Atomic Edge Product

AI-Powered CVE Analysis for WordPress Plugins

We use AI to automate the differential analysis between vulnerable and patched plugin versions to understand and interpret the security issues. What we share here is research-grade proof of concept demonstrations that are then fed back into our endpoint firewall service.

WordPress Proof of Concepts

AI-assisted vulnerability analysis with PoC demonstration

medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (contact-form-7-multi-step-module)

CVE-2024-13362 affects the Contact Form 7 Multi Step Module (up to version 4.4.1) with a medium severity CVSS of 6.1. Patch to version 4.4.2 to mitigate reflected XSS risks from insufficient input sanitization.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (xt-woo-quick-view-lite)

CVE-2024-13362 affects Xt Woo Quick View Lite (up to v2.1.5) with a medium severity CVSS score of 6.1 due to reflected XSS. Update to v2.1.6 to mitigate risks from potential script injection attacks.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (woo-permalink-manager)

CVE-2024-13362 affects Woo Permalink Manager (v2.3.11) with a CVSS score of 6.1. This medium severity XSS vulnerability allows unauthenticated attackers to inject scripts via the 'url' parameter. Users should update to the patched version.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (go-fetch-jobs-wp-job-manager)

CVE-2024-13362 affects the Go Fetch Jobs plugin (up to version 1.8.4.8.1) with a medium severity (CVSS 6.1) reflected XSS vulnerability. Users should update to version 1.8.4.9 to mitigate potential attacks.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (woocommerce-pay-per-post)

CVE-2024-13362 affects the Woocommerce Pay Per Post plugin (v3.1.26) with a medium severity CVSS score of 6.1 due to reflected XSS vulnerabilities. Update to v3.1.28 to mitigate risks of script injection.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (post-to-google-my-business)

CVE-2024-13362 affects the Post To Google My Business plugin (v3.1.28) with a medium severity CVSS of 6.1 due to reflected XSS. Update to v3.2.2 to mitigate risks from unauthenticated script injection.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (post-slider-and-carousel)

CVE-2024-13362 affects the Post Slider And Carousel plugin (up to version 3.2.7) with a medium severity (CVSS 6.1) reflected XSS vulnerability. Users should update to version 3.2.9 to mitigate risks from potential attacks.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (internal-links)

CVE-2024-13362 affects the Internal Links plugin (v2.24.6) with a medium severity CVSS score of 6.1 due to cross-site scripting vulnerabilities. Users should update to version 2.25.2 to mitigate risks.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (advance-wc-analytics)

CVE-2024-13362 affects Advance Wc Analytics version 3.12.0 with a CVSS score of 6.1. This medium severity cross-site scripting vulnerability can be mitigated by updating to version 3.16.0.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (woo-floating-cart-lite)

CVE-2024-13362 affects Woo Floating Cart Lite (v2.8.4) with a medium severity (CVSS 6.1) cross-site scripting vulnerability. Users should upgrade to v2.8.5 to mitigate risks from potential script injections.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (premmerce-woocommerce-product-filter)

CVE-2024-13362 affects the Premmerce Woocommerce Product Filter plugin (v3.7.3) with a medium severity CVSS of 6.1. This cross-site scripting vulnerability requires user interaction to exploit. Patching is essential.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (wp-letsencrypt-ssl)

CVE-2024-13362 affects WP Letsencrypt Ssl version 7.7.0 with a medium severity (CVSS 6.1) reflected XSS vulnerability. Users should update to the patched version to mitigate risks associated with this flaw.
View Analysis
medium
May 9, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (alt-manager)

CVE-2024-13362 affects the Alt Manager plugin (v1.6.3) with a CVSS score of 6.1. This medium-severity XSS vulnerability allows attackers to inject scripts via URL parameters. Upgrade to v1.6.6 to mitigate risks.
View Analysis
medium
May 8, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (justified-gallery)

CVE-2024-13362 affects the Justified Gallery plugin (v1.9.0) with a medium severity CVSS score of 6.1. Users should upgrade to v1.10.0 to mitigate the reflected XSS risk from insufficient input sanitization.
View Analysis
medium
May 8, 2026

CVE-2026-8198: Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 – Unauthenticated Information Disclosure via REST API (logtivity)

CVE-2026-8198 affects the Logtivity plugin (up to version 3.3.6) with a medium severity (CVSS 5.3) authentication bypass vulnerability. Upgrade to version 3.3.7 to prevent unauthorized access to sensitive configuration data.
View Analysis
medium
May 8, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (remove-add-to-cart-woocommerce)

CVE-2024-13362 affects the Remove Add To Cart WooCommerce plugin (v1.4.7) with a medium severity CVSS score of 6.1. Unauthenticated attackers can exploit this XSS vulnerability, so ensure you update to the patched version.
View Analysis
medium
May 8, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (woo-authorize-net-gateway-aim)

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such…
View Analysis
medium
May 8, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (basepress)

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such…
View Analysis
medium
May 8, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (foobar-notifications-lite)

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such…
View Analysis
medium
May 8, 2026

CVE-2026-7652: LatePoint <= 5.5.0 – Unauthenticated Account Takeover via Weak Password Recovery Mechanism (latepoint)

CVE-2026-7652 affects the LatePoint plugin (up to v5.5.0) with a CVSS score of 5.3. It allows unauthenticated account takeover via weak password recovery. Update to v5.5.1 to mitigate this risk.
View Analysis

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet — inspecting, filtering, and blocking malicious traffic before it ever reaches
your application.

See How It Works