Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. If you don’t have it installed yet, you can use our web application firewall to protect your site against known vulnerabilities.
WordPress version 6.6.2 has been released! This update includes 15 bug fixes in the Core and 11 in the Block Editor, fixing issues like unexpected CSS specificity changes in various themes.
We strongly encourage WordPress users to always keep their CMS patched with the latest core updates to mitigate risk and protect the WordPress environment.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-5416 Number of Installations: 10,000,000+ Affected Software: Elementor Website Builder <= 3.23.9 Patched Versions: Elementor Website Builder 3.24.0
Mitigation steps: Update to Elementor Website Builder plugin version 3.24.0 or greater.
Security Risk: Critical Exploitation Level: No authentication required. Vulnerability: Broken Authentication CVE: CVE-2024-44000 Number of Installations: 6,000,000+ Affected Software: LiteSpeed Cache <= 6.5.0 Patched Versions: LiteSpeed Cache 6.5.0.1
Mitigation steps: Update to LiteSpeed Cache plugin version 6.5.0.1 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-8440 Number of Installations: 2,000,000+ Affected Software: Essential Addons for Elementor <= 6.0.3 Patched Versions: Essential Addons for Elementor 6.0.4
Mitigation steps: Update to Essential Addons for Elementor plugin version 6.0.4 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-8850 Number of Installations: 2,000,000+ Affected Software: MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 Patched Versions: MC4WP: Mailchimp for WordPress 4.9.17
Mitigation steps: Update to MC4WP: Mailchimp for WordPress plugin version 4.9.17 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-8680 Number of Installations: 2,000,000+ Affected Software: MC4WP: Mailchimp for WordPress <= 4.9.16 Patched Versions: MC4WP: Mailchimp for WordPress 4.9.17
Mitigation steps: Update to MC4WP: Mailchimp for WordPress plugin version 4.9.17 or greater.
Security Risk: Low Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2023-5359 Number of Installations: 1,000,000+ Affected Software: W3 Total Cache <= 2.7.5 Patched Versions: W3 Total Cache 2.7.6
Mitigation steps: Update to W3 Total Cache plugin version 2.7.6 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: N/A Number of Installations: 800,000+ Affected Software: Ninja Forms <= 3.8.10 Patched Versions: Ninja Forms 3.8.11
Mitigation steps: Update to Ninja Forms plugin version 3.8.11 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43999 Number of Installations: 800,000+ Affected Software: Ninja Forms <= 3.8.11 Patched Versions: Ninja Forms 3.8.12
Mitigation steps: Update to Ninja Forms plugin version 3.8.12 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-5561 Number of Installations: 700,000+ Affected Software: Popup Maker <= 1.19.0 Patched Versions: Popup Maker 1.19.1
Mitigation steps: Update to Popup Maker plugin version 1.19.1 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-7315 Number of Installations: 500,000+ Affected Software: WPvivid <= 0.9.105 Patched Versions: WPvivid 0.9.106
Mitigation steps: Update to WPvivid plugin version 0.9.106 or greater.
Security Risk: Medium Exploitation Level: Requires Editor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-7132 Number of Installations: 400,000+ Affected Software: CoBlocks <= 3.1.12 Patched Versions: CoBlocks 3.1.13
Mitigation steps: Update to CoBlocks plugin version 3.1.13 or greater.
Security Risk: Medium Exploitation Level: Requires Subscriber or higher level authentication. Vulnerability: Broken Access Control CVE: CVE-2024-5053 Number of Installations: 400,000+ Affected Software: Fluent Forms <= 5.1.18 Patched Versions: Fluent Forms 5.1.19
Mitigation steps: Update to Fluent Forms plugin version 5.1.19 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-7870 Number of Installations: 400,000+ Affected Software: PixelYourSite <= 9.7.1 Patched Versions: PixelYourSite 9.7.2
Mitigation steps: Update to PixelYourSite plugin version 9.7.2 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44001 Number of Installations: 400,000+ Affected Software: Royal Elementor Addons <= 1.3.984 Patched Versions: Royal Elementor Addons 1.3.985
Mitigation steps: Update to Royal Elementor Addons plugin version 1.3.985 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-5879 Number of Installations: 300,000+ Affected Software: HubSpot <= 11.1.33 Patched Versions: HubSpot 11.1.34
Mitigation steps: Update to HubSpot plugin version 11.1.34 or greater.
Security Risk: Medium Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: SQL Injection CVE: CVE-2024-8669 Number of Installations: 200,000+ Affected Software: Backuply <= 1.3.4 Patched Versions: Backuply 1.3.5
Mitigation steps: Update to Backuply plugin version 1.3.5 or greater.
Security Risk: Medium Exploitation Level: Requires Author or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-6804 Number of Installations: 200,000+ Affected Software: Jeg Elementor Kit <= 2.6.7 Patched Versions: Jeg Elementor Kit 2.6.8
Mitigation steps: Update to Jeg Elementor Kit plugin version 2.6.8 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-43924 Number of Installations: 200,000+ Affected Software: Responsive Lightbox & Gallery <= 2.4.7 Patched Versions: Responsive Lightbox & Gallery 2.4.8
Mitigation steps: Update to Responsive Lightbox & Gallery plugin version 2.4.8 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44043 Number of Installations: 200,000+ Affected Software: Photo Gallery by 10Web <= 1.8.27 Patched Versions: Photo Gallery by 10Web 1.8.28
Mitigation steps: Update to Photo Gallery by 10Web plugin version 1.8.28 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-2541 Number of Installations: 200,000+ Affected Software: Popup Builder <= 4.3.3 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-7895 Number of Installations: 100,000+ Affected Software: Beaver Builder <= 2.8.3.5 Patched Versions: Beaver Builder 2.8.3.6
Mitigation steps: Update to Beaver Builder plugin version 2.8.3.6 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43926 Number of Installations: 100,000+ Affected Software: Beaver Builder <= 2.8.3.3 Patched Versions: Beaver Builder 2.8.3.4
Mitigation steps: Update to Beaver Builder plugin version 2.8.3.4 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43936 Number of Installations: 100,000+ Affected Software: EmbedPress <= 4.0.8 Patched Versions: EmbedPress 4.0.9
Mitigation steps: Update to EmbedPress plugin version 4.0.9 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-7133 Number of Installations: 100,000+ Affected Software: My Sticky Bar <= 2.7.2 Patched Versions: My Sticky Bar 2.7.3
Mitigation steps: Update to My Sticky Bar plugin version 2.7.3 or greater.
Security Risk: Medium Exploitation Level: Requires Author or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-3899 Number of Installations: 100,000+ Affected Software: Envira Photo Gallery <= 1.8.14 Patched Versions: Envira Photo Gallery 1.8.15
Mitigation steps: Update to Envira Photo Gallery plugin version 1.8.15 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Broken Access Control CVE: CVE-2024-43925 Number of Installations: 100,000+ Affected Software: Envira Photo Gallery <= 1.8.14 Patched Versions: Envira Photo Gallery 1.8.15
Mitigation steps: Update to Envira Photo Gallery plugin version 1.8.15 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-6551 Number of Installations: 100,000+ Affected Software: GiveWP <= 3.15.9 Patched Versions: GiveWP 3.16.0
Mitigation steps: Update to GiveWP plugin version 3.16.0 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-6835 Number of Installations: 100,000+ Affected Software: Ivory Search – WordPress Search Plugin <= 5.5.6 Patched Versions: Ivory Search – WordPress Search Plugin 5.5.7
Mitigation steps: Update to Ivory Search plugin version 5.5.7 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-43922 Number of Installations: 100,000+ Affected Software: NitroPack <= 1.16.7 Patched Versions: NitroPack 1.16.8
Mitigation steps: Update to NitroPack plugin version 1.16.8 or greater.
Security Risk: Low Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43972 Number of Installations: 100,000+ Affected Software: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.7 Patched Versions: Page Builder: Pagelayer – Drag and Drop website builder 1.8.8
Mitigation steps: Update to Page Builder: Pagelayer plugin version 1.8.8 or greater.
Security Risk: Medium Exploitation Level: Requires Author or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43977 Number of Installations: 100,000+ Affected Software: The Plus Addons for Elementor <= 5.6.2 Patched Versions: The Plus Addons for Elementor 5.6.3
Mitigation steps: Update to The Plus Addons for Elementor plugin version 5.6.3 or greater.
Security Risk: Medium Exploitation Level: Requires Subscriber or higher level authentication. Vulnerability: Broken Access Control CVE: CVE-2024-43932 Number of Installations: 100,000+ Affected Software: The Plus Addons for Elementor <= 5.6.2 Patched Versions: The Plus Addons for Elementor – 5.6.3
Mitigation steps: Update to The Plus Addons for Elementor plugin version 5.6.3 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Sensitive Data Exposure CVE: CVE-2024-7418 Number of Installations: 100,000+ Affected Software: The Post Grid <= 7.7.11 Patched Versions: The Post Grid – 7.7.12
Mitigation steps: Update to The Post Grid plugin version 7.7.12 or greater.
Security Risk: Medium Exploitation Level: Requires Subscriber or higher level authentication. Vulnerability: Broken Access Control CVE: CVE-2024-44006 Number of Installations: 100,000+ Affected Software: WooCommerce Multilingual & Multicurrency with WPML <= 5.3.6 Patched Versions: WooCommerce Multilingual & Multicurrency with WPML 5.3.7
Mitigation steps: Update to WooCommerce Multilingual & Multicurrency with WPML plugin version 5.3.7 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-43919 Number of Installations: 100,000+ Affected Software: YARPP – Yet Another Related Posts Plugin <= 5.30.10 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Critical Exploitation Level: No authentication required. Vulnerability: SQL Injection CVE: CVE-2024-8522 Number of Installations: 90,000+ Affected Software: LearnPress – WordPress LMS Plugin <= 4.2.7 Patched Versions: LearnPress – WordPress LMS Plugin 4.2.7.1
Mitigation steps: Update to LearnPress plugin version 4.2.7.1 or greater.
Security Risk: Critical Exploitation Level: No authentication required. Vulnerability: SQL Injection CVE: CVE-2024-8529 Number of Installations: 90,000+ Affected Software: LearnPress – WordPress LMS Plugin <= 4.2.7 Patched Versions: LearnPress – WordPress LMS Plugin 4.2.7.1
Mitigation steps: Update to LearnPress plugin version 4.2.7.1 or greater.
Security Risk: Medium Exploitation Level: Requires Author or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-7304 Number of Installations: 90,000+ Affected Software: Ninja Tables – Easiest Data Table Builder <= 5.0.12 Patched Versions: Ninja Tables – Easiest Data Table Builder 5.0.13
Mitigation steps: Update to Ninja Tables plugin version 5.0.13 or greater.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-8195 Number of Installations: 90,000+ Affected Software: Permalink Manager Lite <= 2.4.4 Patched Versions: Permalink Manager Lite 2.4.4.1
Mitigation steps: Update to Permalink Manager Lite plugin version 2.4.4.1 or greater.
Security Risk: Medium Exploitation Level: Requires Administrator or higher level authentication. Vulnerability: SQL Injection CVE: CVE-2024-6723 Number of Installations: 80,000+ Affected Software: AI Engine <= 2.4.7 Patched Versions: AI Engine 2.4.8
Mitigation steps: Update to AI Engine plugin version 2.4.8 or greater.
Security Risk: Medium Exploitation Level: Requires Subscriber or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-6792 Number of Installations: 80,000+ Affected Software: WP ULike – The Ultimate Engagement Toolkit for Websites <= 4.7.2 Patched Versions: WP ULike – The Ultimate Engagement Toolkit for Websites 4.7.2.1
Mitigation steps: Update to WP ULike plugin version 4.7.2.1 or greater.
Security Risk: Medium Exploitation Level: Requires Subscriber or higher level authentication. Vulnerability: Broken Access Control CVE: CVE-2024-8199 Number of Installations: 70,000+ Affected Software: Reviews Feed <= 1.1.9 Patched Versions: Reviews Feed 1.2.0
Mitigation steps: Update to Reviews Feed plugin version 1.2.0 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-8271 Number of Installations: 60,000+ Affected Software: FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 Patched Versions: FOX – Currency Switcher Professional for WooCommerce 1.4.2.2
Mitigation steps: Update to FOX plugin version 1.4.2.2 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-8274 Number of Installations: 50,000+ Affected Software: WP Booking Calendar <= 10.5.0 Patched Versions: WP Booking Calendar 10.5.1
Mitigation steps: Update to WP Booking Calendar plugin version 10.5.1 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-7313 Number of Installations: 50,000+ Affected Software: Shield Security <= 20.0.5 Patched Versions: Shield Security 20.0.6
Mitigation steps: Update to Shield Security plugin version 20.0.6 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-8544 Number of Installations: 50,000+ Affected Software: Pixel Cat – Conversion Pixel Manager <= 3.0.5 Patched Versions: Pixel Cat – Conversion Pixel Manager 3.0.6
Mitigation steps: Update to Pixel Cat plugin version 3.0.6 or greater.
Security Risk: High Exploitation Level: No authentication required. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43963 Number of Installations: 50,000+ Affected Software: Visual CSS Style Editor <= 7.6.3 Patched Versions: Visual CSS Style Editor 7.6.4
Mitigation steps: Update to Visual CSS Style Editor plugin version 7.6.4 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-1384 Number of Installations: 50,000+ Affected Software: Premium Portfolio Features for Phlox theme <= 2.3.3 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44056 Number of Downloads: 1,152,946 Affected Software: Mantra <= 3.3.2 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44057 Number of Downloads: 752,479 Affected Software: Nirvana <= 1.6.3 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43988 Number of Downloads: 705,708 Affected Software: Mystique <= 2.5.7 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited. However, this theme is abandoned and has not been updated in over a year. We recommend switching to a new theme.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43951 Number of Downloads: 703,523 Affected Software: Tempera <= 1.8.2 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-5867 Number of Downloads: 686,668 Affected Software: Delicate <= 3.5.5 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited. However, this theme is abandoned and has not been updated in over a year. We recommend switching to a new theme.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44058 Number of Downloads: 635,288 Affected Software: Parabola <= 2.4.1 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43987 Number of Downloads: 537,528 Affected Software: Sliding Door <= 3.6 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44054 Number of Downloads: 486,615 Affected Software: Fluida <= 1.8.8 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43991 Number of Downloads: 247,851 Affected Software: Hotel Galaxy <= 4.4.24 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43994 Number of Downloads: 170,236 Affected Software: Kahuna <= 1.7.0 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: No authentication required. Vulnerability: Broken Access Control CVE: CVE-2024-43980 Number of Downloads: 146,783 Affected Software: FotaWP <= 1.4.1 Patched Versions: FotaWP 1.4.2
Mitigation steps: Update to FotaWP theme version 1.4.2 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-45452 Number of Downloads: 126,076 Affected Software: Septera <= 1.5.1 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-44050 Number of Downloads: 108,792 Affected Software: Verbosa <= 1.2.3 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-45451 Number of Downloads: 97,031 Affected Software: Roseta <= 1.3.0 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43995 Number of Downloads: 96,548 Affected Software: Posterity <= 3.6 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Security Risk: High Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: PHP Object Injection CVE: CVE-2024-7435 Number of Downloads: 72,378 Affected Software: Attire <= 2.0.6 Patched Versions: Attire 2.0.7
Mitigation steps: Update to Attire theme version 2.0.7 or greater.
Security Risk: Medium Exploitation Level: Requires Contributor or higher level authentication. Vulnerability: Cross Site Scripting (XSS) CVE: CVE-2024-43952 Number of Downloads: 59,473 Affected Software: Esotera <= 1.2.5.1 Patched Versions: No Fix
Mitigation steps: This vulnerability poses a low risk and is not likely to be exploited.
Update your website software to mitigate risk. Users who are not able to update their software with the latest version are encouraged to use a web application firewall to help virtually patch known vulnerabilities and protect their website.