{"api_version":"1","generated_at":"2026-05-01T12:30:57+00:00","cve":"CVE-2024-13362","urls":{"html":"https://cve.report/CVE-2024-13362","api":"https://cve.report/api/cve/CVE-2024-13362.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-13362","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-13362"},"summary":{"title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter","description":"Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2026-05-01 06:16:30","updated_at":"2026-05-01 06:16:30"},"problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/changeset/3249130/","name":"https://plugins.trac.wordpress.org/changeset/3249130/","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/changeset/3229060/","name":"https://plugins.trac.wordpress.org/changeset/3229060/","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/changeset/3235286/","name":"https://plugins.trac.wordpress.org/changeset/3235286/","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js","name":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js","refsource":"security@wordfence.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-13362","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13362","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"sebet","product":"Go Fetch Jobs (for WP Job Manager)","version":"affected 1.8.4.8.1 semver","platforms":[]},{"source":"CNA","vendor":"5starplugins","product":"Dynamic Copyright Year","version":"affected 1.0.4 semver","platforms":[]},{"source":"CNA","vendor":"peterschulznl","product":"Code Manager","version":"affected 1.0.40 semver","platforms":[]},{"source":"CNA","vendor":"bplugins","product":"Advanced Scrollbar – Custom Scrollbar Styling and Behavior","version":"affected 1.1.3 semver","platforms":[]},{"source":"CNA","vendor":"yuvalo","product":"Goal Tracker – Custom Event Tracking for GA4","version":"affected 1.1.5 semver","platforms":[]},{"source":"CNA","vendor":"essekia","product":"Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent","version":"affected 1.1.13 semver","platforms":[]},{"source":"CNA","vendor":"josevega","product":"WP Page Templates","version":"affected 1.1.16 semver","platforms":[]},{"source":"CNA","vendor":"hkdigitalagency","product":"Payment Gateway for ACBA BANK","version":"affected 1.2.6 semver","platforms":[]},{"source":"CNA","vendor":"princeahmed","product":"Dracula Dark Mode –  Accessibility, Reading Mode & Dark Mode for WordPress","version":"affected 1.2.7 semver","platforms":[]},{"source":"CNA","vendor":"spiderdevs","product":"Forumax – AI Powered Advanced Community Forum Plugin","version":"affected 1.2.7 semver","platforms":[]},{"source":"CNA","vendor":"seezee","product":"Five-Star Ratings Shortcode","version":"affected 1.2.56 semver","platforms":[]},{"source":"CNA","vendor":"oxilab","product":"Product Layouts for WooCommerce","version":"affected 1.3.1 semver","platforms":[]},{"source":"CNA","vendor":"mr2p","product":"Meta Field Block – Display custom fields in the Block Editor without coding","version":"affected 1.3.3 semver","platforms":[]},{"source":"CNA","vendor":"themelocation","product":"Custom WooCommerce Checkout Fields Editor","version":"affected 1.3.4 semver","platforms":[]},{"source":"CNA","vendor":"100plugins","product":"Open User Map","version":"affected 1.4.0 semver","platforms":[]},{"source":"CNA","vendor":"wpdever","product":"WP Notification Bell","version":"affected 1.4.2 semver","platforms":[]},{"source":"CNA","vendor":"themelocation","product":"Remove Add to Cart WooCommerce","version":"affected 1.4.7 semver","platforms":[]},{"source":"CNA","vendor":"princeahmed","product":"File Manager for Google Drive – Integrate Google Drive","version":"affected 1.4.9 semver","platforms":[]},{"source":"CNA","vendor":"5starplugins","product":"Marijuana Age Verify","version":"affected 1.5.5 semver","platforms":[]},{"source":"CNA","vendor":"infosatech","product":"RevivePress – Keep your Old Content Evergreen","version":"affected 1.5.8 semver","platforms":[]},{"source":"CNA","vendor":"nicheaddons","product":"Restaurant & Cafe Addon for Elementor","version":"affected 1.5.8 semver","platforms":[]},{"source":"CNA","vendor":"paretodigital","product":"Send Users Email – Email Subscribers, Email Marketing Newsletter","version":"affected 1.5.10 semver","platforms":[]},{"source":"CNA","vendor":"unitecms","product":"Unlimited Elements For Elementor","version":"affected 1.5.140 semver","platforms":[]},{"source":"CNA","vendor":"meowcrew","product":"Role Based Pricing for Woo by Meow Crew","version":"affected 1.6.0 semver","platforms":[]},{"source":"CNA","vendor":"nicheaddons","product":"Primary Addon for Elementor","version":"affected 1.6.0 semver","platforms":[]},{"source":"CNA","vendor":"5starplugins","product":"Featured Images in RSS for Mailchimp & More","version":"affected 1.6.3 semver","platforms":[]},{"source":"CNA","vendor":"wpsaad","product":"Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI","version":"affected 1.6.3 semver","platforms":[]},{"source":"CNA","vendor":"kofimokome","product":"Message Filter for