Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)


🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 234 vulnerabilities disclosed in 206 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-757 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-758 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 133
Unpatched 101

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 165
High Severity 35
Critical Severity 34

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 116
Missing Authorization 37
Unrestricted Upload of File with Dangerous Type 18
Authentication Bypass Using an Alternate Path or Channel 13
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 9
Cross-Site Request Forgery (CSRF) 8
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 7
Exposure of Sensitive Information to an Unauthorized Actor 6
Improper Control of Generation of Code (‘Code Injection’) 5
Deserialization of Untrusted Data 3
Improper Authentication 2
Improper Authorization 2
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2
URL Redirection to Untrusted Site (‘Open Redirect’) 2
Authorization Bypass Through User-Controlled Key 1
Improper Restriction of XML External Entity Reference 1
Incorrect Privilege Assignment 1
Weak Password Recovery Mechanism for Forgotten Password 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
25
23
22
22
13
10
8
8
7
7
5
5

UKO

5
5
5
4
4
4
3
3
3
3
2
2
2
2

Gab

2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
1-Click Login: Passwordless Authentication swoop-password-free-authentication
10Web Social Post Feed wd-facebook-feed
3D Work In Progress renee-work-in-progress
Accept Stripe Donation and Payments – AidWP wp-stripe-donation
ACL Floating Cart for WooCommerce acl-floating-cart-for-woocommerce
Acnoo Flutter API acnoo-flutter-api
aDirectory – Directory Listing WordPress Plugin adirectory
Ads.txt & App-ads.txt Manager for WordPress app-ads-txt
Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform
Advanced Sermons advanced-sermons
Affiliate Platform smdp-affiliate-platform
AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates affiliatex
Agile Video Player Lite agile-video-player
AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix
Ajar in5 Embed ajar-productions-in5-embed
All-in-One WP Migration and Backup all-in-one-wp-migration
Amilia Store amilia-store
AMP for WP – Accelerated Mobile Pages accelerated-mobile-pages
Anchor Episodes Index (Spotify for Podcasters) anchor-episodes-index
App Builder – Create Native Android & iOS Apps On The Flight app-builder
AR For WordPress ar-for-wordpress
Astra Widgets astra-widgets
Auto Login using a secure tokenized url. Role wise login restriction. token-login
Automatic Translation automatic-translation
Awesome buttons wp-awesome-buttons
Backup and Staging by WP Time Capsule wp-time-capsule
Bamazoo – Button Generator bamazoo-button-generator
Banner Slider banner-slider
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beek Widget Extention beek-widget-extention
Bet WC 2018 Russia bet-wc-2018-russia
Bold Page Builder bold-page-builder
Booking Plugin for Your WordPress Appointments – Time Slot timeslot
BP Member Type Manager bp-member-type-manager
Breeze – WordPress Cache Plugin breeze
Bstone Demo Importer bstone-demo-importer
BuddyPress buddypress
BuddyPress Greeting Message bp-greeting-message
Call / Contact Button button-contact-vr
Campus Explorer Widget campus-explorer-widget
Category and Taxonomy Image wp-custom-taxonomy-image
Category and Taxonomy Meta Fields wp-custom-taxonomy-meta
chatplusjp chatplusjp
Church Admin church-admin
Clever Addons for Elementor cafe-lite
Client Power Tools Portal client-power-tools
Code Generate code-generator
CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode
Comments – wpDiscuz wpdiscuz
Compact WP Audio Player compact-wp-audio-player
Conditional Fields for Contact Form 7 cf7-conditional-fields
Contact Form 7 + Telegram cf7-telegram
Contact Form 7 – Repeatable Fields cf7-repeatable-fields
Coub coub
Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library cozy-addons
Custom Icons for Elementor custom-icons-for-elementor
Custom Twitter Feeds – A Tweets Widget or X Feed Widget custom-twitter-feeds
CWD 3D Image Gallery cwd-3d-image-gallery
DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer 3d-flipbook-dflip-lite
DocumentPress documentpress-display-any-document-on-your-site
Download Monitor download-monitor
Download Plugin download-plugin
Editor Custom Color Palette editor-custom-color-palette
Editorial Assistant by Sovrn zemanta
EKC Tournament Manager ekc-tournament-manager
ElementsKit Elementor addons elementskit-lite
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor embedpress
Envo’s Elementor Templates & Widgets for WooCommerce envo-elementor-for-woocommerce
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin mage-eventpress
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
Exam Matrix exam-matrix
Extensions by HocWP Team sb-core
Extra Privacy for Elementor extra-privacy-for-elementor
Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce
File Upload Types by WPForms file-upload-types
Firelight Lightbox easy-fancybox
FormFacade – WordPress plugin for Google Forms formfacade
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
Forms for Mailchimp by Optin Cat – Grow Your MailChimp List mailchimp-wp
Futurio Extra futurio-extra
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
Google Docs RSVP, WordPress Plugin google-docs-rsvp-guestlist
Great Restaurant Menu WP best-restaurant-menu-by-pricelisto
Greenshift – animation and page builder blocks greenshift-animation-and-page-builder-blocks
GRÜN spendino Spendenformular – Mehr Spenden! Weniger Arbeit! spendino
HD Quiz – Save Results Light hd-quiz-save-results-light
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce hurrytimer
ID-SK Toolkit idsk-toolkit
