CVE-2024-13362 PUBLISHED

Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Assigner: Wordfence
Reserved: 13.01.2025 Published: 01.05.2026 Updated: 01.05.2026

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score: 6.1

Product Status

Vendor sebet
Product Go Fetch Jobs (for WP Job Manager)
Versions Default: unaffected
  • affected from 0 to 1.8.4.8.1 (incl.)
Vendor 5starplugins
Product Dynamic Copyright Year
Versions Default: unaffected
  • affected from 0 to 1.0.4 (incl.)
Vendor peterschulznl
Product Code Manager
Versions Default: unaffected
  • affected from 0 to 1.0.40 (incl.)
Vendor bplugins
Product Advanced Scrollbar – Custom Scrollbar Styling and Behavior
Versions Default: unaffected
  • affected from 0 to 1.1.3 (incl.)
Vendor yuvalo
Product Goal Tracker – Custom Event Tracking for GA4
Versions Default: unaffected
  • affected from 0 to 1.1.5 (incl.)
Vendor essekia
Product Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
Versions Default: unaffected
  • affected from 0 to 1.1.13 (incl.)
Vendor josevega
Product WP Page Templates
Versions Default: unaffected
  • affected from 0 to 1.1.16 (incl.)
Vendor hkdigitalagency
Product Payment Gateway for ACBA BANK
Versions Default: unaffected
  • affected from 0 to 1.2.6 (incl.)
Vendor princeahmed
Product Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress
Versions Default: unaffected
  • affected from 0 to 1.2.7 (incl.)
Vendor spiderdevs
Product Forumax – AI Powered Advanced Community Forum Plugin
Versions Default: unaffected
  • affected from 0 to 1.2.7 (incl.)
Vendor seezee
Product Five-Star Ratings Shortcode
Versions Default: unaffected
  • affected from 0 to 1.2.56 (incl.)
Vendor oxilab
Product Product Layouts for WooCommerce
Versions Default: unaffected
  • affected from 0 to 1.3.1 (incl.)
Vendor mr2p
Product Meta Field Block – Display custom fields in the Block Editor without coding
Versions Default: unaffected
  • affected from 0 to 1.3.3 (incl.)
Vendor themelocation
Product Custom WooCommerce Checkout Fields Editor
Versions Default: unaffected
  • affected from 0 to 1.3.4 (incl.)
Vendor 100plugins
Product Open User Map
Versions Default: unaffected
  • affected from 0 to 1.4.0 (incl.)
Vendor wpdever
Product WP Notification Bell
Versions Default: unaffected
  • affected from 0 to 1.4.2 (incl.)
Vendor themelocation
Product Remove Add to Cart WooCommerce
Versions Default: unaffected
  • affected from 0 to 1.4.7 (incl.)
Vendor princeahmed
Product File Manager for Google Drive – Integrate Google Drive
Versions Default: unaffected
  • affected from 0 to 1.4.9 (incl.)
Vendor 5starplugins
Product Marijuana Age Verify
Versions Default: unaffected
  • affected from 0 to 1.5.5 (incl.)
Vendor infosatech
Product RevivePress – Keep your Old Content Evergreen
Versions Default: unaffected
  • affected from 0 to 1.5.8 (incl.)
Vendor nicheaddons
Product Restaurant & Cafe Addon for Elementor
Versions Default: unaffected
  • affected from 0 to 1.5.8 (incl.)
Vendor paretodigital
Product Send Users Email – Email Subscribers, Email Marketing Newsletter
Versions Default: unaffected
  • affected from 0 to 1.5.10 (incl.)
Vendor unitecms
Product Unlimited Elements For Elementor
Versions Default: unaffected
  • affected from 0 to 1.5.140 (incl.)
Vendor meowcrew
Product Role Based Pricing for Woo by Meow Crew
Versions Default: unaffected
  • affected from 0 to 1.6.0 (incl.)
Vendor nicheaddons
Product Primary Addon for Elementor
Versions Default: unaffected
  • affected from 0 to 1.6.0 (incl.)
