CVE-2024-13362

Description

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

100plugins / Open User Map0 – 1.4.0
5starplugins / Dynamic Copyright Year0 – 1.0.4
5starplugins / Easy Age Verify0 – 1.8.5
5starplugins / Featured Images in RSS for Mailchimp & More0 – 1.6.3
5starplugins / Marijuana Age Verify0 – 1.5.5
afthemes / WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars0 – 3.8.3
bensibley / Independent Analytics0 – 2.9.7
blackandwhitedigital / TreePress – Easy Family Trees & Ancestor Profiles0 – 3.0.6
Blockspare / BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor0 – 3.2.6
bouncingsprout / Ultimeter0 – 3.0.5
bplugins / Advanced Scrollbar – Custom Scrollbar Styling and Behavior0 – 1.1.3
bplugins / bBlocks – Essential Gutenberg Blocks & Patterns Collection0 – 1.9.8
bplugins / HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player0 – 2.2.27
bplugins / PDF Poster – Display PDF Files with Custom Viewer0 – 2.2.0
cleverplugins / Security Ninja – WordPress Security & Firewall0 – 5.222
codeSavory / Knowledge Base documentation & wiki plugin – BasePress Docs0 – 2.16.3.3
cyberhobo / Geo Mashup0 – 1.13.15
cyclonecode / Custom PHP Settings0 – 2.3.1
damian-gora / Justified Gallery0 – 1.9.0
dashlabsltd / YASR – Yet Another Star Rating Plugin for WordPress0 – 3.4.12
davidanderson / Internal Link Juicer: SEO Auto Linker for WordPress0 – 2.24.6
elespare / EleSpare – News, Magazine and Blog Addons for Elementor0 – 3.3.2
elliotvs / Coupon Affiliates – Affiliate Plugin for WooCommerce0 – 5.17.2
enweby / Full Screen Background0 – 2.0.2
Essekia / Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent0 – 1.1.13
fooplugins / Gallery by FooGallery0 – 2.4.27
fooplugins / Lightbox & Modal Popup WordPress Plugin – FooBox0 – 2.7.33
fooplugins / Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar0 – 2.1.34
fullworks / Anti-Spam Protection – No API Key, GDPR Friendly0 – 2.3.7
fullworks / Display Eventbrite Events0 – 6.1.10
GalleryCreator / Mixed Media Gallery Blocks0 – 3.2.4.4
gn_themes / WP Shortcodes Plugin — Shortcodes Ultimate0 – 7.3.3
gowebsmarty / WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan0 – 7.7.0
hasanazizul / Text To Speech TTS Accessibility0 – 1.7.34
hkdigitalagency / Payment Gateway for ACBA BANK0 – 1.2.6
imtiazrayhan / WP Coupons and Deals – Coupon Plugin For Affiliate Marketers0 – 3.2.2
inavii / Inavii Social Feed0 – 2.7.0
InfornWeb / Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News0 – 3.4.9
InfornWeb / Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid0 – 3.2.7
InfornWeb / Post List Designer – Category Post, Recent Post, Post List0 – 3.3.7
infosatech / RevivePress – Keep your Old Content Evergreen0 – 1.5.8
interactivegeomaps / MapGeo – Interactive Geo Maps0 – 1.6.22
invisnet / WP fail2ban – Advanced Security0 – 5.3.4
josevega / Bulk Edit Posts and Products in Spreadsheet0 – 2.25.16
josevega / Disable Payment Methods based on cart conditions for WooCommerce0 – 1.16.3
josevega / WP Page Templates0 – 1.1.16
Kaira / StoreCustomizer – A plugin to Customize all WooCommerce Pages0 – 2.5.9
KaizenCoders / URL Shortify – Simple and Easy URL Shortener0 – 1.10.4
koen12344 / Post to Google My Business (Google Business Profile)0 – 3.1.28
kofimokome / Message Filter for Contact Form 70 – 1.6.3.2
litonice13 / Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits0 – 2.0.7.2
mapster / Mapster WP Maps0 – 1.9.0
mattpramschufer / Pay For Post with WooCommerce0 – 3.1.26
meowcrew / Role Based Pricing for Woo by Meow Crew0 – 1.6.0
mhmrajib / AidWP – Donation & Payment Forms (Stripe Powered)0 – 3.2.6
mhmrajib / TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More0 – 2.4.1
mhmrajib / WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes0 – 4.6.8
mihail-barinov / Share This Image0 – 2.07
mikewire_rocksolid / Announcement & Notification Banner – Bulletin0 – 3.12.1
mohsinoffline / Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins0 – 6.1.13
mr2p / Meta Field Block – Display custom fields in the Block Editor without coding0 – 1.3.3
mte90 / Glossary0 – 2.2.38
nicheaddons / Events Addon for Elementor0 – 2.2.2
nicheaddons / Primary Addon for Elementor0 – 1.6.0
nicheaddons / Restaurant & Cafe Addon for Elementor0 – 1.5.8
nitin247 / Place Order Without Payment for WooCommerce0 – 2.6.5
nitin247 / Thank You Page for WooCommerce0 – 4.2.0
