket Scanner | Cross-Site Scripting (XSS) |
| Extensions for Elementor | Cross-Site Scripting (XSS) |
| Filmix Theme | Cross-Site Scripting (XSS) |
| Filr – Secure document library | Cross-Site Scripting (XSS) |
| Filter & Grids | Cross-Site Scripting (XSS) |
| Fluida Theme | Cross-Site Scripting (XSS) |
| Folders | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
| FooBox Image Lightbox | DOM-Based Cross-Site Scripting (XSS) via HTML Data Attributes |
| Football Pool | Cross-Site Scripting (XSS) |
| Football Pool | Cross-Site Scripting (XSS) |
| FormFacade | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Front End Users | Cross-Site Scripting (XSS) via Shortcode |
| Funnel Kit Funnel Builder PRO | Cross-Site Scripting (XSS) via allow_iframe_tag_in_post |
| Fuse Social Floating Sidebar | Cross-Site Scripting (XSS) via File Upload (BAC) |
| GHActivity | Cross-Site Scripting (XSS) |
| GivingPress Lite Theme | Cross-Site Scripting (XSS) |
| Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Graphina | Cross-Site Scripting (XSS) |
| Gutenberg Blocks by Kadence Blocks | Cross-Site Scripting (XSS) via "Days Label" |
| Gutentor | Cross-Site Scripting (XSS) via pTitleTag |
| Gutentor | Cross-Site Scripting (XSS) |
| Gutenverse | Cross-Site Scripting (XSS) |
| Happyforms | Cross-Site Scripting (XSS) |
| Hotel Galaxy Theme | Cross-Site Scripting (XSS) |
| House Manager | Cross-Site Scripting (XSS) |
| Houzez Theme | Cross-Site Scripting (XSS) |
| HubSpot | Cross-Site Scripting (XSS) via HubSpot Meeting Widget |
| Icegram | Cross-Site Scripting (XSS) |
| IntoTheDark Theme | Cross-Site Scripting (XSS) |
| Invite Anyone | Cross-Site Scripting (XSS) |
| Jeg Elementor Kit | Cross-Site Scripting (XSS) via SVG File |
| JetBlocks For Elementor | Cross-Site Scripting (XSS) |
| JetElements For Elementor | Cross-Site Scripting (XSS) |
| JetSearch | Cross-Site Scripting (XSS) |
| Kahuna Theme | Cross-Site Scripting (XSS) |
| Kodex Posts likes | Cross-Site Scripting (XSS) |
| Kubio AI Page Builder | Cross-Site Scripting (XSS) |
| LA-Studio Element Kit for Elementor | Cross-Site Scripting (XSS) |
| LatePoint | Cross-Site Scripting (XSS) |
| LH Add Media From Url | Cross-Site Scripting (XSS) |
| Like Button Rating | Cross-Site Scripting (XSS) |
| Liquido Theme | Cross-Site Scripting (XSS) |
| LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
| Livemesh Addons for WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Magic Post Thumbnail | Cross-Site Scripting (XSS) |
| Magic Post Thumbnail | Cross-Site Scripting (XSS) |
| Mantra Theme | Cross-Site Scripting (XSS) |
| MDx Theme | Cross-Site Scripting (XSS) via mdx_list_item Shortcode |
| Mediavine Control Panel | Cross-Site Scripting (XSS) |
| Mega Addons For Elementor | Cross-Site Scripting (XSS) |
| Memberpress | Cross-Site Scripting (XSS) via mepr_screenname and mepr_key Parameters |
| Message Filter for Contact Form 7 | Cross-Site Scripting (XSS) |
| Meta Field Block | Cross-Site Scripting (XSS) |
| Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Modal Window | Cross-Site Scripting (XSS) |
| Music Request Manager | Cross-Site Scripting (XSS) |
| Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
| MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| myCred | Cross-Site Scripting (XSS) |
| My Sticky Bar | Cross-Site Scripting (XSS) |
| Mystique Theme | Cross-Site Scripting (XSS) |
| Name Directory | Cross-Site Scripting (XSS) |
| Newsletters | Cross-Site Scripting (XSS) |
| Ninja Forms | Cross-Site Scripting (XSS) |
| Ninja Tables | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Nirvana Theme | Cross-Site Scripting (XSS) |
| Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
| Opor Ayam Theme | Cross-Site Scripting (XSS) |
| Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| Organization chart | Cross-Site Scripting (XSS) via title_input and node_description Parameters |
| OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| PageLayer | Cross-Site Scripting (XSS) |
| Parabola Theme | Cross-Site Scripting (XSS) |
| ParcelPanel | Cross-Site Scripting (XSS) |
| Phlox Portfolio | Cross-Site Scripting (XSS) |
| Phlox PRO Theme | Cross-Site Scripting (XSS) via Search Parameters |
| Photo Engine | Cross-Site Scripting (XSS) |
| Pinpoint Booking System | Cross-Site Scripting (XSS) |
| Piotnet Addons For Elementor | Cross-Site Scripting (XSS) via Multiple Widgets |
| Podlove Podcast Publisher | Cross-Site Scripting (XSS) |
| Popup Maker | Cross-Site Scripting (XSS) |
| Posterity Theme | Cross-Site Scripting (XSS) |
| Post Grid Master | Cross-Site Scripting (XSS) |
| PowerPack for Beaver Builder | Cross-Site Scripting (XSS) |
| Products, Order & Customers Export for WooCommerce | Cross-Site Scripting (XSS) |
| Purity Of Soul Theme | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| RegistrationMagic | Cross-Site Scripting (XSS) |
