Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)


🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • Top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 161 vulnerabilities disclosed in 147 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 19,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 122
Unpatched 39

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 141
High Severity 15
Critical Severity 5

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 121
Missing Authorization 9
Deserialization of Untrusted Data 5
Cross-Site Request Forgery (CSRF) 4
Unrestricted Upload of File with Dangerous Type 4
URL Redirection to Untrusted Site (‘Open Redirect’) 4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 3
Authentication Bypass Using an Alternate Path or Channel 2
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 2
Improper Control of Generation of Code (‘Code Injection’) 2
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Improper Privilege Management 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
22
21
12
8
6
6
5
5
4
4
4
4
4
3
3
3
3
3

Leo

3
3
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
123.chat – Video Chat 123-chat-videochat
Advanced Woo Labels – Product Labels for WooCommerce advanced-woo-labels
Affiliate Program Suite — SliceWP Affiliates slicewp
Aggregator Advanced Settings aggregator-advanced-settings
Author Avatars List/Block author-avatars
Auto Amazon Links – Amazon Associates Affiliate Plugin amazon-auto-links
Auto Featured Image from Title auto-featured-image-from-title
Automatically Hierarchic Categories in Menu automatically-hierarchic-categories-in-menu
AVIF Uploader avif-support
BA Book Everything ba-book-everything
BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript searchpro
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress file-manager
Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed blockspare
Bold Page Builder bold-page-builder
Broken Link Checker broken-link-checker
BSK Forms Blacklist bsk-gravityforms-blacklist
CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts
Checkout Field Editor (Checkout Manager) for WooCommerce woo-checkout-field-editor-pro
Clio Grow clio-grow-form
Code Embed simple-embed-code
Confetti Fall Animation confetti-fall-animation
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder fluentform
Copyscape Premium copyscape-premium
Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library cozy-addons
Custom Banners custom-banners
Demo Importer Plus demo-importer-plus
DethemeKit For Elementor dethemekit-for-elementor
Display Medium Posts display-medium-posts
DK PDF dk-pdf
Easy Demo Importer – A Modern One-Click Demo Import Solution easy-demo-importer
Easy Load More easy-load-more
Easy WordPress Subscribe – Optin Hound opt-in-hound
Echo RSS Feed Post Generator rss-feed-post-generator-echo
Elastik Page Builder elastik-page-builder
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
Elementor Addon Elements addon-elements-for-elementor-page-builder
ElementsReady Addons for Elementor element-ready-lite
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
Enter Addons – Ultimate Template Builder for Elementor enteraddons
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates essential-blocks
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin helpie-faq
Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate fish-and-ships
Form plugin for WordPress – Zoho Forms zoho-forms
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials stars-testimonials-with-slider-and-masonry-grid
Gallery Lightbox gallery-lightbox-slider
Geo Mashup geo-mashup
Gravity Forms Toolbar gravity-forms-toolbar
Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg guten-post-layout
Happy Addons for Elementor happy-elementor-addons
Hash Form – Drag & Drop Form Builder hash-form
Hello World hello-world
Ibtana – WordPress Website Builder ibtana-visual-editor
Iconize iconize
Include Fussball.de Widgets include-fussball-de-widgets
Jeg Elementor Kit jeg-elementor-kit
JobSearch WP Job Board wp-jobsearch
KB Support – WordPress Help Desk and Knowledge Base kb-support
Keap Official Opt-in Forms infusionsoft-official-opt-in-forms
LA-Studio Element Kit for Elementor lastudio-element-kit
LH Copy Media File lh-copy-media-file
LiteSpeed Cache litespeed-cache
LocateAndFilter locateandfilter
Loggedin – Limit Active Logins loggedin
Login Logout Shortcode login-logout-shortcode
Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid magazine-blocks
MaxSlider maxslider
MC4WP: Mailchimp Top Bar mailchimp-top-bar
Memberful – Membership Plugin memberful-wp
Move Addons for Elementor move-addons
NEX-Forms – Ultimate Form Builder – Contact forms and much more nex-forms-express-wp-form-builder
Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita
Page-list page-list
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
Payflex Payment Gateway payflex-payment-gateway
PDF Image Generator pdf-image-generator
Popularis Extra popularis-extra
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder popup-maker
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
Premium Blocks – Gutenberg Blocks for WordPress premium-blocks-for-gutenberg
Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite
PWA — easy way to Progressive Web App iworks-pwa
QS Dark Mode Plugin qs-dark-mode
Quantity Dynamic Pricing & Bulk Discounts for WooCommerce wholesale-pricing-woocommerce
Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress quillforms
R Animated Icon Plugin r-animated-icon
RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more rabbit-loader
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings seo-by-rank-math
Re:WP rewp
Relogo relogo
Robokassa payment gateway for Woocommerce robokassa
RomethemeKit For Elementor rometheme-for-elementor
RumbleTalk Live Group Chat – HTML5 rumbletalk-chat-a-chat-with-themes
Search Analytics for WP search-analytics
Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization metasync
SEOPress – On-site SEO wp-seopress
ShiftController Employee Shift Scheduling shiftcontroller
Shortcodes and extra features for Phlox theme auxin-elements
Simple Membership After Login Redirection simple-membership-after-login-redirection
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel depicter
Slider Revolution revslider
Slideshow Gallery LITE slideshow-gallery
Smart Custom 404 Error Page 404page
Social Auto Poster social-auto-poster
Social Web Suite – Social Media Auto Post, Social Media Auto Publish social-web-suite
Soumettre.fr soumettre-fr
Spice Starter Sites spice-starter-sites
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More woocommerce-exporter
Strong Testimonials strong-testimonials
SVG Complete svg-complete
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) the-pack-addon
The Ultimate WordPress Toolkit – WP Extended wpextended
Themify Builder themify-builder
TinyPNG – JPEG, PNG & WebP image compression tiny-compress-images
TNC PDF viewer pdf-viewer-by-themencode
Top Bar – PopUps – by WPOptin wpoptin
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider ultimate-store-kit
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor
VdoCipher: Secure Video Player and Hosting vdocipher
Visual CSS Style Editor yellow-pencil-visual-theme-customizer
Web Directory Free web-directory-free
Wechat Social login 微信QQ钉钉登录插件 wechat-social-login
WordPress & WooCommerce Affiliate Program wp-wc-affiliate-program
WordPress Captcha Plugin by Captcha Bank captcha-bank
WordPress Infinite Scroll – Ajax Load More ajax-load-more
WP Blocks Hub wp-blocks-hub
WP Booking Calendar booking
WP Bulk Delete wp-bulk-delete
WP Cleanup and Basic Functions wp-cleanup-and-basic-functions
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
WP Easy Gallery – WordPress Gallery Plugin wp-easy-gallery
WP Hotel Booking wp-hotel-booking
WP MyLinks wp-mylinks
WP Travel Gutenberg Blocks wp-travel-blocks
WP-Lister Lite for eBay wp-lister-for-ebay
WP-WebAuthn wp-webauthn
WPCOM Member wpcom-member
WPMobile.App — Android and iOS Mobile Application wpappninja
XLTab – Accordions and Tabs for Elementor Page Builder xl-tab
XO Slider xo-liteslider
YITH WooCommerce Ajax Search yith-woocommerce-ajax-search
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons
YML for Yandex Market yml-for-yandex-market
Zotpress zotpress