Image Map Pro – Drag-and-drop Builder for Interactive Images image-map-pro
Import and export users and customers import-users-from-csv-with-meta
INK Official ink-official
Interactive World Map interactive-world-map
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates kata-plus
Kodex Posts likes kodex-posts-likes
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages landing-page-cat
LaTeX2HTML latex2html
League of Legends Shortcodes league-of-legends-shortcodes
leenk.me leenkme
Local Business Addons For Elementor (Formally Waze Map) map-addons-for-elementor-waze-map
MaanStore API maanstore-api
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid magazine-blocks
Mapster WP Maps mapster-wp-maps
Marketing Automation by AZEXO marketing-automation-by-azexo
MDTF – Meta Data and Taxonomies Filter wp-meta-data-filter-and-taxonomy-filter
Meetup meetup
Mega Elements – Addons for Elementor mega-elements-addons-for-elementor
Monitor.chat – Monitor WordPress with Instant Messages monitor-chat
Monkee-Boy Essentials monkee-boy-wp-essentials
Multi Purpose Mail Form multi-purpose-mail-form
Multi Step Form multi-step-form
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution dc-woocommerce-multi-vendor
My Wp Brand – Hide menu & Hide Plugin my-wp-brand
myCred Elementor mycred-for-elementor
Namaste! LMS namaste-lms
News Kit Elementor Addons news-kit-elementor-addons
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates the-plus-addons-for-block-editor
Order Notification for Telegram order-notification-for-telegram
PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder
PDF Invoices & Packing Slips for WooCommerce woocommerce-pdf-invoices-packing-slips
PegaPoll pegapoll
Photo Gallery, Images, Slider in Rbs Image Gallery robo-gallery
Plugin Name: iBryl Switch User ibryl-switch-user
Plugin Propagator wp-propagator
Poll Maker – Versus Polls, Anonymous Polls, Image Polls poll-maker
Portfolleo portfolleo
Post Grid and Gutenberg Blocks post-grid
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Premium SEO Pack – WP SEO Plugin premium-seo-pack
PriPre pripre
Product Filter by WBW woo-product-filter
ProfilePress Pro profilepress-pro
Qi Addons For Elementor qi-addons-for-elementor
Qi Blocks qi-blocks
Qode Essential Addons qode-essential-addons
Raptor Editor wp-raptor
Realty Workstation realty-workstation
Risk Warning Bar risk-warning-bar
Rover IDX rover-idx
Royal Elementor Addons and Templates royal-elementor-addons
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging wp-rss-aggregator
RSVP ME rsvp-me
Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp
School Management System – WPSchoolPress wpschoolpress
Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin scrollbar-by-webxapp
Selection Lite selection-lite
SEOPress – On-site SEO wp-seopress
Shoutcast Icecast HTML5 Radio Player shoutcast-icecast-html5-radio-player
Signup Page signup-page
Simple Custom Admin simple-custom-admin
Simple Load More simple-load-more
Simple Membership simple-membership
Simple News simple-news
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) sky-elementor-addons
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder stacks-mobile-app-builder
Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway
Sunshine Photo Cart: Free Client Photo Galleries for Photographers sunshine-photo-cart
Survey Maker survey-maker
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity surveyjs
SVG Captcha svg-captcha
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! templately
TeploBot – Telegram Bot for WP green-wp-telegram-bot-by-teplitsa
Terms descriptions terms-descriptions
Textboxes textboxes
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) the-pack-addon
Themes4WP YouTube External Subtitles themes4wp-youtube-external-subtitles
Tida URL Screenshot tida-url-screenshot
Todo Custom Field todo-custom-field
Transients Manager transients-manager
Trip Plan tripplan
uCAT – Next Story ucat-next-story
Uix Shortcodes – Compatible with Gutenberg uix-shortcodes
User Toolkit user-toolkit
Verbalize WP verbalize-wp
WatchTowerHQ watchtowerhq
Web Bricks Addons for Elementor: Elite-Designed Elementor & eCommerce Widgets webbricks-addons
Whitelist fifthsegment-whitelist
WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager smart-manager-for-wp-e-commerce
Woocommerce Custom Profile Picture woo-custom-profile-picture
WooCommerce Maintenance Mode (Free) woocommerce-maintenance-mode
WooCommerce Order Proposal wooCommerce-order-proposal
Woocommerce Product Design woo-product-design
Woocommerce Quote Calculator woo-quote-calculator-order
WooCommerce UPS Shipping – Live Rates and Access Points flexible-shipping-ups
WordPress eCommerce – ScottCart scottcart
WordPress Post Grid Layouts with Pagination – Sogrid sogrid
WP Abstracts wp-abstracts-manuscripts-manager
WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer adminify
WP Awesome Login wp-awesome-login
WP Booking System – Booking Calendar wp-booking-system
WP Crowdfunding wp-crowdfunding
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting erp
WP Flow Plus wp-imageflow2
WP Query Console wp-query-console
WP Recipe Maker wp-recipe-maker
WP Sessions Time Monitoring Full Automatic activitytime
WP Shortcodes Plugin — Shortcodes Ultimate shortcodes-ultimate
WP show more wp-show-more
Wp Social Login and Register Social Counter wp-social
WP VR – 360 Panorama and Virtual Tour Builder For WordPress wpvr
WP-Members Membership Plugin wp-members
WPC Shop as a Customer for WooCommerce wpc-shop-as-customer
WPKoi Templates for Elementor wpkoi-templates-for-elementor
WPS Telegram Chat wps-telegram-chat
Wux Blog Editor wux-blog-editor
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Clean Retina clean-retina
Js Paper js-paper
Mags mags
Meta News meta-news
NewsCard newscard
Nioland – SaaS & Software Startup Tech WordPress Theme nioland

