Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Patch Status	Number of Vulnerabilities
Patched	139
Unpatched	27

Severity Rating	Number of Vulnerabilities
Medium Severity	146
High Severity	15
Critical Severity	5

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	124
Missing Authorization	9
Cross-Site Request Forgery (CSRF)	5
Deserialization of Untrusted Data	5
Unrestricted Upload of File with Dangerous Type	4
URL Redirection to Untrusted Site ('Open Redirect')	4
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	3
Authentication Bypass Using an Alternate Path or Channel	2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	2
Improper Control of Generation of Code ('Code Injection')	2
Improper Neutralization of Alternate XSS Syntax	1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	1
Improper Privilege Management	1

Researcher Name	Number of Vulnerabilities
vgo0	22
Francesco Carlucci	21
João Pedro Soares de Alcântara	12
Le Ngoc Anh	8
Robert DeVore	6
Colin Xu	6
stealthcopter	5
ardias	5
SOPROBRO	4
Dimas Maulana	4
theviper17y	4
Rafie Muhammad	4
Peter Thaleikis	4
Webbernaut	3
TaiYou	3
Khalid Yusuf	3
SavPhill (Savphill)	3
Michael	3
Leo	3
Bonds	3
István Márton	2
Krzysztof Zając	2
0tter	2
Hakiduck	2
Jack Taylor	2
Trương Hữu Phúc (truonghuuphuc)	2
Abdi Pranata	2
Dmitrii Ignatyev	2
Tonn	2
Krugov Artyom	2
zhenhua fan	1
Kévin Mosbahi (Mika)	1
Shebu B (sh3bu)	1
wesley (wcraft)	1
Muhammad Yudha - DJ	1
TANG Cheuk Hei (siunam)	1
k0i3n	1
tahu.datar	1
Ivan Kuzymchak	1
LVT-tholv2k	1
Truoc Phan	1
Thanh Nam Tran	1
Arkadiusz Hydzik	1
Ngô Thiên An (ancorn_)	1
Certus Cybersecurity	1
kslatz	1
Rein Daelman (trein)	1
Joshua Chan	1
Lucio Sá	1

