Description

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

INFO

Published Date :

2026-05-01T05:29:54.148Z

Last Modified :

2026-05-01T13:23:26.723Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-13362 vulnerability.

Vendors Products
100plugins
  • Open User Map
5starplugins
  • Dynamic Copyright Year
  • Easy Age Verify
  • Featured Images In Rss For Mailchimp & More
Afthemes
  • Wp Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars
Bensibley
  • Independent Analytics
Blackandwhitedigital
  • Treepress – Easy Family Trees & Ancestor Profiles
Blockspare
  • Blockspare — News, Magazine And Blog Addons For (gutenberg) Block Editor
Bouncingsprout
  • Ultimeter
Bplugins
  • Advanced Scrollbar – Custom Scrollbar Styling And Behavior
  • Bblocks – Essential Gutenberg Blocks & Patterns Collection
  • Html5 Audio Player – The Ultimate No-code Podcast, Mp3 & Audio Player
  • Pdf Poster – Display Pdf Files With Custom Viewer
Bulletin
  • Announcement & Notification Banner - Bulletin
Cleverplugins
  • Security Ninja – Wordpress Security & Firewall
Codesavory
  • Knowledge Base Documentation & Wiki Plugin – Basepress Docs
Cyberhobo
  • Geo Mashup
Cyclonecode
  • Custom Php Settings
Damian-gora
  • Justified Gallery
Dashlabsltd
  • Yasr – Yet Another Star Rating Plugin For Wordpress
Davidanderson
  • Internal Link Juicer: Seo Auto Linker For Wordpress
Elespare
  • Elespare – News, Magazine And Blog Addons For Elementor
Elliotvs
  • Coupon Affiliates – Affiliate Plugin For Woocommerce
Enweby
  • Full Screen Background
Essekia
  • Tablesome Table – Contact Form Db – Wpforms, Cf7, Gravity, Forminator, Fluent
Fooplugins
  • Gallery By Foogallery
  • Lightbox & Modal Popup Wordpress Plugin – Foobox
  • Notification Bar, Announcement And Cookie Notice Wordpress Plugin – Foobar
Fullworks
  • Anti-spam Protection – No Api Key, Gdpr Friendly
  • Display Eventbrite Events
Gallerycreator
  • Mixed Media Gallery Blocks
Gn Themes
  • Wp Shortcodes Plugin — Shortcodes Ultimate
Gowebsmarty
  • Wp Encryption – One Click Free Ssl Certificate & Ssl / Https Redirect, Security & Ssl Scan
Hasanazizul
  • Text To Speech Tts Accessibility
Hkdigitalagency
  • Payment Gateway For Telcell
Imtiazrayhan
  • Wp Coupons And Deals – Coupon Plugin For Affiliate Marketers
Inavii
  • Inavii Social Feed
Infornweb
  • Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News
  • Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid
  • Post List Designer – Category Post, Recent Post, Post List
Infosatech
  • Revivepress – Keep Your Old Content Evergreen
Interactive Geo Maps Project
  • Interactive Geo Maps
Invisnet
  • Wp Fail2ban – Advanced Security
Josevega
  • Bulk Edit Posts And Products In Spreadsheet
  • Disable Payment Methods Based On Cart Conditions For Woocommerce
  • Wp Page Templates
Kaira
  • Storecustomizer – A Plugin To Customize All Woocommerce Pages
Kaizencoders
  • Url Shortify – Simple And Easy Url Shortener
Koen12344
  • Post To Google My Business (google Business Profile)
Kofimokome
  • Message Filter For Contact Form 7
Litonice13
  • Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits
Mapster
  • Mapster Wp Maps
Mattpramschufer
  • Pay For Post With Woocommerce
Meowcrew
  • Role Based Pricing For Woo By Meow Crew
Mhmrajib
  • Aidwp – Donation & Payment Forms (stripe Powered)
  • Topnewswp – Display Tikcer News, Rss Feed Widget And Many More
  • Wp Books Gallery – Build Stunning Book Showcases & Libraries In Minutes
Mihail Barinov
  • Share This Image
Mohsinoffline
  • Secure Gateway For Authorize.net And Woocommerce By Pledged Plugins
Mr2p
  • Meta Field Block – Display Custom Fields In The Block Editor Without Coding
Mte90
  • Glossary
Nicheaddons
  • Events Addon For Elementor
  • Primary Addon For Elementor
  • Restaurant & Cafe Addon For Elementor
Nitin247
  • Place Order Without Payment For Woocommerce
  • Thank You Page For Woocommerce
Oceanwp
  • Ocean Extra
Oxilab
  • Product Layouts For Woocommerce
Pagup
  • Automatic Internal Links For Seo By Pagup
  • Bulk Auto Image Alt Text (alt Tag, Alt Attribute) Optimizer (image Seo)