| RegistrationMagic | Cross-Site Scripting (XSS) |
| Responsive Blocks | Cross-Site Scripting (XSS) |
| Responsive Lightbox | Cross-Site Scripting (XSS) via File Upload (BAC) |
| Responsive Video | Cross-Site Scripting (XSS) |
| Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Royal Elementor Addons | Cross-Site Scripting (XSS) |
| RT Easy Builder – Advanced addons for Elementor | Cross-Site Scripting (XSS) |
| Search Filter Pro | Cross-Site Scripting (XSS) |
| Selection Lite | Cross-Site Scripting (XSS) |
| Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Scripting (XSS) |
| Sheet to Table Live Sync for Google Sheet | Cross-Site Scripting (XSS) via STWT_Sheet_Table Shortcode |
| Shield Security | Cross-Site Scripting (XSS) |
| Shortcodes Ultimate Pro | Cross-Site Scripting (XSS) |
| Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Simple Share | Cross-Site Scripting (XSS) |
| SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
| Slider by Soliloquy | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Sliding Door Theme | Cross-Site Scripting (XSS) |
| SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
| Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Spectra | Cross-Site Scripting (XSS) |
| Spectra Pro | Cross-Site Scripting (XSS) via Block IDs |
| StreamCast | Cross-Site Scripting (XSS) |
| String locator | Cross-Site Scripting (XSS) |
| Stripe Payments | Cross-Site Scripting (XSS) via accept_stripe_payment_ng Shortcode |
| Structured Content | Cross-Site Scripting (XSS) |
| Sunshine Photo Cart | Cross-Site Scripting (XSS) |
| Super Store Finder | Cross-Site Scripting (XSS) |
| SureCart | Cross-Site Scripting (XSS) |
| Swift Framework Page Builder | Cross-Site Scripting (XSS) |
| Taxi Booking Manager for WooCommerce | Cross-Site Scripting (XSS) |
| Team Showcase | Cross-Site Scripting (XSS) |
| Tempera Theme | Cross-Site Scripting (XSS) |
| Term And Category Based Posts Widget | Cross-Site Scripting (XSS) |
| Testimonials | Cross-Site Scripting (XSS) |
| Themify Shortcodes | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) via Video Widget |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| Tin Canny Reporting for LearnDash | Cross-Site Scripting (XSS) |
| Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
| Tutor LMS | Cross-Site Scripting (XSS) |
| Ultimate Addons for Beaver Builder – Lite | Cross-Site Scripting (XSS) |
| Ultimate Classified Listings | Cross-Site Scripting (XSS) |
| Ultimate Membership Pro | Cross-Site Scripting (XSS) |
| Ultimate Store Kit Elementor Addons | Cross-Site Scripting (XSS) |
| Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Viral Signup | Cross-Site Scripting (XSS) |
| Visual Composer Starter Theme | Cross-Site Scripting (XSS) |
| Void Contact Form 7 Widget For Elementor Page Builder | Cross-Site Scripting (XSS) |
| WappPress | Cross-Site Scripting (XSS) |
| WC Marketplace | Cross-Site Scripting (XSS) |
| Web and WooCommerce Addons for WPBakery Builder | Cross-Site Scripting (XSS) |
| weMail | Cross-Site Scripting (XSS) |
| White Label CMS | Cross-Site Scripting (XSS) |
| WHMpress | Cross-Site Scripting (XSS) |
| WooCommerce | Cross-Site Scripting (XSS) |
| WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
| WooCommerce PDF Vouchers | Cross-Site Scripting (XSS) |
| WordPress File Upload | Cross-Site Scripting (XSS) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
| WordSurvey | Cross-Site Scripting (XSS) via sounding_title Parameter |
| WP Armour Extended | Cross-Site Scripting (XSS) |
| WPBakery Page Builder | Cross-Site Scripting (XSS) |
| WP Bannerize Pro | Cross-Site Scripting (XSS) |
| WP Dashboard Notes | Cross-Site Scripting (XSS) |
| WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| WP eStore | Cross-Site Scripting (XSS) in Customer Search |
| WP Fast Total Search | Cross-Site Scripting (XSS) |
| WP Last Modified Info | Cross-Site Scripting (XSS) via lmt-post-modified-info Shortcode |
| WP-Lister Lite for eBay | Cross-Site Scripting (XSS) |
| WPMobile.App | Cross-Site Scripting (XSS) |
| WP MultiTasking | Cross-Site Scripting (XSS) via Shortcode |
| WP-PostRatings | Cross-Site Scripting (XSS) |
| WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
| WP Table Builder – WordPress Table Plugin | Cross-Site Scripting (XSS) |
| WP Telegram Widget and Join Link | Cross-Site Scripting (XSS) |
| WP Testimonial Widget | Cross-Site Scripting (XSS) |
| WP Travel Gutenberg Blocks | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) |
| Xpro Elementor Addons | Cross-Site Scripting (XSS) via Post Grid Widget |
| YaMaps for WordPress | Cross-Site Scripting (XSS) |
| YellowPencil Visual CSS Style Editor | Cross-Site Scripting (XSS) |
| Zephyr Project Manager | Cross-Site Scripting (XSS) via filename Parameter |
| Zephyr Project Manager | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 2180 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.