Contact Form 7","version":"affected 1.6.3.2 semver","platforms":[]},{"source":"CNA","vendor":"paretodigital","product":"Embedder for Google Reviews","version":"affected 1.6.6 semver","platforms":[]},{"source":"CNA","vendor":"interactivegeomaps","product":"MapGeo – Interactive Geo Maps","version":"affected 1.6.22 semver","platforms":[]},{"source":"CNA","vendor":"wpbits","product":"WPBITS Addons For Elementor Page Builder","version":"affected 1.7 semver","platforms":[]},{"source":"CNA","vendor":"toddhalfpenny","product":"Widgets on Pages","version":"affected 1.7 semver","platforms":[]},{"source":"CNA","vendor":"rebelcode","product":"Spotlight Social Feeds – Block, Shortcode, and Widget","version":"affected 1.7.0 semver","platforms":[]},{"source":"CNA","vendor":"tobias_conrad","product":"WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms","version":"affected 1.7.0 semver","platforms":[]},{"source":"CNA","vendor":"webfactory","product":"AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o","version":"affected 1.7.2 semver","platforms":[]},{"source":"CNA","vendor":"hasanazizul","product":"Text To Speech TTS Accessibility","version":"affected 1.7.34 semver","platforms":[]},{"source":"CNA","vendor":"5starplugins","product":"Easy Age Verify","version":"affected 1.8.5 semver","platforms":[]},{"source":"CNA","vendor":"senols","product":"AI Puffer – Chat. Create. Automate. (formerly AI Power)","version":"affected 1.8.99 semver","platforms":[]},{"source":"CNA","vendor":"damian-gora","product":"Justified Gallery","version":"affected 1.9.0 semver","platforms":[]},{"source":"CNA","vendor":"mapster","product":"Mapster WP Maps","version":"affected 1.9.0 semver","platforms":[]},{"source":"CNA","vendor":"streamweasels","product":"StreamWeasels Twitch Integration","version":"affected 1.9.2 semver","platforms":[]},{"source":"CNA","vendor":"xplodedthemes","product":"XT Variation Swatches for WooCommerce","version":"affected 1.9.4 semver","platforms":[]},{"source":"CNA","vendor":"bplugins","product":"bBlocks – Essential Gutenberg Blocks & Patterns Collection","version":"affected 1.9.8 semver","platforms":[]},{"source":"CNA","vendor":"kaizencoders","product":"URL Shortify – Simple and Easy URL Shortener","version":"affected 1.10.4 semver","platforms":[]},{"source":"CNA","vendor":"uriahs-victor","product":"Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce","version":"affected 1.10.6 semver","platforms":[]},{"source":"CNA","vendor":"cyberhobo","product":"Geo Mashup","version":"affected 1.13.15 semver","platforms":[]},{"source":"CNA","vendor":"josevega","product":"Disable Payment Methods based on cart conditions for WooCommerce","version":"affected 1.16.3 semver","platforms":[]},{"source":"CNA","vendor":"pagup","product":"Automatic Internal Links for SEO by Pagup","version":"affected 2.0.0 semver","platforms":[]},{"source":"CNA","vendor":"enweby","product":"Full Screen Background","version":"affected 2.0.2 semver","platforms":[]},{"source":"CNA","vendor":"litonice13","product":"Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits","version":"affected 2.0.7.2 semver","platforms":[]},{"source":"CNA","vendor":"princeahmed","product":"Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player","version":"affected 2.0.82 semver","platforms":[]},{"source":"CNA","vendor":"spicethemes","product":"Carousel, Recent Post Slider and Banner Slider","version":"affected 2.1 semver","platforms":[]},{"source":"CNA","vendor":"pagup","product":"Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)","version":"affected 2.1.0 semver","platforms":[]},{"source":"CNA","vendor":"xplodedthemes","product":"XT Quick View for WooCommerce","version":"affected 2.1.5 semver","platforms":[]},{"source":"CNA","vendor":"pluginscafe","product":"Smart phone field for Gravity Forms","version":"affected 2.1.6 semver","platforms":[]},{"source":"CNA","vendor":"fooplugins","product":"Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar","version":"affected 2.1.34 semver","platforms":[]},{"source":"CNA","vendor":"bplugins","product":"PDF Poster – Display PDF Files with Custom Viewer","version":"affected 2.2.0 semver","platforms":[]},{"source":"CNA","vendor":"nicheaddons","product":"Events Addon for Elementor","version":"affected 2.2.2 semver","platforms":[]},{"source":"CNA","vendor":"bplugins","product":"HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player","version":"affected 2.2.27 semver","platforms":[]},{"source":"CNA","vendor":"mte90","product":"Glossary","version":"affected 2.2.38 semver","platforms":[]},{"source":"CNA","vendor":"tickera","product":"Restrict – membership, site, content and user access restrictions for WordPress","version":"affected 2.3.0 semver","platforms":[]},{"source":"CNA","vendor":"cyclonecode","product":"Custom PHP Settings","version":"affected 2.3.1 semver","platforms":[]},{"source":"CNA","vendor":"prasadkirpekar","product":"WP Meta and Date Remover","version":"affected 2.3.4 semver","platforms":[]},{"source":"CNA","vendor":"fullworks","product":"Anti-Spam Protection – No API Key, GDPR Friendly","version":"affected 2.3.7 semver","platforms":[]},{"source":"CNA","vendor":"premmerce","product":"Premmerce Permalink Manager for WooCommerce","version":"affected 2.3.11 semver","platforms":[]},{"source":"CNA","vendor":"smartwpress","product":"Music Player for Elementor – Audio Player & Podcast Player","version":"affected 2.4.1 semver","platforms":[]},{"source":"CNA","vendor":"mhmrajib","product":"TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More","version":"affected 2.4.1 semver","platforms":[]},{"source":"CNA","vendor":"oceanwp","product":"Ocean Extra","version":"affected 2.4.2 semver","platforms":[]},{"source":"CNA","vendor":"fooplugins","product":"Gallery by FooGallery","version":"affected 2.4.27 semver","platforms":[]},{"source":"CNA","vendor":"plugins360","product":"Automatic YouTube Gallery","version":"affected 2.5.5 semver","platforms":[]},{"source":"CNA","vendor":"spiderdevs","product":"EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder","version":"affected 2.5.7 semver","platforms":[]},{"source":"CNA","vendor":"samdani","product":"Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More","version":"affected 2.5.8 semver","platforms":[]},{"source":"CNA","vendor":"tonyzeoli","product":"Radio Station by netmix® – Manage and play your Show Schedule in WordPress!","version":"affected 2.5.9 semver","platforms":[]},{"source":"CNA","vendor":"kaira","product":"StoreCustomizer – A plugin to Customize all WooCommerce Pages","version":"affected 2.5.9 semver","platforms":[]},{"source":"CNA","vendor":"wpjoli","product":"Joli Table Of Contents","version":"affected 2.6.0 semver","platforms":[]},{"source":"CNA","vendor":"passionatebrains","product":"GA4WP – Analytics Dashboard for the Website","version":"affected 2.6.0 semver","platforms":[]},{"source":"CNA","vendor":"nitin247","product":"Place Order Without Payment for WooCommerce","version":"affected 2.6.5 semver","platforms":[]},{"source":"CNA","vendor":"wordplus","product":"Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages","version":"affected 2.6.7 semver","platforms":[]},{"source":"CNA","vendor":"mihail-barinov","product":"Share This Image","version":"affected 2.07 semver","platforms":[]},{"source":"CNA","vendor":"inavii","product":"Inavii Social Feed","version":"affected 2.7.0 semver","platforms":[]},{"source":"CNA","vendor":"fooplugins","product":"Lightbox & Modal Popup WordPress Plugin – FooBox","version":"affected 2.7.33 semver","platforms":[]},{"source":"CNA","vendor":"xplodedthemes","product":"XT Floating Cart for WooCommerce","version":"affected 2.8.4 semver","platforms":[]},{"source":"CNA","vendor":"takanakui","product":"WP Mobile Menu – The Mobile-Friendly Responsive Menu","version":"affected 2.8.6 semver","platforms":[]},{"source":"CNA","vendor":"passionatebrains","product":"AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization","version":"affected 2.9.2 semver","platforms":[]},{"source":"CNA","vendor":"bensibley","product":"Independent Analytics","version":"affected 2.9.7 semver","platforms":[]},{"source":"CNA","vendor":"codesavory","product":"Knowledge Base documentation & wiki plugin – BasePress Docs","version":"affected 2.16.3.3 semver","platforms":[]},{"source":"CNA","vendor":"davidanderson","product":"Internal Link Juicer: SEO Auto Linker for WordPress","version":"affected 2.24.6 semver","platforms":[]},{"source":"CNA","vendor":"josevega","product":"Bulk Edit Posts and Products in Spreadsheet","version":"affected 2.25.16 semver","platforms":[]},{"source":"CNA","vendor":"saadiqbal","product":"Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App","version":"affected 3.0.0 semver","platforms":[]},{"source":"CNA","vendor":"tobiasbg","product":"TablePress – Tables in WordPress made easy","version":"affected 3.0.2 semver","platforms":[]},{"source":"CNA","vendor":"bouncingsprout","product":"Ultimeter","version":"affected 3.0.5 semver","platforms":[]},{"source":"CNA","vendor":"blackandwhitedigital","product":"TreePress – Easy Family Trees & Ancestor Profiles","version":"affected 3.0.6 semver","platforms":[]},{"source":"CNA","vendor":"mattpramschufer","product":"Pay For Post with WooCommerce","version":"affected 3.1.26 semver","platforms":[]},{"source":"CNA","vendor":"koen12344","product":"Post to Google My Business (Google Business Profile)","version":"affected 3.1.28 semver","platforms":[]},{"source":"CNA","vendor":"imtiazrayhan","product":"WP Coupons and Deals – Coupon Plugin For Affiliate Marketers","version":"affected 3.2.2 semver","platforms":[]},{"source":"CNA","vendor":"pluginsware","product":"Advanced Classifieds & Directory Pro","version":"affected 3.2.4 semver","platforms":[]},{"source":"CNA","vendor":"gallerycreator","product":"Mixed Media Gallery Blocks","version":"affected 3.2.4.4 semver","platforms":[]},{"source":"CNA","vendor":"blockspare","product":"BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor","version":"affected 3.2.6 semver","platforms":[]},{"source":"CNA","vendor":"mhmrajib","product":"AidWP – Donation & Payment Forms (Stripe Powered)","version":"affected 3.2.6 semver","platforms":[]},{"source":"CNA","vendor":"infornweb","product":"Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid","version":"affected 3.2.7 semver","platforms":[]},{"source":"CNA","vendor":"pluginandplay","product":"Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider","version":"affected 3.2.7 semver","platforms":[]},{"source":"CNA","vendor":"samdani","product":"Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews","version":"affected 3.2.8 semver","platforms":[]},{"source":"CNA","vendor":"wpspeedo","product":"Team Members Showcase","version":"affected 3.3.0 semver","platforms":[]},{"source":"CNA","vendor":"elespare","product":"EleSpare – News, Magazine and Blog Addons for Elementor","version":"affected 3.3.2 semver","platforms":[]},{"source":"CNA","vendor":"infornweb","product":"Post List Designer – Category Post, Recent Post, Post List","version":"affected 3.3.7 semver","platforms":[]},{"source":"CNA","vendor":"infornweb","product":"Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News","version":"affected 3.4.9 semver","platforms":[]},{"source":"CNA","vendor":"dashlabsltd","product":"YASR – Yet Another Star Rating Plugin for WordPress","version":"affected 3.4.12 semver","platforms":[]},{"source":"CNA","vendor":"xplodedthemes","product":"WPIDE – File Manager & Code Editor","version":"affected 3.5.1 semver","platforms":[]},{"source":"CNA","vendor":"premmerce","product":"Premmerce Product Filter for WooCommerce","version":"affected 3.7.3 semver","platforms":[]},{"source":"CNA","vendor":"afthemes","product":"WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars","version":"affected 3.8.3 semver","platforms":[]},{"source":"CNA","vendor":"wpmagics","product":"Delete Posts automatically","version":"affected 3.9.6 semver","platforms":[]},{"source":"CNA","vendor":"takanakui","product":"Menu Image, Icons made easy","version":"affected 3.12 semver","platforms":[]},{"source":"CNA","vendor":"passionatebrains","product":"AWCA – The Great Analytics Insights for Your eStore","version":"affected 3.12.0 semver","platforms":[]},{"source":"CNA","vendor":"mikewire_rocksolid","product":"Announcement & Notification Banner – Bulletin","version":"affected 3.12.1 semver","platforms":[]},{"source":"CNA","vendor":"nitin247","product":"Thank You Page for WooCommerce","version":"affected 4.2.0 semver","platforms":[]},{"source":"CNA","vendor":"webheadllc","product":"Contact Form 7 Multi-Step Forms","version":"affected 4.4.1 semver","platforms":[]},{"source":"CNA","vendor":"speedify","product":"Auto-Install Free SSL – Generate & Install Free SSL Certificates","version":"affected 4.5.0 semver","platforms":[]},{"source":"CNA","vendor":"mhmrajib","product":"WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes","version":"affected 4.6.8 semver","platforms":[]},{"source":"CNA","vendor":"webba-agency","product":"Easy Appointment Booking & Scheduling System – Webba Booking Calendar","version":"affected 5.0.57 semver","platforms":[]},{"source":"CNA","vendor":"invisnet","product":"WP fail2ban – Advanced Security","version":"affected 5.3.4 semver","platforms":[]},{"source":"CNA","vendor":"vinod-dalvi","product":"Ivory Search – WordPress Search Plugin","version":"affected 5.5.8 semver","platforms":[]},{"source":"CNA","vendor":"peterschulznl","product":"WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards","version":"affected 5.5.31 semver","platforms":[]},{"source":"CNA","vendor":"elliotvs","product":"Coupon Affiliates – Affiliate Plugin for WooCommerce","version":"affected 5.17.2 semver","platforms":[]},{"source":"CNA","vendor":"cleverplugins","product":"Security Ninja – WordPress Security & Firewall","version":"affected 5.222 semver","platforms":[]},{"source":"CNA","vendor":"theafricanboss","product":"Checkout with Cash App on WooCommerce","version":"affected 6.0.2 semver","platforms":[]},{"source":"CNA","vendor":"fullworks","product":"Display Eventbrite Events","version":"affected 6.1.10 semver","platforms":[]},{"source":"CNA","vendor":"mohsinoffline","product":"Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins","version":"affected 6.1.13 semver","platforms":[]},{"source":"CNA","vendor":"sjaved","product":"Easy Social Feed – Social Photos Gallery and Post Feed for WordPress","version":"affected 6.6.5 semver","platforms":[]},{"source":"CNA","vendor":"gn_themes","product":"WP Shortcodes Plugin — Shortcodes Ultimate","version":"affected 7.3.3 semver","platforms":[]},{"source":"CNA","vendor":"gowebsmarty","product":"WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan","version":"affected 7.7.0 semver","platforms":[]},{"source":"CNA","vendor":"tripetto","product":"WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto","version":"affected 8.0.7 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-30T17:32:32.000Z","lang":"en","value":"Vendor Notified"},{"source":"CNA","time":"2026-04-30T17:17:30.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Asaf Mozes","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Go Fetch Jobs (for WP Job Manager)","vendor":"sebet","versions":[{"lessThanOrEqual":"1.8.4.8.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Dynamic Copyright Year","vendor":"5starplugins","versions":[{"lessThanOrEqual":"1.0.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Code Manager","vendor":"peterschulznl","versions":[{"lessThanOrEqual":"1.0.40","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Advanced Scrollbar – Custom Scrollbar Styling and Behavior","vendor":"bplugins","versions":[{"lessThanOrEqual":"1.1.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Goal Tracker – Custom Event Tracking for GA4","vendor":"yuvalo","versions":[{"lessThanOrEqual":"1.1.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent","vendor":"essekia","versions":[{"lessThanOrEqual":"1.1.13","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Page Templates","vendor":"josevega","versions":[{"lessThanOrEqual":"1.1.16","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Payment Gateway for ACBA BANK","vendor":"hkdigitalagency","versions":[{"lessThanOrEqual":"1.2.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Dracula Dark Mode –  Accessibility, Reading Mode & Dark Mode for WordPress","vendor":"princeahmed","versions":[{"lessThanOrEqual":"1.2.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Forumax – AI Powered Advanced Community Forum Plugin","vendor":"spiderdevs","versions":[{"lessThanOrEqual":"1.2.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Five-Star Ratings Shortcode","vendor":"seezee","versions":[{"lessThanOrEqual":"1.2.56","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Product Layouts for WooCommerce","vendor":"oxilab","versions":[{"lessThanOrEqual":"1.3.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Meta Field Block – Display custom fields in the Block Editor without coding","vendor":"mr2p","versions":[{"lessThanOrEqual":"1.3.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Custom WooCommerce Checkout Fields Editor","vendor":"themelocation","versions":[{"lessThanOrEqual":"1.3.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Open User Map","vendor":"100plugins","versions":[{"lessThanOrEqual":"1.4.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Notification Bell","vendor":"wpdever","versions":[{"lessThanOrEqual":"1.4.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Remove Add to Cart WooCommerce","vendor":"themelocation","versions":[{"lessThanOrEqual":"1.4.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"File Manager for Google Drive – Integrate Google Drive","vendor":"princeahmed","versions":[{"lessThanOrEqual":"1.4.9","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Marijuana Age Verify","vendor":"5starplugins","versions":[{"lessThanOrEqual":"1.5.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"RevivePress – Keep your Old Content Evergreen","vendor":"infosatech","versions":[{"lessThanOrEqual":"1.5.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Restaurant & Cafe Addon for Elementor","vendor":"nicheaddons","versions":[{"lessThanOrEqual":"1.5.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Send Users Email – Email Subscribers, Email Marketing Newsletter","vendor":"paretodigital","versions":[{"lessThanOrEqual":"1.5.10","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Unlimited Elements For Elementor","vendor":"unitecms","versions":[{"lessThanOrEqual":"1.5.140","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Role Based Pricing for Woo by Meow Crew","vendor":"meowcrew","versions":[{"lessThanOrEqual":"1.6.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Primary Addon for Elementor","vendor":"nicheaddons","versions":[{"lessThanOrEqual":"1.6.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Featured Images in RSS for Mailchimp & More","vendor":"5starplugins","versions":[{"lessThanOrEqual":"1.6.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI","vendor":"wpsaad","versions":[{"lessThanOrEqual":"1.6.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Message Filter for Contact Form 7","vendor":"kofimokome","versions":[{"lessThanOrEqual":"1.6.3.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Embedder for Google Reviews","vendor":"paretodigital","versions":[{"lessThanOrEqual":"1.6.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"MapGeo – Interactive Geo Maps","vendor":"interactivegeomaps","versions":[{"lessThanOrEqual":"1.6.22","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WPBITS Addons For Elementor Page Builder","vendor":"wpbits","versions":[{"lessThanOrEqual":"1.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Widgets on Pages","vendor":"toddhalfpenny","versions":[{"lessThanOrEqual":"1.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Spotlight Social Feeds – Block, Shortcode, and Widget","vendor":"rebelcode","versions":[{"lessThanOrEqual":"1.7.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms","vendor":"tobias_conrad","versions":[{"lessThanOrEqual":"1.7.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o","vendor":"webfactory","versions":[{"lessThanOrEqual":"1.7.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Text To Speech TTS Accessibility","vendor":"hasanazizul","versions":[{"lessThanOrEqual":"1.7.34","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Easy Age Verify","vendor":"5starplugins","versions":[{"lessThanOrEqual":"1.8.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"AI Puffer – Chat. Create. Automate. (formerly AI Power)","vendor":"senols","versions":[{"lessThanOrEqual":"1.8.99","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Justified Gallery","vendor":"damian-gora","versions":[{"lessThanOrEqual":"1.9.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Mapster WP Maps","vendor":"mapster","versions":[{"lessThanOrEqual":"1.9.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"StreamWeasels Twitch Integration","vendor":"streamweasels","versions":[{"lessThanOrEqual":"1.9.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"XT Variation Swatches for WooCommerce","vendor":"xplodedthemes","versions":[{"lessThanOrEqual":"1.9.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"bBlocks – Essential Gutenberg Blocks & Patterns Collection","vendor":"bplugins","versions":[{"lessThanOrEqual":"1.9.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"URL Shortify – Simple and Easy URL Shortener","vendor":"kaizencoders","versions":[{"lessThanOrEqual":"1.10.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce","vendor":"uriahs-victor","versions":[{"lessThanOrEqual":"1.10.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Geo Mashup","vendor":"cyberhobo","versions":[{"lessThanOrEqual":"1.13.15","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Disable Payment Methods based on cart conditions for WooCommerce","vendor":"josevega","versions":[{"lessThanOrEqual":"1.16.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Automatic Internal Links for SEO by Pagup","vendor":"pagup","versions":[{"lessThanOrEqual":"2.0.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Full Screen Background","vendor":"enweby","versions":[{"lessThanOrEqual":"2.0.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits","vendor":"litonice13","versions":[{"lessThanOrEqual":"2.0.7.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player","vendor":"princeahmed","versions":[{"lessThanOrEqual":"2.0.82","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Carousel, Recent Post Slider and Banner Slider","vendor":"spicethemes","versions":[{"lessThanOrEqual":"2.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)","vendor":"pagup","versions":[{"lessThanOrEqual":"2.1.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"XT Quick View for WooCommerce","vendor":"xplodedthemes","versions":[{"lessThanOrEqual":"2.1.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Smart phone field for Gravity Forms","vendor":"pluginscafe","versions":[{"lessThanOrEqual":"2.1.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar","vendor":"fooplugins","versions":[{"lessThanOrEqual":"2.1.34","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PDF Poster – Display PDF Files with Custom Viewer","vendor":"bplugins","versions":[{"lessThanOrEqual":"2.2.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Events Addon for Elementor","vendor":"nicheaddons","versions":[{"lessThanOrEqual":"2.2.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player","vendor":"bplugins","versions":[{"lessThanOrEqual":"2.2.27","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Glossary","vendor":"mte90","versions":[{"lessThanOrEqual":"2.2.38","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Restrict – membership, site, content and user access restrictions for WordPress","vendor":"tickera","versions":[{"lessThanOrEqual":"2.3.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Custom PHP Settings","vendor":"cyclonecode","versions":[{"lessThanOrEqual":"2.3.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Meta and Date Remover","vendor":"prasadkirpekar","versions":[{"lessThanOrEqual":"2.3.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Anti-Spam Protection – No API Key, GDPR Friendly","vendor":"fullworks","versions":[{"lessThanOrEqual":"2.3.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Premmerce Permalink Manager for WooCommerce","vendor":"premmerce","versions":[{"lessThanOrEqual":"2.3.11","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Music Player for Elementor – Audio Player & Podcast Player","vendor":"smartwpress","versions":[{"lessThanOrEqual":"2.4.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More","vendor":"mhmrajib","versions":[{"lessThanOrEqual":"2.4.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Ocean Extra","vendor":"oceanwp","versions":[{"lessThanOrEqual":"2.4.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Gallery by FooGallery","vendor":"fooplugins","versions":[{"lessThanOrEqual":"2.4.27","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Automatic YouTube Gallery","vendor":"plugins360","versions":[{"lessThanOrEqual":"2.5.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder","vendor":"spiderdevs","versions":[{"lessThanOrEqual":"2.5.