Software Name	Software Slug
123.chat - Video Chat	123-chat-videochat
Addon Elements for Elementor (formerly Elementor Addon Elements)	addon-elements-for-elementor-page-builder
Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules	fish-and-ships
Advanced Woo Labels – Product Labels & Badges for WooCommerce	advanced-woo-labels
Affiliate Program Suite — SliceWP Affiliates	slicewp
Aggregator Advanced Settings	aggregator-advanced-settings
Ajax Load More – Infinite Scroll, Load More, & Lazy Load	ajax-load-more
Author Avatars List/Block	author-avatars
Auto Amazon Links – Amazon Associates Affiliate Plugin	amazon-auto-links
Auto Featured Image from Title	auto-featured-image-from-title
Automatically Hierarchic Categories in Menu	automatically-hierarchic-categories-in-menu
AVIF Uploader	avif-support
BA Book Everything	ba-book-everything
BerqWP – Automatic WordPress Website Speed Optimization	searchpro
BlockSpare – Gutenberg Post Grid Blocks for News, Magazine & Blog Websites	blockspare
Bold Page Builder	bold-page-builder
Booking Calendar	booking
Broken Link Checker	broken-link-checker
BSK Forms Blacklist	bsk-gravityforms-blacklist
CartBounty – Save and recover abandoned carts for WooCommerce	woo-save-abandoned-carts
Checkout Field Editor (Checkout Manager) for WooCommerce	woo-checkout-field-editor-pro
Clio Grow Form	clio-grow-form
Code Embed	simple-embed-code
Confetti Fall Animation	confetti-fall-animation
Copyscape Premium	copyscape-premium
Cozy Blocks – Page Builder for Gutenberg Editor & FSE with 500+ Patterns, 57 Blocks & Templates	cozy-addons
Custom Banners	custom-banners
Demo Importer Plus	demo-importer-plus
Depicter — Popup & Slider Builder	depicter
DethemeKit for Elementor	dethemekit-for-elementor
Display Medium Posts	display-medium-posts
DK PDF – WordPress PDF Generator	dk-pdf
Easy Demo Importer – A Modern One-Click Demo Import Solution	easy-demo-importer
Easy Load More	easy-load-more
Easy WordPress Subscribe – Optin Hound	opt-in-hound
Echo RSS Feed Post Generator	rss-feed-post-generator-echo
Elastik Page Builder	elastik-page-builder
Element Pack – Widgets, Templates & Addons for Elementor	bdthemes-element-pack-lite
ElementInvader Addons for Elementor	elementinvader-addons-for-elementor
ElementsReady Addons for Elementor	element-ready-lite
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	email-subscribers
Enter Addons – Ultimate Template Builder for Elementor	enteraddons
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management
File Manager	file-manager
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform
Gallery Lightbox	gallery-lightbox-slider
Geo Mashup	geo-mashup
Gravity Forms Toolbar	gravity-forms-toolbar
Guten Post Layout – An Advanced Post Grid Collection	guten-post-layout
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns	essential-blocks
Happy Addons for Elementor	happy-elementor-addons
Hash Form – Drag & Drop Form Builder	hash-form
Hello World	hello-world
Helpie FAQ — Accordion, Docs & Knowledge Base	helpie-faq
Ibtana – WordPress Website Builder	ibtana-visual-editor
Iconize	iconize
Include Fussball.de Widgets	include-fussball-de-widgets
Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress	jeg-elementor-kit
JobSearch WP Job Board	wp-jobsearch
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin	kb-support
Keap Official Opt-in Forms	infusionsoft-official-opt-in-forms
LA-Studio Element Kit for Elementor	lastudio-element-kit
LH Copy Media File	lh-copy-media-file
LiteSpeed Cache	litespeed-cache
LocateAndFilter	locateandfilter
Loggedin – Limit Concurrent Sessions	loggedin
Login Logout Shortcode	login-logout-shortcode
Logo Carousel – Display Brand or Client Logos in Slider	responsive-client-logo-carousel-slider
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation	gs-logo-slider
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid	magazine-blocks
Maspik – Ultimate Spam Protection	contact-forms-anti-spam
MaxSlider	maxslider
MC4WP: Mailchimp Top Bar – Email Subscribe Notification Bar	mailchimp-top-bar
Memberful – Membership Plugin	memberful-wp
Move Addons for Elementor	move-addons
NEX-Forms – Ultimate Forms Plugin for WordPress	nex-forms-express-wp-form-builder
Online Booking & Scheduling Calendar for WordPress by vcita	meeting-scheduler-by-vcita
Page-list	page-list
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions
Payflex Payment Gateway	payflex-payment-gateway
PDF Image Generator	pdf-image-generator
Photo Gallery by 10Web – Mobile-Friendly Image Gallery	photo-gallery
Popularis Extra	popularis-extra
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder	popup-maker
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	buddyforms
Premium Blocks – Gutenberg Blocks, Patterns & Templates	premium-blocks-for-gutenberg
Price by Quantity & Bulk Quantity Discounts for WooCommerce	wholesale-pricing-woocommerce
Product Delivery Date for WooCommerce – Lite	product-delivery-date-for-woocommerce-lite
PWA — easy way to Progressive Web App	iworks-pwa
QS Dark Mode Plugin	qs-dark-mode
Quill Forms \| Conversational Multi Step Forms, Surveys & quizzes	quillforms
R Animated Icon Plugin	r-animated-icon
RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce	rabbit-loader
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math
Re:WP	rewp
Relogo	relogo
Robokassa payment gateway for Woocommerce	robokassa
RTMKit	rometheme-for-elementor
RumbleTalk Live Group Chat – HTML5	rumbletalk-chat-a-chat-with-themes
Search Analytics for WP	search-analytics
Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	metasync
SEOPress – AI SEO Plugin & On-site SEO	wp-seopress
ShiftController Employee Shift Scheduling	shiftcontroller
Shortcodes and extra features for Phlox theme	auxin-elements
Simple Membership After Login Redirection	simple-membership-after-login-redirection
Slider Revolution	revslider
Slideshow Gallery LITE	slideshow-gallery
Smart Custom 404 Error Page	404page
Social Auto Poster	social-auto-poster
Social Web Suite – Social Media Auto Post, Social Media Auto Publish	social-web-suite
Soumettre.fr	soumettre-fr
Spice Starter Sites	spice-starter-sites
Stars Testimonials — Responsive Reviews & Star Ratings	stars-testimonials-with-slider-and-masonry-grid
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers	woocommerce-exporter
Strong Testimonials	strong-testimonials
SVG Complete	svg-complete
Team – Team Members Showcase Plugin	tlp-team
The Pack Elementor addon	the-pack-addon
Themify Builder	themify-builder
TinyPNG – JPEG, PNG & WebP image compression	tiny-compress-images
TNC PDF viewer	pdf-viewer-by-themencode
TS Poll – Survey, Versus Poll, Image Poll, Video Poll	poll-wp
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member
Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor	ultimate-store-kit
Unlimited Elements For Elementor	unlimited-elements-for-elementor
VdoCipher: Secure Video Player and Hosting	vdocipher
Visual CSS Style Editor	yellow-pencil-visual-theme-customizer
Web Directory Free	web-directory-free
Wechat Social login 微信QQ钉钉登录插件	wechat-social-login
WordPress & WooCommerce Affiliate Program	wp-wc-affiliate-program
WordPress Captcha Plugin by Captcha Bank	captcha-bank
WP Blocks Hub	wp-blocks-hub
WP Bulk Delete	wp-bulk-delete
WP Cleanup and Basic Functions	wp-cleanup-and-basic-functions
WP Compress – Instant Performance & Speed Optimization	wp-compress-image-optimizer
WP Easy Gallery – WordPress Gallery Plugin	wp-easy-gallery
WP Extended – The Ultimate WordPress Toolkit	wpextended
WP Hotel Booking	wp-hotel-booking
WP MyLinks	wp-mylinks
WP Travel Gutenberg Blocks	wp-travel-blocks
WP-Lister Lite for eBay	wp-lister-for-ebay
WP-WebAuthn	wp-webauthn
WPCOM Member	wpcom-member
WPMobile.App	wpappninja
WPOptin – AI-Powered Top Bars, PopUps & Lead Generation	wpoptin
XLTab – Accordions and Tabs for Elementor Page Builder	xl-tab
XO Slider	xo-liteslider
YITH WooCommerce Ajax Search	yith-woocommerce-ajax-search
YITH WooCommerce Product Add-Ons	yith-woocommerce-product-add-ons
YML for Yandex Market	yml-for-yandex-market
Zoho Forms – Drag & Drop Form Builder for Websites – Contact Forms, Payment Forms, Order Forms & More	zoho-forms
Zotpress	zotpress

Software Name	Software Slug
Create	create
Empowerment	empowerment
Full Frame	full-frame
UltraPress	ultrapress
Unseen Blog	unseen-blog

Do Not Sell or Share My Personal Information

This form enables you to request that we stop selling or sharing your personal information with third parties. "Selling" includes exchanging your information for money or other benefits, while "sharing" refers to providing your data to third parties for targeted advertising purposes. For more information on how we process personal information, please review our Privacy Notice.

When you submit this form, we will:

Immediately disable retargeting and remarketing cookies on your current browser/device

Browser/Device Specific: This opt-out applies to the specific browser from which you submit the request. To opt out on additional devices or browsers, you will need to submit separate requests.

Cookie Management: You may also manage cookies directly through your browser settings, or on our Cookie Control form.

Questions?

Contact our Privacy Team at:

Email: privacy@defiant.com
Mail: Defiant Inc. Attn: Privacy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details