Vendor 5starplugins
Product Featured Images in RSS for Mailchimp & More
Versions Default: unaffected
  • affected from 0 to 1.6.3 (incl.)
Vendor wpsaad
Product Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI
Versions Default: unaffected
  • affected from 0 to 1.6.3 (incl.)
Vendor kofimokome
Product Message Filter for Contact Form 7
Versions Default: unaffected
  • affected from 0 to 1.6.3.2 (incl.)
Vendor paretodigital
Product Embedder for Google Reviews
Versions Default: unaffected
  • affected from 0 to 1.6.6 (incl.)
Vendor interactivegeomaps
Product MapGeo – Interactive Geo Maps
Versions Default: unaffected
  • affected from 0 to 1.6.22 (incl.)
Vendor wpbits
Product WPBITS Addons For Elementor Page Builder
Versions Default: unaffected
  • affected from 0 to 1.7 (incl.)
Vendor toddhalfpenny
Product Widgets on Pages
Versions Default: unaffected
  • affected from 0 to 1.7 (incl.)
Vendor rebelcode
Product Spotlight Social Feeds – Block, Shortcode, and Widget
Versions Default: unaffected
  • affected from 0 to 1.7.0 (incl.)
Vendor tobias_conrad
Product WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms
Versions Default: unaffected
  • affected from 0 to 1.7.0 (incl.)
Vendor webfactory
Product AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o
Versions Default: unaffected
  • affected from 0 to 1.7.2 (incl.)
Vendor hasanazizul
Product Text To Speech TTS Accessibility
Versions Default: unaffected
  • affected from 0 to 1.7.34 (incl.)
Vendor 5starplugins
Product Easy Age Verify
Versions Default: unaffected
  • affected from 0 to 1.8.5 (incl.)
Vendor senols
Product AI Puffer – Chat. Create. Automate. (formerly AI Power)
Versions Default: unaffected
  • affected from 0 to 1.8.99 (incl.)
Vendor damian-gora
Product Justified Gallery
Versions Default: unaffected
  • affected from 0 to 1.9.0 (incl.)
Vendor mapster
Product Mapster WP Maps
Versions Default: unaffected
  • affected from 0 to 1.9.0 (incl.)
Vendor streamweasels
Product StreamWeasels Twitch Integration
Versions Default: unaffected
  • affected from 0 to 1.9.2 (incl.)
Vendor xplodedthemes
Product XT Variation Swatches for WooCommerce
Versions Default: unaffected
  • affected from 0 to 1.9.4 (incl.)
Vendor bplugins
Product bBlocks – Essential Gutenberg Blocks & Patterns Collection
Versions Default: unaffected
  • affected from 0 to 1.9.8 (incl.)
Vendor kaizencoders
Product URL Shortify – Simple and Easy URL Shortener
Versions Default: unaffected
  • affected from 0 to 1.10.4 (incl.)
Vendor uriahs-victor
Product Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
Versions Default: unaffected
  • affected from 0 to 1.10.6 (incl.)
Vendor cyberhobo
Product Geo Mashup
Versions Default: unaffected
  • affected from 0 to 1.13.15 (incl.)
Vendor josevega
Product Disable Payment Methods based on cart conditions for WooCommerce
Versions Default: unaffected
  • affected from 0 to 1.16.3 (incl.)
Vendor pagup
Product Automatic Internal Links for SEO by Pagup
Versions Default: unaffected
  • affected from 0 to 2.0.0 (incl.)
Vendor enweby
Product Full Screen Background
Versions Default: unaffected
  • affected from 0 to 2.0.2 (incl.)
Vendor litonice13
Product Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits
Versions Default: unaffected
  • affected from 0 to 2.0.7.2 (incl.)
Vendor princeahmed
Product Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player
Versions Default: unaffected
  • affected from 0 to 2.0.82 (incl.)
Vendor spicethemes
Product Carousel, Recent Post Slider and Banner Slider
Versions Default: unaffected
  • affected from 0 to 2.1 (incl.)
Vendor pagup
Product Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)
Versions Default: unaffected
  • affected from 0 to 2.1.0 (incl.)
Vendor xplodedthemes
Product XT Quick View for WooCommerce
Versions Default: unaffected
  • affected from 0 to 2.1.5 (incl.)
Vendor pluginscafe
Product Smart phone field for Gravity Forms
Versions Default: unaffected
  • affected from 0 to 2.1.6 (incl.)
Vendor fooplugins
Product Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar
Versions Default: unaffected
  • affected from 0 to 2.1.34 (incl.)
Vendor bplugins
Product PDF Poster – Display PDF Files with Custom Viewer
Versions Default: unaffected
  • affected from 0 to 2.2.0 (incl.)
Vendor nicheaddons
Product Events Addon for Elementor
Versions Default: unaffected
  • affected from 0 to 2.2.2 (incl.)
Vendor bplugins
Product HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player
Versions Default: unaffected
  • affected from 0 to 2.2.27 (incl.)
Vendor mte90
Product Glossary
Versions Default: unaffected
  • affected from 0 to 2.2.38 (incl.)
Vendor tickera
Product Restrict – membership, site, content and user access restrictions for WordPress
Versions Default: unaffected
  • affected from 0 to 2.3.0 (incl.)
Vendor cyclonecode
Product Custom PHP Settings
Versions Default: unaffected
  • affected from 0 to 2.3.1 (incl.)
Vendor prasadkirpekar
Product WP Meta and Date Remover
Versions Default: unaffected
  • affected from 0 to 2.3.4 (incl.)
Vendor fullworks
Product Anti-Spam Protection – No API Key, GDPR Friendly
Versions Default: unaffected
  • affected from 0 to 2.3.7 (incl.)
Vendor premmerce
Product Premmerce Permalink Manager for WooCommerce
Versions Default: unaffected
  • affected from 0 to 2.3.11 (incl.)
Vendor smartwpress
Product Music Player for Elementor – Audio Player & Podcast Player
Versions Default: unaffected
  • affected from 0 to 2.4.1 (incl.)
Vendor mhmrajib
Product TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More
Versions Default: unaffected
  • affected from 0 to 2.4.1 (incl.)
Vendor oceanwp
Product Ocean Extra
Versions Default: unaffected
  • affected from 0 to 2.4.2 (incl.)
Vendor fooplugins
Product Gallery by FooGallery
Versions Default: unaffected
  • affected from 0 to 2.4.27 (incl.)
Vendor plugins360
Product Automatic YouTube Gallery
Versions Default: unaffected
  • affected from 0 to 2.5.5 (incl.)
Vendor spiderdevs
Product EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder
Versions Default: unaffected
  • affected from 0 to 2.5.7 (incl.)
Vendor samdani
Product Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
Versions Default: unaffected
  • affected from 0 to 2.5.8 (incl.)
Vendor tonyzeoli
Product Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
Versions Default: unaffected
  • affected from 0 to 2.5.9 (incl.)
Vendor kaira
Product StoreCustomizer – A plugin to Customize all WooCommerce Pages
Versions Default: unaffected
  • affected from 0 to 2.5.9 (incl.)
Vendor wpjoli
Product Joli Table Of Contents
Versions Default: unaffected
  • affected from 0 to 2.6.0 (incl.)
Vendor passionatebrains
Product GA4WP – Analytics Dashboard for the Website
Versions Default: unaffected
  • affected from 0 to 2.6.0 (incl.)
Vendor nitin247
Product Place Order Without Payment for WooCommerce
Versions Default: unaffected
  • affected from 0 to 2.6.5 (incl.)
Vendor wordplus
Product Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages
Versions Default: unaffected
  • affected from 0 to 2.6.7 (incl.)
Vendor mihail-barinov
Product Share This Image
Versions Default: unaffected
  • affected from 0 to 2.07 (incl.)