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50478
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50486
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Acnoo Flutter API
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50420
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50497
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50473
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Ajar in5 Embed
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50496
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
AR For WordPress

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50493
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Automatic Translation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50436
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Clean Retina
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9488
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Comments – wpDiscuz
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50485
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Exam Matrix
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9930
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Extensions by HocWP Team
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50476
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50487
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
MaanStore API
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49701
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Mags
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50483
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Meetup
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50435
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Meta News
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50484
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Multi Purpose Mail Form
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50434
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
NewsCard
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50490
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
PegaPoll
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50495
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Plugin Propagator
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49653
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Portfolleo
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50489
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Realty Workstation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50492
Patch Status
Unpatched
Published
Oct 25, 2024

Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50475
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Signup Page
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50477
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50494
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49668
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Verbalize WP
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9933
Patch Status
Patched
Published
Oct 25, 2024

Affected Software
WatchTowerHQ
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-49658
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50482
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Woocommerce Product Design
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-50498
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
WP Query Console
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9501
Patch Status
Patched
Published
Oct 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9931
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Wux Blog Editor
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9932
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Wux Blog Editor
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49657
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
3D Work In Progress
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49652
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
3D Work In Progress
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9598
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50481
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Bstone Demo Importer
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49674
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
EKC Tournament Manager
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49675
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Plugin Name: iBryl Switch User
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49669
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
INK Official
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9235
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Mapster WP Maps
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50480
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Marketing Automation by AZEXO
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50408
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Namaste! LMS
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-49690
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Qi Blocks

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50457
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10002
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Rover IDX
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50488
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9890
Patch Status
Patched
Published
Oct 25, 2024

Affected Software
User Toolkit
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-50416
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
High (8.6)
CVE-ID
CVE-2024-9627
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-10011
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
BuddyPress

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-9947
Patch Status
Patched
Published
Oct 22, 2024

Affected Software
ProfilePress Pro
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-50491
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
RSVP ME
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-50479
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Woocommerce Quote Calculator
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-49681
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9772
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-50450
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9162
Patch Status
Patched
Published
Oct 27, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-49684
Patch Status
Patched
Published
Oct 21, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-49676
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Custom Icons for Elementor
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9927
Patch Status
Patched
Published
Oct 22, 2024

Affected Software
WooCommerce Order Proposal
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-9829
Patch Status
Patched
Published
Oct 22, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-10341
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
League of Legends Shortcodes
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-50465
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-9650
Patch Status
Patched
Published
Oct 23, 2024

Affected Software
WP Recipe Maker
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50458
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Advanced Sermons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50472
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Amilia Store
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50439
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Astra Widgets

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10148
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Awesome buttons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10150
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Bamazoo – Button Generator
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50430
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10343
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Beek Widget Extention
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50440
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10176
Patch Status
Patched
Published
Oct 23, 2024

Affected Software
Compact WP Audio Player
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49659
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Coub
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9642
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Editor Custom Color Palette
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10091
Patch Status
Patched
Published
Oct 25, 2024

Affected Software
ElementsKit Elementor addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10016
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
File Upload Types by WPForms
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50460
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Firelight Lightbox
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50446
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Futurio Extra

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9853
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
ID-SK Toolkit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9585
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50462
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Interactive World Map
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50501
Patch Status
Patched
Published
Oct 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50464
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Kodex Posts likes
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10342
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
League of Legends Shortcodes
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49667
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49693
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9116
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Monkee-Boy Essentials
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49702
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
myCred Elementor

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50409
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Namaste! LMS
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50410
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Namaste! LMS
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50432
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50443
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9454
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
PriPre
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50468
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Raptor Editor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49696
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50445
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Selection Lite

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8666
Patch Status
Unpatched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10112
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Simple News
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50469
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Textboxes
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50470
Patch Status
Unpatched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50418
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50471
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
Trip Plan
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49665
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-50451
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9456
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
WP Awesome Login
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10117
Patch Status
Patched
Published
Oct 25, 2024

Affected Software
WP Crowdfunding
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49695
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
WP Flow Plus
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9967
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
WP show more
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10374
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
WP-Members Membership Plugin
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-49679
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
WPKoi Templates for Elementor
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-10003
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Rover IDX
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-50424
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-9628
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
WPS Telegram Chat
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9607
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
10Web Social Post Feed
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49640
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49645
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Affiliate Platform
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49636
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49635
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Banner Slider

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49637
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Bet WC 2018 Russia
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49634
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49650
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
BuddyPress Greeting Message
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49660
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Campus Explorer Widget
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49664
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
chatplusjp
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50438
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Church Admin
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49670
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Client Power Tools Portal
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49646
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Code Generate
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49632
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49656
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
DocumentPress
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49654
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Extra Privacy for Elementor
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9214
Patch Status
Patched
Published
Oct 23, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9613
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8870
Patch Status
Unpatched
Published
Oct 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49672
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49678
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Js Paper
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49673
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
LaTeX2HTML
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49661
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
leenk.me

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49639
Patch Status
Unpatched
Published
Oct 21, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50407
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Namaste! LMS
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10250
Patch Status
Patched
Published
Oct 22, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49638
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Risk Warning Bar
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49647
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Simple Custom Admin
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49662
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Simple Load More
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49682
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Simple Membership
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50463
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49648
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
SVG Captcha
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9374
Patch Status
Patched
Published
Oct 23, 2024

Affected Software
Terms descriptions
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49641
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Tida URL Screenshot
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49642
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Todo Custom Field
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49663
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
uCAT – Next Story
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49643
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Whitelist
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-49651
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47640
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9231
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
WP-Members Membership Plugin
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-50448
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-50415
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-50414
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Call / Contact Button
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-9591
Patch Status
Unpatched
Published
Oct 21, 2024

Affected Software
Category and Taxonomy Image
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-9589
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-9590
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9588
Patch Status
Unpatched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9629
Patch Status
Patched
Published
Oct 27, 2024

Affected Software
Contact Form 7 + Telegram
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-50442
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-8500
Patch Status
Patched
Published
Oct 22, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-9630
Patch Status
Unpatched
Published
Oct 24, 2024

Affected Software
WPS Telegram Chat
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-8852
Patch Status
Patched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50422
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50419
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50428
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Multi Step Form
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-49694
Patch Status
Patched
Published
Oct 21, 2024

Researcher(s): Unknown

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9686
Patch Status
Unpatched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-49683
Patch Status
Patched
Published
Oct 21, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50454
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50421
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-50459
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-49691
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
Product Filter by WBW
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-50431
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-50412
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-50413
Patch Status
Patched
Published
Oct 24, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-50426
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
Survey Maker
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-50411
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
WP Abstracts
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49698
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-50417
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10357
Patch Status
Unpatched
Published
Oct 25, 2024

Affected Software
Clever Addons for Elementor
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49685
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-50466
Patch Status
Unpatched
Published
Oct 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10092
Patch Status
Patched
Published
Oct 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49689
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49686
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9541
Patch Status
Patched
Published
Oct 21, 2024

Affected Software
News Kit Elementor Addons
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9530
Patch Status
Patched
Published
Oct 22, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-50455
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-50456
Patch Status
Patched
Published
Oct 24, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49687
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49697
Patch Status
Patched
Published
Oct 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10045
Patch Status
Patched
Published
Oct 22, 2024

Affected Software
Transients Manager

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-9109
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-50425
Patch Status
Patched
Published
Oct 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-49680
Patch Status
Patched
Published
Oct 21, 2024


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024) appeared first on Wordfence.

More great articles

An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the…

Read Story

StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass…

Read Story

WordPress Vulnerability & Patch Roundup November 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.