WP XSS SEP 2024

WP XSS SEP 2024: 251 Effortless WP Cross-Site Scripting

Sponsored by:

Discover privately managed analytics: Self-Hosted GA alternatives, that protect your data and your customers' privacy, without leaking logs.

Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS SEP 2024 is a -11% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.

WP XSS SEP 2024

As these Cross-Site Scripting cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP XSS SEP 2024 & WP Cross-Site Scripting category:

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Cross-Site Scripting (XSS)
Admission AppManager Cross-Site Scripting (XSS)
Ajax Search Lite Cross-Site Scripting (XSS)
All Bootstrap Blocks Cross-Site Scripting (XSS)
Allegiant Theme Cross-Site Scripting (XSS)
ARMember Cross-Site Scripting (XSS) via SVG File Upload (BAC)
azurecurve Toggle Show/Hide Cross-Site Scripting (XSS)
Beaver Builder Cross-Site Scripting (XSS)
Beaver Builder Cross-Site Scripting (XSS) via type Parameter
Betheme Theme Cross-Site Scripting (XSS) via Shortcode
BetterDocs Cross-Site Scripting (XSS)
Black Widgets For Elementor Cross-Site Scripting (XSS)
Blockspare Cross-Site Scripting (XSS)
Blog2Social Cross-Site Scripting (XSS) via File Upload (BAC)
Bold Timeline Lite Cross-Site Scripting (XSS)
Booking Calendar Cross-Site Scripting (XSS)
BP Profile Search Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Bravada Theme Cross-Site Scripting (XSS)
Breakdance Cross-Site Scripting (XSS)
Brickscore Cross-Site Scripting (XSS)
BSK Forms Blacklist Cross-Site Scripting (XSS)
Busiprof Theme Cross-Site Scripting (XSS)
Bus Ticket Booking with Seat Reservation Cross-Site Scripting (XSS)
Button contact VR Cross-Site Scripting (XSS)
Card Elements for Elementor Cross-Site Scripting (XSS)
Category Posts Widget Cross-Site Scripting (XSS)
Child Theme Creator Cross-Site Scripting (XSS)
Christmasify! Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Classic Addons – WPBakery Page Builder Cross-Site Scripting (XSS)
Clever Addons for Elementor Cross-Site Scripting (XSS)
CM Tooltip Glossary Cross-Site Scripting (XSS)
CoBlocks Cross-Site Scripting (XSS)
Collapsing Archives Cross-Site Scripting (XSS)
collectchat Cross-Site Scripting (XSS)
ComboBlocks Cross-Site Scripting (XSS) via redirectURL Parameter of Date Countdown Widget
ComboBlocks Cross-Site Scripting (XSS)
ComboBlocks Cross-Site Scripting (XSS) via Accordion Block
Community Events Cross-Site Scripting (XSS)
Cooked Persistent Cross-Site Scripting (XSS) via Shortcode
Cookie Notice & Compliance for GDPR / CCPA Cross-Site Scripting (XSS)
Cryptocurrency Widgets – Price Ticker & Coins List Cross-Site Scripting (XSS)
Custom 404 Pro Cross-Site Scripting (XSS)
Custom Field Template Cross-Site Scripting (XSS)
Custom Layouts – Post + Product grids made easy Cross-Site Scripting (XSS)
Custom Permalinks Cross-Site Scripting (XSS)
Custom Query Blocks Cross-Site Scripting (XSS)
DearFlip Cross-Site Scripting (XSS)
Delicious Recipes – WordPress Recipe Plugin Cross-Site Scripting (XSS)
Depicter Slider Cross-Site Scripting (XSS)
Ditty Cross-Site Scripting (XSS)
DL Robots.txt Cross-Site Scripting (XSS)
DSGVO All in one for WP Cross-Site Scripting (XSS)
e2pdf Cross-Site Scripting (XSS)
Easy Digital Downloads Cross-Site Scripting (XSS) via Agreement Text
EasyJobs Cross-Site Scripting (XSS)
Easy Table of Contents Cross-Site Scripting (XSS)
Element Pack Elementor Addons Cross-Site Scripting (XSS)
Element Pack Elementor Addons Cross-Site Scripting (XSS) via Custom Gallery and Countdown Widgets