Vendor inavii
Product Inavii Social Feed
Versions Default: unaffected
  • affected from 0 to 2.7.0 (incl.)
Vendor fooplugins
Product Lightbox & Modal Popup WordPress Plugin – FooBox
Versions Default: unaffected
  • affected from 0 to 2.7.33 (incl.)
Vendor xplodedthemes
Product XT Floating Cart for WooCommerce
Versions Default: unaffected
  • affected from 0 to 2.8.4 (incl.)
Vendor takanakui
Product WP Mobile Menu – The Mobile-Friendly Responsive Menu
Versions Default: unaffected
  • affected from 0 to 2.8.6 (incl.)
Vendor passionatebrains
Product AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization
Versions Default: unaffected
  • affected from 0 to 2.9.2 (incl.)
Vendor bensibley
Product Independent Analytics
Versions Default: unaffected
  • affected from 0 to 2.9.7 (incl.)
Vendor codesavory
Product Knowledge Base documentation & wiki plugin – BasePress Docs
Versions Default: unaffected
  • affected from 0 to 2.16.3.3 (incl.)
Vendor davidanderson
Product Internal Link Juicer: SEO Auto Linker for WordPress
Versions Default: unaffected
  • affected from 0 to 2.24.6 (incl.)
Vendor josevega
Product Bulk Edit Posts and Products in Spreadsheet
Versions Default: unaffected
  • affected from 0 to 2.25.16 (incl.)
Vendor saadiqbal
Product Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
Versions Default: unaffected
  • affected from 0 to 3.0.0 (incl.)
Vendor tobiasbg
Product TablePress – Tables in WordPress made easy
Versions Default: unaffected
  • affected from 0 to 3.0.2 (incl.)
Vendor bouncingsprout
Product Ultimeter
Versions Default: unaffected
  • affected from 0 to 3.0.5 (incl.)
Vendor blackandwhitedigital
Product TreePress – Easy Family Trees & Ancestor Profiles
Versions Default: unaffected
  • affected from 0 to 3.0.6 (incl.)
Vendor mattpramschufer
Product Pay For Post with WooCommerce
Versions Default: unaffected
  • affected from 0 to 3.1.26 (incl.)
Vendor koen12344
Product Post to Google My Business (Google Business Profile)
Versions Default: unaffected
  • affected from 0 to 3.1.28 (incl.)
Vendor imtiazrayhan
Product WP Coupons and Deals – Coupon Plugin For Affiliate Marketers
Versions Default: unaffected
  • affected from 0 to 3.2.2 (incl.)
Vendor pluginsware
Product Advanced Classifieds & Directory Pro
Versions Default: unaffected
  • affected from 0 to 3.2.4 (incl.)
Vendor gallerycreator
Product Mixed Media Gallery Blocks
Versions Default: unaffected
  • affected from 0 to 3.2.4.4 (incl.)
Vendor blockspare
Product BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
Versions Default: unaffected
  • affected from 0 to 3.2.6 (incl.)
Vendor mhmrajib
Product AidWP – Donation & Payment Forms (Stripe Powered)
Versions Default: unaffected
  • affected from 0 to 3.2.6 (incl.)
Vendor infornweb
Product Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid
Versions Default: unaffected
  • affected from 0 to 3.2.7 (incl.)
Vendor pluginandplay
Product Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider
Versions Default: unaffected
  • affected from 0 to 3.2.7 (incl.)
Vendor samdani
Product Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews
Versions Default: unaffected
  • affected from 0 to 3.2.8 (incl.)
Vendor wpspeedo
Product Team Members Showcase
Versions Default: unaffected
  • affected from 0 to 3.3.0 (incl.)
Vendor elespare
Product EleSpare – News, Magazine and Blog Addons for Elementor
Versions Default: unaffected
  • affected from 0 to 3.3.2 (incl.)
Vendor infornweb
Product Post List Designer – Category Post, Recent Post, Post List
Versions Default: unaffected
  • affected from 0 to 3.3.7 (incl.)