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More","vendor":"samdani","versions":[{"lessThanOrEqual":"2.5.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Radio Station by netmix® – Manage and play your Show Schedule in WordPress!","vendor":"tonyzeoli","versions":[{"lessThanOrEqual":"2.5.9","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"StoreCustomizer – A plugin to Customize all WooCommerce Pages","vendor":"kaira","versions":[{"lessThanOrEqual":"2.5.9","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Joli Table Of Contents","vendor":"wpjoli","versions":[{"lessThanOrEqual":"2.6.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"GA4WP – Analytics Dashboard for the Website","vendor":"passionatebrains","versions":[{"lessThanOrEqual":"2.6.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Place Order Without Payment for WooCommerce","vendor":"nitin247","versions":[{"lessThanOrEqual":"2.6.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages","vendor":"wordplus","versions":[{"lessThanOrEqual":"2.6.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Share This Image","vendor":"mihail-barinov","versions":[{"lessThanOrEqual":"2.07","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Inavii Social Feed","vendor":"inavii","versions":[{"lessThanOrEqual":"2.7.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Lightbox & Modal Popup WordPress Plugin – FooBox","vendor":"fooplugins","versions":[{"lessThanOrEqual":"2.7.33","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"XT Floating Cart for WooCommerce","vendor":"xplodedthemes","versions":[{"lessThanOrEqual":"2.8.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Mobile Menu – The Mobile-Friendly Responsive Menu","vendor":"takanakui","versions":[{"lessThanOrEqual":"2.8.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization","vendor":"passionatebrains","versions":[{"lessThanOrEqual":"2.9.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Independent Analytics","vendor":"bensibley","versions":[{"lessThanOrEqual":"2.9.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Knowledge Base documentation & wiki plugin – BasePress Docs","vendor":"codesavory","versions":[{"lessThanOrEqual":"2.16.3.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Internal Link Juicer: SEO Auto Linker for WordPress","vendor":"davidanderson","versions":[{"lessThanOrEqual":"2.24.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Bulk Edit Posts and Products in Spreadsheet","vendor":"josevega","versions":[{"lessThanOrEqual":"2.25.16","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App","vendor":"saadiqbal","versions":[{"lessThanOrEqual":"3.0.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"TablePress – Tables in WordPress made easy","vendor":"tobiasbg","versions":[{"lessThanOrEqual":"3.0.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Ultimeter","vendor":"bouncingsprout","versions":[{"lessThanOrEqual":"3.0.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"TreePress – Easy Family Trees & Ancestor Profiles","vendor":"blackandwhitedigital","versions":[{"lessThanOrEqual":"3.0.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Pay For Post with WooCommerce","vendor":"mattpramschufer","versions":[{"lessThanOrEqual":"3.1.26","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Post to Google My Business (Google Business Profile)","vendor":"koen12344","versions":[{"lessThanOrEqual":"3.1.28","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Coupons and Deals – Coupon Plugin For Affiliate Marketers","vendor":"imtiazrayhan","versions":[{"lessThanOrEqual":"3.2.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Advanced Classifieds & Directory Pro","vendor":"pluginsware","versions":[{"lessThanOrEqual":"3.2.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Mixed Media Gallery Blocks","vendor":"gallerycreator","versions":[{"lessThanOrEqual":"3.2.4.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor","vendor":"blockspare","versions":[{"lessThanOrEqual":"3.2.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"AidWP – Donation & Payment Forms (Stripe Powered)","vendor":"mhmrajib","versions":[{"lessThanOrEqual":"3.2.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid","vendor":"infornweb","versions":[{"lessThanOrEqual":"3.2.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider","vendor":"pluginandplay","versions":[{"lessThanOrEqual":"3.2.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews","vendor":"samdani","versions":[{"lessThanOrEqual":"3.2.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Team Members Showcase","vendor":"wpspeedo","versions":[{"lessThanOrEqual":"3.3.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"EleSpare – News, Magazine and Blog Addons for Elementor","vendor":"elespare","versions":[{"lessThanOrEqual":"3.3.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Post List Designer – Category Post, Recent Post, Post List","vendor":"infornweb","versions":[{"lessThanOrEqual":"3.3.