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Create create
Empowerment empowerment
Full Frame full-frame
UltraPress ultrapress
Unseen Blog unseen-blog

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9265
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Echo RSS Feed Post Generator
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-47636
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
JobSearch WP Job Board
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9106
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9108
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-9289
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7433
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Empowerment
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-47351
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
MaxSlider

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7434
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
UltraPress
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7432
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Unseen Blog
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9018
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-7855
Patch Status
Patched
Published
Oct 1, 2024

Affected Software
WP Hotel Booking
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-47645
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-47350
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
YITH WooCommerce Ajax Search
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-7869
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
123.chat – Video Chat
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47649
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Iconize
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-47374
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
LiteSpeed Cache
Researcher

CVSS Rating
High (7.1)
CVE-ID
CVE-2024-8981
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Broken Link Checker
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-9224
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Hello World
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47622
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9368
Patch Status
Unpatched
Published
Oct 3, 2024

Affected Software
Aggregator Advanced Settings
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47370
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Author Avatars List/Block
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47365
Patch Status
Patched
Published
Sep 30, 2024

Researcher(s): Unknown

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9060
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
AVIF Uploader
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47391
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Bold Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8804
Patch Status
Patched
Published
Oct 3, 2024

Affected Software
Code Embed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47641
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Confetti Fall Animation
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47356
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Create
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9172
Patch Status
Patched
Published
Oct 1, 2024

Affected Software
Demo Importer Plus
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47632
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9445
Patch Status
Unpatched
Published
Oct 3, 2024

Affected Software
Display Medium Posts
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9274
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Elastik Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47630
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47366
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47625
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-44010
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Full Frame
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47623
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Gallery Lightbox
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8990
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Geo Mashup
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47357
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Happy Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47643
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Include Fussball.de Widgets
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47390
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47642
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Keap Official Opt-in Forms
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47628
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47373
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
LiteSpeed Cache
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9304
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
LocateAndFilter
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9421
Patch Status
Unpatched
Published
Oct 3, 2024

Affected Software
Login Logout Shortcode
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47631
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9242
Patch Status
Patched
Published
Oct 3, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47364
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47382
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Page-list
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9118
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
QS Dark Mode Plugin
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9272
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
R Animated Icon Plugin
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9271
Patch Status
Patched
Published
Oct 3, 2024

Affected Software
Re:WP
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9269
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Relogo
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47626
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
RomethemeKit For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8720
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8107
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9119
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
SVG Complete
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47639
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9372
Patch Status
Unpatched
Published
Oct 3, 2024

Affected Software
WP Blocks Hub
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9455
Patch Status
Unpatched
Published
Oct 4, 2024

Affected Software
WP Cleanup and Basic Functions
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47627
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47650
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
WP-WebAuthn
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8324
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
XO Slider
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47633
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-47621
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Zotpress

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9349
Patch Status
Patched
Published
Oct 3, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8786
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Auto Featured Image from Title
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47360
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47624
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
BSK Forms Blacklist
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8802
Patch Status
Unpatched
Published
Oct 3, 2024

Affected Software
Clio Grow
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47644
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Copyscape Premium
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8799
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Custom Banners
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8727
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
DK PDF
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8728
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Easy Load More
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9267
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47353
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47648
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9237
Patch Status
Patched
Published
Oct 3, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8718
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Gravity Forms Toolbar
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9417
Patch Status
Patched
Published
Oct 4, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47394
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
JobSearch WP Job Board
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9220
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
LH Copy Media File
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9228
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9210
Patch Status
Patched
Published
Oct 1, 2024

Affected Software
MC4WP: Mailchimp Top Bar
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47389
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47638
Patch Status
Unpatched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47646
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Payflex Payment Gateway
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9241
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
PDF Image Generator
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9353
Patch Status
Patched
Published
Oct 3, 2024

Affected Software
Popularis Extra
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9345
Patch Status
Patched
Published
Oct 3, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9384
Patch Status
Patched
Published
Oct 3, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47395
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9225
Patch Status
Patched
Published
Oct 1, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9435
Patch Status
Patched
Published
Oct 3, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47354
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47388
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9204
Patch Status
Patched
Published
Oct 3, 2024

Affected Software
Smart Custom 404 Error Page
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47369
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Social Auto Poster
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47386
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9385
Patch Status
Patched
Published
Oct 4, 2024

Affected Software
Themify Builder
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47379
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Web Directory Free

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9375
Patch Status
Unpatched
Published
Oct 3, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47352
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
WP Bulk Delete
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47384
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9209
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Search Analytics for WP
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47380
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
WP-Lister Lite for eBay
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47378
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
WPCOM Member
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47349
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47348
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Visual CSS Style Editor
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-47367
Patch Status
Patched
Published
Sep 30, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9378
Patch Status
Patched
Published
Oct 1, 2024

Affected Software
YML for Yandex Market
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-47358
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-8430
Patch Status
Unpatched
Published
Sep 30, 2024

Affected Software
Spice Starter Sites
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47376
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Slideshow Gallery LITE
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47372
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
TNC PDF viewer
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-9306
Patch Status
Patched
Published
Oct 3, 2024

Affected Software
WP Booking Calendar
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-47371
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
WP MyLinks
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47634
Patch Status
Patched
Published
Sep 30, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47361
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Elementor Addon Elements
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47637
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
LiteSpeed Cache
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-8675
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Soumettre.fr
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47362
Patch Status
Patched
Published
Sep 30, 2024

Affected Software
Strong Testimonials
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-47635
Patch Status
Patched
Published
Sep 30, 2024

Researcher(s): Unknown


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024) appeared first on Wordfence.

More great articles

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only…

Read Story

Multiple Vulnerabilities Patched in Shield Security

On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security,…

Read Story

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.