Vendor infornweb
Product Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News
Versions Default: unaffected
  • affected from 0 to 3.4.9 (incl.)
Vendor dashlabsltd
Product YASR – Yet Another Star Rating Plugin for WordPress
Versions Default: unaffected
  • affected from 0 to 3.4.12 (incl.)
Vendor xplodedthemes
Product WPIDE – File Manager & Code Editor
Versions Default: unaffected
  • affected from 0 to 3.5.1 (incl.)
Vendor premmerce
Product Premmerce Product Filter for WooCommerce
Versions Default: unaffected
  • affected from 0 to 3.7.3 (incl.)
Vendor afthemes
Product WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars
Versions Default: unaffected
  • affected from 0 to 3.8.3 (incl.)
Vendor wpmagics
Product Delete Posts automatically
Versions Default: unaffected
  • affected from 0 to 3.9.6 (incl.)
Vendor takanakui
Product Menu Image, Icons made easy
Versions Default: unaffected
  • affected from 0 to 3.12 (incl.)
Vendor passionatebrains
Product AWCA – The Great Analytics Insights for Your eStore
Versions Default: unaffected
  • affected from 0 to 3.12.0 (incl.)
Vendor mikewire_rocksolid
Product Announcement & Notification Banner – Bulletin
Versions Default: unaffected
  • affected from 0 to 3.12.1 (incl.)
Vendor nitin247
Product Thank You Page for WooCommerce
Versions Default: unaffected
  • affected from 0 to 4.2.0 (incl.)
Vendor webheadllc
Product Contact Form 7 Multi-Step Forms
Versions Default: unaffected
  • affected from 0 to 4.4.1 (incl.)
Vendor speedify
Product Auto-Install Free SSL – Generate & Install Free SSL Certificates
Versions Default: unaffected
  • affected from 0 to 4.5.0 (incl.)
Vendor mhmrajib
Product WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes
Versions Default: unaffected
  • affected from 0 to 4.6.8 (incl.)
Vendor webba-agency
Product Easy Appointment Booking & Scheduling System – Webba Booking Calendar
Versions Default: unaffected
  • affected from 0 to 5.0.57 (incl.)
Vendor invisnet
Product WP fail2ban – Advanced Security
Versions Default: unaffected
  • affected from 0 to 5.3.4 (incl.)
Vendor vinod-dalvi
Product Ivory Search – WordPress Search Plugin
Versions Default: unaffected
  • affected from 0 to 5.5.8 (incl.)
Vendor peterschulznl
Product WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards
Versions Default: unaffected
  • affected from 0 to 5.5.31 (incl.)
Vendor elliotvs
Product Coupon Affiliates – Affiliate Plugin for WooCommerce
Versions Default: unaffected
  • affected from 0 to 5.17.2 (incl.)
Vendor cleverplugins
Product Security Ninja – WordPress Security & Firewall
Versions Default: unaffected
  • affected from 0 to 5.222 (incl.)
Vendor theafricanboss
Product Checkout with Cash App on WooCommerce
Versions Default: unaffected
  • affected from 0 to 6.0.2 (incl.)
Vendor fullworks
Product Display Eventbrite Events
Versions Default: unaffected
  • affected from 0 to 6.1.10 (incl.)
Vendor mohsinoffline
Product Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins
Versions Default: unaffected
  • affected from 0 to 6.1.13 (incl.)
Vendor sjaved
Product Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
Versions Default: unaffected
  • affected from 0 to 6.6.5 (incl.)
Vendor gn_themes
Product WP Shortcodes Plugin — Shortcodes Ultimate
Versions Default: unaffected
  • affected from 0 to 7.3.3 (incl.)
Vendor gowebsmarty
Product WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan
Versions Default: unaffected
  • affected from 0 to 7.7.0 (incl.)
Vendor tripetto
Product WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
Versions Default: unaffected
  • affected from 0 to 8.0.7 (incl.)

Credits

  • Asaf Mozes finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE