Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)


📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with >=1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.


Last week, there were 181 vulnerabilities disclosed in 159 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 18,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 129
Unpatched 52

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 134
High Severity 23
Critical Severity 22

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 93
Missing Authorization 25
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 15
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 14
Cross-Site Request Forgery (CSRF) 7
Exposure of Sensitive Information to an Unauthorized Actor 6
Authorization Bypass Through User-Controlled Key 4
Deserialization of Untrusted Data 4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 4
Unrestricted Upload of File with Dangerous Type 3
Improper Control of Generation of Code (‘Code Injection’) 2
Authentication Bypass Using an Alternate Path or Channel 1
Exposure of Sensitive Information Through Metadata 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Unverified Password Change 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
19
12
11
10
8
5
5
5
5
5
5
5
4
4
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1

Leo

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
012 Ps Multi Languages 012-ps-multi-languages
ABC APP CREATOR abcapp-creator
Absolute Reviews absolute-reviews
Accordion accordions
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded
Advanced File Manager file-manager-advanced
AnWP Football Leagues football-leagues-by-anwppro
Appointment & Event Booking Calendar Plugin – Webba Booking webba-booking-lite
ARI Fancy Lightbox – Popup for WordPress ari-fancy-lightbox
BA Book Everything ba-book-everything
Beam me up Scotty – Back to Top Button beam-me-up-scotty
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Bold Page Builder bold-page-builder
Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More charitable
Charity Addon for Elementor charity-addon-for-elementor
Chartify – WordPress Chart Plugin chart-builder
Checkout Mestres do WP for WooCommerce checkout-mestres-wp
Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce
Classic Editor and Classic Widgets classic-editor-and-classic-widgets
ClickSold IDX clicksold-wordpress-plugin
Common Tools for Site common-tools-for-site
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App peepso-core
Confetti Fall Animation confetti-fall-animation
Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form
Contact Form to Any API contact-form-to-any-api
Crowdsignal Dashboard – Polls, Surveys & more polldaddy
CSS JS Files css-js-files
CubeWP Forms – All-in-One Form Builder cubewp-forms
Daily Prayer Time daily-prayer-time-for-mosques
Directory Listings WordPress plugin – uListing ulisting
Download Monitor download-monitor
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
Easy Mega Menu Plugin for WordPress – ThemeHunk themehunk-megamenu-plus
Easy PayPal Events easy-paypal-events-tickets
Elementor Addons by Livemesh addons-for-elementor
ElementsKit Elementor addons elementskit-lite
ElementsReady Addons for Elementor element-ready-lite
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce
Event Manager, Events Calendar, Tickets, Registrations – Eventin wp-event-solution
Fluent Support – Helpdesk & Customer Support Ticket System fluent-support
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
Garden Gnome Package garden-gnome-package
GEO my WP geo-my-wp
GF Custom Style gf-custom-style
GiveWP – Donation Plugin and Fundraising Platform give
Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) graphicsly
GTM Server Side gtm-server-side
Gum Elementor Addon gum-elementor-addon
GutenGeek Free Gutenberg Blocks for WordPress gtg-advanced-blocks
Happy Addons for Elementor happy-elementor-addons
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
HUSKY – Products Filter Professional for WooCommerce woocommerce-products-filter
IdeaPush ideapush
Instant Chat Floating Button for WordPress Websites instant-chat-wp
JoomSport – for Sports: Team & League, Football, Hockey & more joomsport-sports-league-results-management
Joy Of Text Lite – SMS messaging for WordPress. joy-of-text
Jupiter X Core jupiterx-core
king_IE king-ie
Kodex Posts likes kodex-posts-likes
Koko Analytics koko-analytics
LiteSpeed Cache litespeed-cache
Loops & Logic tangible-loops-and-logic
Mail logging – WP Mail Catcher wp-mail-catcher
Mapplic Lite mapplic-lite
MAS Static Content mas-static-content
Material Design Icons material-design-icons
MDTF – Meta Data and Taxonomies Filter wp-meta-data-filter-and-taxonomy-filter
Medical Addon for Elementor medical-addon-for-elementor
Mega Elements – Addons for Elementor mega-elements-addons-for-elementor
Meta Slider and Carousel with Lightbox meta-slider-and-carousel-with-lightbox
MH Board mh-board
Move Addons for Elementor move-addons
Multi Step for Contact Form 7 cf7-multi-step
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin bus-booking-manager
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification mycred
Newsletters newsletters-lite
NiceJob nicejob
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
OneElements – Best Elementor Addons oneelements-ultimate-addons-for-elementor
OSM – OpenStreetMap osm
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Pixel Cat – Conversion Pixel Manager facebook-conversion-pixel
Podiant podiant
Polls CP cp-polls
Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin mailoptin
Post Grid and Gutenberg Blocks post-grid
Premium Addons for Elementor premium-addons-for-elementor
Premium Packages – Sell Digital Products Securely wpdm-premium-packages
Primary Addon for Elementor primary-addon-for-elementor
Prisna GWT – Google Website Translator google-website-translator
Product Enquiry for WooCommerce, WooCommerce product catalog enquiry-quotation-for-woocommerce
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
PWA for WP & AMP pwa-for-wp
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress radio-player
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit wp-marketing-automations
REST API TO MiniProgram rest-api-to-miniprogram
Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor
Review & testimonial widgets trustmary
Revolut Gateway for WooCommerce revolut-gateway-for-woocommerce
Salon Booking System salon-booking-system
Secure Copy Content Protection and Content Locking secure-copy-content-protection
Seriously Simple Stats seriously-simple-stats
Share This Image share-this-image
ShiftController Employee Shift Scheduling shiftcontroller
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) woolentor-addons
Sight – Professional Image Gallery and Portfolio sight
Simple Calendar – Google Calendar Plugin google-calendar-events
Simple LDAP Login simple-ldap-login
Simple Popup Plugin simple-popup-plugin
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) sky-elementor-addons
Special Text Boxes wp-special-textboxes
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. wpgsi
Starter Templates — Elementor, WordPress & Beaver Builder Templates astra-sites
Store Hours for WooCommerce order-hours-scheduler-for-woocommerce
Sunshine Photo Cart: Free Client Photo Galleries for Photographers sunshine-photo-cart
Super Testimonials sola-testimonials
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! templately
Terms descriptions terms-descriptions
Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
The Events Calendar the-events-calendar
Themedy Toolbox themedy-toolbox
Themesflat Addons For Elementor themesflat-addons-for-elementor
Themify – WooCommerce Product Filter themify-wc-product-filter
Truepush – Most Affordable Web Push Notifications truepush-free-web-push-notifications
Uncanny Groups for LearnDash uncanny-learndash-groups
Use Any Font | Custom Font Uploader use-any-font
UsersControl – Users Profile, Free or Paid Subscriptions, User Access Restriction & Members Directory users-control
Vmax Project Manager vmax-project-manager
VR Calendar vr-calendar-sync
W3 Total Cache w3-total-cache
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible wc-frontend-manager
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode coming-soon
Wheel of Life: Coaching and Assessment Tool for Life Coach wheel-of-life
WooEvents – Calendar and Event Booking woo-events
WordPress Simple HTML Sitemap wp-simple-html-sitemap
WordPress Visitors nm-visitors
WP Abstracts wp-abstracts-manuscripts-manager
WP Category Dropdown wp-category-dropdown
WP Datepicker wp-datepicker
WP Easy Gallery – WordPress Gallery Plugin wp-easy-gallery
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS wp-free-ssl
WP GPX Maps wp-gpx-maps
WP MultiTasking – WP Utilities wp-multitasking
WP Newsletter Subscription wp-newsletter-subscription
WP Ticket Ultra Help Desk & Support Plugin wp-ticket-ultra
WP Timeline – Vertical and Horizontal timeline plugin wp-timelines
WP Travel – Ultimate Travel Booking System, Tour Management Engine wp-travel
WP-DownloadManager wp-downloadmanager
WP-WebAuthn wp-webauthn
WPExperts Square For GiveWP wpexperts-square-for-give
WPSPX wpspx
WPZOOM Shortcodes wpzoom-shortcodes
WS Form LITE – Drag & Drop Contact Form Builder for WordPress ws-form
XT Ajax Add To Cart for WooCommerce xt-woo-ajax-add-to-cart
Zoho Flow for WordPress zoho-flow