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News","vendor":"infornweb","versions":[{"lessThanOrEqual":"3.4.9","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"YASR – Yet Another Star Rating Plugin for WordPress","vendor":"dashlabsltd","versions":[{"lessThanOrEqual":"3.4.12","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WPIDE – File Manager & Code Editor","vendor":"xplodedthemes","versions":[{"lessThanOrEqual":"3.5.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Premmerce Product Filter for WooCommerce","vendor":"premmerce","versions":[{"lessThanOrEqual":"3.7.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars","vendor":"afthemes","versions":[{"lessThanOrEqual":"3.8.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Delete Posts automatically","vendor":"wpmagics","versions":[{"lessThanOrEqual":"3.9.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Menu Image, Icons made easy","vendor":"takanakui","versions":[{"lessThanOrEqual":"3.12","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"AWCA – The Great Analytics Insights for Your eStore","vendor":"passionatebrains","versions":[{"lessThanOrEqual":"3.12.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Announcement & Notification Banner – Bulletin","vendor":"mikewire_rocksolid","versions":[{"lessThanOrEqual":"3.12.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Thank You Page for WooCommerce","vendor":"nitin247","versions":[{"lessThanOrEqual":"4.2.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Contact Form 7 Multi-Step Forms","vendor":"webheadllc","versions":[{"lessThanOrEqual":"4.4.1","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Auto-Install Free SSL – Generate & Install Free SSL Certificates","vendor":"speedify","versions":[{"lessThanOrEqual":"4.5.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes","vendor":"mhmrajib","versions":[{"lessThanOrEqual":"4.6.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Easy Appointment Booking & Scheduling System – Webba Booking Calendar","vendor":"webba-agency","versions":[{"lessThanOrEqual":"5.0.57","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP fail2ban – Advanced Security","vendor":"invisnet","versions":[{"lessThanOrEqual":"5.3.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Ivory Search – WordPress Search Plugin","vendor":"vinod-dalvi","versions":[{"lessThanOrEqual":"5.5.8","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards","vendor":"peterschulznl","versions":[{"lessThanOrEqual":"5.5.31","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Coupon Affiliates – Affiliate Plugin for WooCommerce","vendor":"elliotvs","versions":[{"lessThanOrEqual":"5.17.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Security Ninja – WordPress Security & Firewall","vendor":"cleverplugins","versions":[{"lessThanOrEqual":"5.222","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Checkout with Cash App on WooCommerce","vendor":"theafricanboss","versions":[{"lessThanOrEqual":"6.0.2","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Display Eventbrite Events","vendor":"fullworks","versions":[{"lessThanOrEqual":"6.1.10","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins","vendor":"mohsinoffline","versions":[{"lessThanOrEqual":"6.1.13","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Easy Social Feed – Social Photos Gallery and Post Feed for WordPress","vendor":"sjaved","versions":[{"lessThanOrEqual":"6.6.5","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Shortcodes Plugin — Shortcodes Ultimate","vendor":"gn_themes","versions":[{"lessThanOrEqual":"7.3.3","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan","vendor":"gowebsmarty","versions":[{"lessThanOrEqual":"7.7.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto","vendor":"tripetto","versions":[{"lessThanOrEqual":"8.0.7","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Asaf Mozes"}],"descriptions":[{"lang":"en","value":"Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"metrics":[{"cvssV3_1":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-01T05:29:54.148Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js"},{"url":"https://plugins.trac.wordpress.org/changeset/3235286/"},{"url":"https://plugins.trac.wordpress.org/changeset/3249130/"},{"url":"https://plugins.trac.wordpress.org/changeset/3229060/"}],"timeline":[{"lang":"en","time":"2026-04-30T17:32:32.000Z","value":"Vendor Notified"},{"lang":"en","time":"2026-04-30T17:17:30.000Z","value":"Disclosed"}],"title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-13362","datePublished":"2026-05-01T05:29:54.148Z","dateReserved":"2025-01-13T18:08:47.439Z","dateUpdated":"2026-05-01T05:29:54.148Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-01 06:16:30","lastModifiedDate":"2026-05-01 06:16:30","problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"13362","Ordinal":"1","Title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting vi","CVE":"CVE-2024-13362","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"13362","Ordinal":"1","NoteData":"Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","Type":"Description","Title":"Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting vi"}]}}}