Element Pack Elementor Addons Cross-Site Scripting (XSS) via title_tag
Element Pack Pro Cross-Site Scripting (XSS) via Wrapper Link URL
ElementsKit Pro Cross-Site Scripting (XSS)
EmbedPress Cross-Site Scripting (XSS)
Enfold Theme Cross-Site Scripting (XSS) via wrapper_class and class Parameters
Enter Addons Cross-Site Scripting (XSS)
Envo's Elementor Templates & Widgets for WooCommerce Cross-Site Scripting (XSS)
Esotera Theme Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS)
Essential Addons for Elementor Cross-Site Scripting (XSS) via no_more_items_text Parameter
Essential Blocks for Gutenberg Cross-Site Scripting (XSS)
EU/UK VAT Manager for WooCommerce Cross-Site Scripting (XSS)
Eventin Cross-Site Scripting (XSS)
Event Tickets with Ticket Scanner Cross-Site Scripting (XSS)
Extensions for Elementor Cross-Site Scripting (XSS)
Filmix Theme Cross-Site Scripting (XSS)
Filr – Secure document library Cross-Site Scripting (XSS)
Filter & Grids Cross-Site Scripting (XSS)
Fluida Theme Cross-Site Scripting (XSS)
Folders Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Fonts Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability
FooBox Image Lightbox DOM-Based Cross-Site Scripting (XSS) via HTML Data Attributes
Football Pool Cross-Site Scripting (XSS)
Football Pool Cross-Site Scripting (XSS)
FormFacade Cross-Site Scripting (XSS)
Form Maker by 10Web Cross-Site Scripting (XSS)
Front End Users Cross-Site Scripting (XSS) via Shortcode
Funnel Kit Funnel Builder PRO Cross-Site Scripting (XSS) via allow_iframe_tag_in_post
Fuse Social Floating Sidebar Cross-Site Scripting (XSS) via File Upload (BAC)
GHActivity Cross-Site Scripting (XSS)
GivingPress Lite Theme Cross-Site Scripting (XSS)
Gixaw Chat Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Graphina Cross-Site Scripting (XSS)
Gutenberg Blocks by Kadence Blocks Cross-Site Scripting (XSS) via "Days Label"
Gutentor Cross-Site Scripting (XSS) via pTitleTag
Gutentor Cross-Site Scripting (XSS)
Gutenverse Cross-Site Scripting (XSS)
Happyforms Cross-Site Scripting (XSS)
Hotel Galaxy Theme Cross-Site Scripting (XSS)
House Manager Cross-Site Scripting (XSS)
Houzez Theme Cross-Site Scripting (XSS)
HubSpot Cross-Site Scripting (XSS) via HubSpot Meeting Widget
Icegram Cross-Site Scripting (XSS)
IntoTheDark Theme Cross-Site Scripting (XSS)
Invite Anyone Cross-Site Scripting (XSS)
Jeg Elementor Kit Cross-Site Scripting (XSS) via SVG File
JetBlocks For Elementor Cross-Site Scripting (XSS)
JetElements For Elementor Cross-Site Scripting (XSS)
JetSearch Cross-Site Scripting (XSS)
Kahuna Theme Cross-Site Scripting (XSS)
Kodex Posts likes Cross-Site Scripting (XSS)
Kubio AI Page Builder Cross-Site Scripting (XSS)
LA-Studio Element Kit for Elementor Cross-Site Scripting (XSS)
LatePoint Cross-Site Scripting (XSS)
LH Add Media From Url Cross-Site Scripting (XSS)
Like Button Rating Cross-Site Scripting (XSS)
Liquido Theme Cross-Site Scripting (XSS)
LiquidPoll – Advanced Polls for Creators and Brands Unauthenticated Cross-Site Scripting (XSS)
Livemesh Addons for WPBakery Page Builder Cross-Site Scripting (XSS)
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Magic Post Thumbnail Cross-Site Scripting (XSS)
Magic Post Thumbnail Cross-Site Scripting (XSS)
Mantra Theme Cross-Site Scripting (XSS)
MDx Theme Cross-Site Scripting (XSS) via mdx_list_item Shortcode
Mediavine Control Panel Cross-Site Scripting (XSS)
Mega Addons For Elementor Cross-Site Scripting (XSS)
Memberpress Cross-Site Scripting (XSS) via mepr_screenname and mepr_key Parameters
Message Filter for Contact Form 7 Cross-Site Scripting (XSS)
Meta Field Block Cross-Site Scripting (XSS)
Misiek Paypal Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Misiek Photo Album Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Modal Window Cross-Site Scripting (XSS)
Music Request Manager Cross-Site Scripting (XSS)
Music Request Manager Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Music Request Manager Unauthenticated Cross-Site Scripting (XSS)
MyBookTable Bookstore Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
myCred Cross-Site Scripting (XSS)
My Sticky Bar Cross-Site Scripting (XSS)
Mystique Theme Cross-Site Scripting (XSS)
Name Directory Cross-Site Scripting (XSS)
Newsletters Cross-Site Scripting (XSS)
Ninja Forms Cross-Site Scripting (XSS)
Ninja Tables Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Nirvana Theme Cross-Site Scripting (XSS)
Opal Membership Unauthenticated Cross-Site Scripting (XSS)
Opor Ayam Theme Cross-Site Scripting (XSS)
Orbit Fox by ThemeIsle Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Organization chart Cross-Site Scripting (XSS) via title_input and node_description Parameters
OTA Sync Booking Engine Widget Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
PageLayer Cross-Site Scripting (XSS)
Parabola Theme Cross-Site Scripting (XSS)
ParcelPanel Cross-Site Scripting (XSS)
Phlox Portfolio Cross-Site Scripting (XSS)
Phlox PRO Theme Cross-Site Scripting (XSS) via Search Parameters
Photo Engine Cross-Site Scripting (XSS)
Pinpoint Booking System Cross-Site Scripting (XSS)
Piotnet Addons For Elementor Cross-Site Scripting (XSS) via Multiple Widgets
Podlove Podcast Publisher Cross-Site Scripting (XSS)
Popup Maker Cross-Site Scripting (XSS)
Posterity Theme Cross-Site Scripting (XSS)
Post Grid Master Cross-Site Scripting (XSS)
PowerPack for Beaver Builder Cross-Site Scripting (XSS)
Products, Order & Customers Export for WooCommerce Cross-Site Scripting (XSS)
Purity Of Soul Theme Cross-Site Scripting (XSS)
Quiz And Survey Master Cross-Site Scripting (XSS)
Quiz And Survey Master Cross-Site Scripting (XSS)
RegistrationMagic Cross-Site Scripting (XSS)
RegistrationMagic Cross-Site Scripting (XSS)
Responsive Blocks Cross-Site Scripting (XSS)
Responsive Lightbox Cross-Site Scripting (XSS) via File Upload (BAC)
Responsive Video Cross-Site Scripting (XSS)
Review Ratings Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Royal Elementor Addons Cross-Site Scripting (XSS)
RT Easy Builder – Advanced addons for Elementor Cross-Site Scripting (XSS)
Search Filter Pro Cross-Site Scripting (XSS)
Selection Lite Cross-Site Scripting (XSS)
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce Cross-Site Scripting (XSS)
Sheet to Table Live Sync for Google Sheet Cross-Site Scripting (XSS) via STWT_Sheet_Table Shortcode
Shield Security Cross-Site Scripting (XSS)
Shortcodes Ultimate Pro Cross-Site Scripting (XSS)
Simple Headline Rotator Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Simple Share Cross-Site Scripting (XSS)
SKT Blocks – Gutenberg based Page Builder Cross-Site Scripting (XSS)
Slider by Soliloquy Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Sliding Door Theme Cross-Site Scripting (XSS)
SmartSearch WP Unauthenticated Cross-Site Scripting (XSS)
Snapshot Backup Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Special Feed Items Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Spectra Cross-Site Scripting (XSS)
Spectra Pro Cross-Site Scripting (XSS) via Block IDs
StreamCast Cross-Site Scripting (XSS)
String locator Cross-Site Scripting (XSS)
Stripe Payments Cross-Site Scripting (XSS) via accept_stripe_payment_ng Shortcode
Structured Content Cross-Site Scripting (XSS)
Sunshine Photo Cart Cross-Site Scripting (XSS)
Super Store Finder Cross-Site Scripting (XSS)
SureCart Cross-Site Scripting (XSS)
Swift Framework Page Builder Cross-Site Scripting (XSS)
Taxi Booking Manager for WooCommerce Cross-Site Scripting (XSS)
Team Showcase Cross-Site Scripting (XSS)
Tempera Theme Cross-Site Scripting (XSS)
Term And Category Based Posts Widget Cross-Site Scripting (XSS)
Testimonials Cross-Site Scripting (XSS)
Themify Shortcodes Cross-Site Scripting (XSS)
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS) via Video Widget
The Plus Addons for Elementor Page Builder Lite Cross-Site Scripting (XSS)
Tin Canny Reporting for LearnDash Cross-Site Scripting (XSS)
Traffic Manager Unauthenticated Cross-Site Scripting (XSS)
Tutor LMS Cross-Site Scripting (XSS)
Ultimate Addons for Beaver Builder – Lite Cross-Site Scripting (XSS)
Ultimate Classified Listings Cross-Site Scripting (XSS)
Ultimate Membership Pro Cross-Site Scripting (XSS)
Ultimate Store Kit Elementor Addons Cross-Site Scripting (XSS)
Vikinghammer Tweet Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
Viral Signup Cross-Site Scripting (XSS)
Visual Composer Starter Theme Cross-Site Scripting (XSS)
Void Contact Form 7 Widget For Elementor Page Builder Cross-Site Scripting (XSS)
WappPress Cross-Site Scripting (XSS)
WC Marketplace Cross-Site Scripting (XSS)
Web and WooCommerce Addons for WPBakery Builder Cross-Site Scripting (XSS)
weMail Cross-Site Scripting (XSS)
White Label CMS Cross-Site Scripting (XSS)
WHMpress Cross-Site Scripting (XSS)
WooCommerce Cross-Site Scripting (XSS)
WooCommerce Customers Manager Cross-Site Scripting (XSS)
WooCommerce PDF Vouchers Cross-Site Scripting (XSS)
WordPress File Upload Cross-Site Scripting (XSS)
WordPress File Upload Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC)
WordPress File Upload Unauthenticated Cross-Site Scripting (XSS)
WordSurvey Cross-Site Scripting (XSS) via sounding_title Parameter
WP Armour Extended Cross-Site Scripting (XSS)
WPBakery Page Builder Cross-Site Scripting (XSS)
WP Bannerize Pro Cross-Site Scripting (XSS)
WP Dashboard Notes Cross-Site Scripting (XSS)
WP eMember Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF)
WP eStore Cross-Site Scripting (XSS) in Customer Search
WP Fast Total Search Cross-Site Scripting (XSS)
WP Last Modified Info Cross-Site Scripting (XSS) via lmt-post-modified-info Shortcode
WP-Lister Lite for eBay Cross-Site Scripting (XSS)
WPMobile.App Cross-Site Scripting (XSS)
WP MultiTasking Cross-Site Scripting (XSS) via Shortcode
WP-PostRatings Cross-Site Scripting (XSS)
WP Table Builder – WordPress Table Plugin Cross-Site Scripting (XSS)
WP Table Builder – WordPress Table Plugin Cross-Site Scripting (XSS)
WP Telegram Widget and Join Link Cross-Site Scripting (XSS)
WP Testimonial Widget Cross-Site Scripting (XSS)
WP Travel Gutenberg Blocks Cross-Site Scripting (XSS)
Xpro Elementor Addons Cross-Site Scripting (XSS)
Xpro Elementor Addons Cross-Site Scripting (XSS) via Post Grid Widget
YaMaps for WordPress Cross-Site Scripting (XSS)
YellowPencil Visual CSS Style Editor Cross-Site Scripting (XSS)
Zephyr Project Manager Cross-Site Scripting (XSS) via filename Parameter
Zephyr Project Manager Cross-Site Scripting (XSS)
WordPress Cross-Site Scripting (XSS) reported in 2023: 2928
WordPress Cross-Site Scripting (XSS) reported in 2024: 2180
Contact immediately:

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.

Table Of Contents

A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.