OceanWP / Ocean Extra0 – 2.4.2
oxilab / Product Layouts for WooCommerce0 – 1.3.1
pagup / Automatic Internal Links for SEO by Pagup0 – 2.0.0
pagup / Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)0 – 2.1.0
paretodigital / Embedder for Google Reviews0 – 1.6.6
paretodigital / Send Users Email – Email Subscribers, Email Marketing Newsletter0 – 1.5.10
passionatebrains / AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization0 – 2.9.2
passionatebrains / AWCA – The Great Analytics Insights for Your eStore0 – 3.12.0
passionatebrains / GA4WP – Analytics Dashboard for the Website0 – 2.6.0
peterschulznl / Code Manager0 – 1.0.40
peterschulznl / WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards0 – 5.5.31
pluginandplay / Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider0 – 3.2.7
plugins360 / Automatic YouTube Gallery0 – 2.5.5
PluginsCafe / Smart phone field for Gravity Forms0 – 2.1.6
pluginsware / Advanced Classifieds & Directory Pro0 – 3.2.4
prasadkirpekar / WP Meta and Date Remover0 – 2.3.4
premmerce / Premmerce Permalink Manager for WooCommerce0 – 2.3.11
premmerce / Premmerce Product Filter for WooCommerce0 – 3.7.3
princeahmed / Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress0 – 1.2.7
princeahmed / File Manager for Google Drive – Integrate Google Drive0 – 1.4.9
princeahmed / Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player0 – 2.0.82
rebelcode / Spotlight Social Feeds – Block, Shortcode, and Widget0 – 1.7.0
saadiqbal / Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App0 – 3.0.0
samdani / Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews0 – 3.2.8
samdani / Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More0 – 2.5.8
sebet / Go Fetch Jobs (for WP Job Manager)0 – 1.8.4.8.1
seezee / Five-Star Ratings Shortcode0 – 1.2.56
senols / AI Puffer – Chat. Create. Automate. (formerly AI Power)0 – 1.8.99
sjaved / Easy Social Feed – Social Photos Gallery and Post Feed for WordPress0 – 6.6.5
smartwpress / Music Player for Elementor – Audio Player & Podcast Player0 – 2.4.1
speedify / Auto-Install Free SSL – Generate & Install Free SSL Certificates0 – 4.5.0
spicethemes / Carousel, Recent Post Slider and Banner Slider0 – 2.1
spiderdevs / EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder0 – 2.5.7
spiderdevs / Forumax – AI Powered Advanced Community Forum Plugin0 – 1.2.7
streamweasels / StreamWeasels Twitch Integration0 – 1.9.2
takanakui / Menu Image, Icons made easy0 – 3.12
takanakui / WP Mobile Menu – The Mobile-Friendly Responsive Menu0 – 2.8.6
theafricanboss / Checkout with Cash App on WooCommerce0 – 6.0.2
themelocation / Custom WooCommerce Checkout Fields Editor0 – 1.3.4
themelocation / Remove Add to Cart WooCommerce0 – 1.4.7
Tickera / Restrict – membership, site, content and user access restrictions for WordPress0 – 2.3.0
tobiasbg / TablePress – Tables in WordPress made easy0 – 3.0.2
tobias_conrad / WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms0 – 1.7.0
toddhalfpenny / Widgets on Pages0 – 1.7
tonyzeoli / Radio Station by netmix® – Manage and play your Show Schedule in WordPress!0 – 2.5.9
Tripetto / WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto0 – 8.0.7
unitecms / Unlimited Elements For Elementor0 – 1.5.140
Uriahs Victor / Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce0 – 1.10.6
vinod-dalvi / Ivory Search – WordPress Search Plugin0 – 5.5.8
webba-agency / Easy Appointment Booking & Scheduling System – Webba Booking Calendar0 – 5.0.57
webfactory / AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o0 – 1.7.2
webheadllc / Contact Form 7 Multi-Step Forms0 – 4.4.1
wordplus / Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages0 – 2.6.7
wpbits / WPBITS Addons For Elementor Page Builder0 – 1.7
wpdever / WP Notification Bell0 – 1.4.2
wpjoli / Joli Table Of Contents0 – 2.6.0
wpmagics / Delete Posts automatically0 – 3.9.6
wpsaad / Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI0 – 1.6.3
wpspeedo / Team Members Showcase0 – 3.3.0
xplodedthemes / WPIDE – File Manager & Code Editor0 – 3.5.1
xplodedthemes / XT Floating Cart for WooCommerce0 – 2.8.4
xplodedthemes / XT Quick View for WooCommerce0 – 2.1.5
xplodedthemes / XT Variation Swatches for WooCommerce0 – 1.9.4
yuvalo / Goal Tracker – Custom Event Tracking for GA40 – 1.1.5

CVE-2024-13362

Description

CVSS breakdown

Affected products

References