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Catch Base catch-base
Viala viala

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-8353
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-8621
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Daily Prayer Time
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-8624
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-8436
Patch Status
Unpatched
Published
Sep 23, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44023
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
ABC APP CREATOR
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44019
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44018
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44017
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
MH Board
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44016
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Podiant
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-8485
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
REST API TO MiniProgram
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-8275
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
The Events Calendar
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44015
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44014
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Vmax Project Manager
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44013
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
VR Calendar
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44012
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
WP Newsletter Subscription
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44011
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-47323
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-44034
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
WPSPX
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-8514
Patch Status
Patched
Published
Sep 24, 2024

Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-8671
Patch Status
Patched
Published
Sep 23, 2024

Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-7385
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-8795
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-7781
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Jupiter X Core
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-8126
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Advanced File Manager

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-47331
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
Multi Step for Contact Form 7
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-8484
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
REST API TO MiniProgram
Researcher

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-8623
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-8481
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Special Text Boxes
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-8704
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Advanced File Manager

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-44030
Patch Status
Patched
Published
Sep 24, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47309
Patch Status
Patched
Published
Sep 25, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-7617
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Contact Form to Any API
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47300
Patch Status
Patched
Published
Sep 24, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-8349
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Uncanny Groups for LearnDash
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2022-4541
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
WordPress Visitors
Researcher

CVSS Rating
Medium (6.8)
CVE-ID
CVE-2024-8725
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Advanced File Manager

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-47312
Patch Status
Patched
Published
Sep 25, 2024

Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-47304
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-47325
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8723
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
012 Ps Multi Languages

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8965
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
Absolute Reviews

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47342
Patch Status
Patched
Published
Sep 27, 2024

Affected Software
Accordion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8917
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
AnWP Football Leagues
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47310
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47298
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Bold Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47313
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Catch Base
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44026
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9115
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
Common Tools for Site
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8919
Patch Status
Unpatched
Published
Sep 23, 2024

Affected Software
Confetti Fall Animation
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8858
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8546
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
ElementsKit Elementor addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47329
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8657
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
Garden Gnome Package

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9173
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
GF Custom Style
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44027
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44035
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
Gum Elementor Addon
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9125
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
king_IE
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9117
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
Mapplic Lite
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9024
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Material Design Icons

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44024
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47343
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47307
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47396
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Move Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44025
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
NiceJob
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9068
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8991
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
OSM – OpenStreetMap
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47340
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8681
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44033
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44032
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44022
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Review & testimonial widgets
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8547
Patch Status
Unpatched
Published
Sep 27, 2024

Affected Software
Simple Popup Plugin
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47345
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9127
Patch Status
Unpatched
Published
Sep 25, 2024

Affected Software
Super Testimonials
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9177
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
Themedy Toolbox
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8515
Patch Status
Unpatched
Published
Sep 24, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8103
Patch Status
Unpatched
Published
Sep 23, 2024

Affected Software
WP Category Dropdown
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9028
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
WP GPX Maps
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9023
Patch Status
Unpatched
Published
Sep 27, 2024

Affected Software
WP-WebAuthn
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9027
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
WPZOOM Shortcodes
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8741
Patch Status
Patched
Published
Sep 24, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8803
Patch Status
Patched
Published
Sep 25, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47347
Patch Status
Patched
Published
Sep 27, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47297
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Polls CP
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8788
Patch Status
Patched
Published
Sep 27, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47327
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
GEO my WP
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8712
Patch Status
Patched
Published
Sep 27, 2024

Affected Software
GTM Server Side
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8713
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Kodex Posts likes
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8662
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
Koko Analytics
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47333
Patch Status
Patched
Published
Sep 26, 2024

Affected Software
Loops & Logic
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47346
Patch Status
Patched
Published
Sep 27, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-44028
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
NiceJob
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8544
Patch Status
Patched
Published
Sep 23, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47306
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8738
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
Seriously Simple Stats
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47326
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Share This Image
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8549
Patch Status
Patched
Published
Sep 24, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8715
Patch Status
Patched
Published
Sep 27, 2024

Affected Software
Simple LDAP Login
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8872
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Store Hours for WooCommerce
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-44029
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
Viala
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47339
Patch Status
Patched
Published
Sep 27, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47322
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47341
Patch Status
Patched
Published
Sep 27, 2024

Affected Software
WP-DownloadManager
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47320
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8716
Patch Status
Patched
Published
Sep 23, 2024

Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-8633
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-9169
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
LiteSpeed Cache
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-8794
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9189
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47302
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-8678
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-44038
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47308
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-44021
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47344
Patch Status
Patched
Published
Sep 27, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47311
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-9146
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
CSS JS Files
Researcher

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-47338
Patch Status
Unpatched
Published
Sep 26, 2024

Affected Software
WPExperts Square For GiveWP
Researcher

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-47334
Patch Status
Patched
Published
Sep 26, 2024

CVSS Rating
Medium (4.7)
CVE-ID
CVE-2024-3866
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44041
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
IdeaPush
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44036
Patch Status
Unpatched
Published
Sep 23, 2024

Affected Software
Kodex Posts likes
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44043
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44040
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47336
Patch Status
Unpatched
Published
Sep 26, 2024

Affected Software
Terms descriptions
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44046
Patch Status
Patched
Published
Sep 23, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-7769
Patch Status
Unpatched
Published
Sep 24, 2024

Affected Software
ClickSold IDX

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44045
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
WP Abstracts
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44042
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
WP Datepicker
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-8189
Patch Status
Patched
Published
Sep 27, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-44039
Patch Status
Patched
Published
Sep 23, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47317
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-43338
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8552
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8476
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Easy PayPal Events
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47315
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8801
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
Happy Addons for Elementor
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-44031
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47337
Patch Status
Unpatched
Published
Sep 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8483
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
MAS Static Content
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-7386
Patch Status
Patched
Published
Sep 24, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47318
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47316
Patch Status
Patched
Published
Sep 25, 2024

Affected Software
Salon Booking System
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47314
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8516
Patch Status
Unpatched
Published
Sep 24, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47305
Patch Status
Patched
Published
Sep 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-44020
Patch Status
Unpatched
Published
Sep 24, 2024

CVSS Rating
Low (3.7)
CVE-ID
CVE-2023-5359
Patch Status
Patched
Published
Sep 23, 2024

Affected Software
W3 Total Cache
Researcher

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-8350
Patch Status
Patched
Published
Sep 24, 2024

Affected Software
Uncanny Groups for LearnDash
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) appeared first on Wordfence.

More great articles

High Severity Vulnerabilities in Post Grid and Team Showcase Plugins

On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with…

Read Story

5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to…

Read Story

Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023)

Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.