Pareto Digital
  • Embedder For Google Reviews
Paretodigital
  • Send Users Email – Email Subscribers, Email Marketing Newsletter
Passionatebrains
  • Aeh Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization
  • Awca – The Great Analytics Insights For Your Estore
  • Ga4wp – Analytics Dashboard For The Website
Peterschulznl
  • Code Manager
  • Wp Data Access – No-code App Builder With Tables, Forms, Charts & Maps
Pluginandplay
  • Post Slider And Post Carousel With Post Vertical Scrolling Widget – A Responsive Post Slider
Plugins360
  • Automatic Youtube Gallery
Pluginscafe
  • Smart Phone Field For Gravity Forms
Pluginsware
  • Advanced Classifieds & Directory Pro
Prasadkirpekar
  • Wp Meta And Date Remover
Premmerce
  • Permalink Manager For Woocommerce
  • Premmerce Product Filter For Woocommerce
Princeahmed
  • Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode For Wordpress
  • File Manager For Google Drive – Integrate Google Drive
  • Radio Player Live Shout Cast Ice Cast And Any Audio Stream Player For Wordpress
Rebelcode
  • Spotlight Social Feeds – Block, Shortcode, And Widget
Saadiqbal
  • Post Smtp – Complete Email Deliverability And Smtp Solution With Email Logs, Alerts, Backup Smtp & Mobile App
Samdani
  • Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews
  • Team Members – A Wordpress Team Plugin With Gallery, Grid, Carousel, Slider, Table, List, And More
Sebet
  • Go Fetch Jobs (for Wp Job Manager)
Seezee
  • Five-star Ratings Shortcode
Senols
  • Ai Puffer – Chat. Create. Automate. (formerly Ai Power)
Sjaved
  • Easy Social Feed – Social Photos Gallery And Post Feed For Wordpress
Smartwpress
  • Music Player For Elementor – Audio Player & Podcast Player
Speedify
  • Auto-install Free Ssl – Generate & Install Free Ssl Certificates
Spicethemes
  • Carousel, Recent Post Slider And Banner Slider
Spiderdevs
  • Eazydocs – Ai Powered Knowledge Base, Wiki, Documentation & Faq Builder
  • Forumax – Ai Powered Advanced Community Forum Plugin
Streamweasels
  • Twitch Integration
Takanakui
  • Menu Image, Icons Made Easy
  • Wp Mobile Menu – The Mobile-friendly Responsive Menu
Theafricanboss
  • Checkout With Cash App On Woocommerce
Themelocation
  • Custom Woocommerce Checkout Fields Editor
  • Remove Add To Cart Woocommerce
Tickera
  • Restrict – Membership, Site, Content And User Access Restrictions For Wordpress
Tobias Conrad
  • Wow Styler For Cf7 – Visual Styler For Contact Form 7 Forms
Tobiasbg
  • Tablepress – Tables In Wordpress Made Easy
Toddhalfpenny
  • Widgets On Pages
Tonyzeoli
  • Radio Station By Netmix® – Manage And Play Your Show Schedule In Wordpress!
Tripetto
  • Wordpress Form Builder Plugin For Contact Forms, Surveys And Quizzes – Tripetto
Unitecms
  • Unlimited Elements For Elementor
Uriahs-victor
  • Kikote – Location Picker At Checkout & Google Address Autofill Plugin For Woocommerce
Vinod-dalvi
  • Ivory Search – Wordpress Search Plugin
Webba-agency
  • Easy Appointment Booking & Scheduling System – Webba Booking Calendar
Webfactory
  • Ai Bud – Ai Content Generator, Ai Chatbot, Chatgpt, Gemini, Gpt-4o
Webheadllc
  • Contact Form 7 Multi-step Forms
Wordplus
  • Better Messages – Live Chat, Chat Rooms, Real-time Messaging & Private Messages
Wordpress
  • Wordpress
Wpbits
  • Wpbits Addons For Elementor Page Builder
Wpdever
  • Wp Notification Bell
Wpjoli
  • Joli Table Of Contents
Wpmagics
  • Delete Posts Automatically
Wpsaad
  • Image Alt Text Manager – Bulk & Dynamic Alt Tags For Image Seo Optimization + Ai
Wpspeedo
  • Team Members Showcase
Xplodedthemes
  • Wpide - File Manager & Code Editor
  • Xt Floating Cart For Woocommerce
  • Xt Quick View For Woocommerce
Yuvalo
  • Goal Tracker – Custom Event Tracking For Ga4
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-13362.

URL Resource
https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset/3229060/ cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset/3235286/ cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset/3249130/ cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact