In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 269 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 90 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.
Table of Contents
- 1. WordPress Core
- 2. WordPress Plugins — 248 Patched / 21 Unpatched
- 2.1
Auto Featured Image (Auto Post Thumbnail)
- 2.2
FameTheme Demo Importer
- 2.3
Piotnet Addons For Elementor
- 2.4
AGCA – Custom Dashboard & Login Page
- 2.5
Serious Slider
- 2.6
Meks Smart Social Widget
- 2.7
Xserver Migrator
- 2.8
Annual Archive
- 2.9
rtMedia for WordPress, BuddyPress and bbPress
- 2.10
ClickCease Click Fraud Protection
- 2.11
Democracy Poll
- 2.12
Login Logout Register Menu
- 2.13
Meks ThemeForest Smart Widget
- 2.14
Print-O-Matic
- 2.15
Smart Recent Posts Widget
- 2.16
CM Tooltip Glossary
- 2.17
Customify Site Library
- 2.18
WordPress Ad Widget
- 2.19
PopupAlly
- 2.20
Pretty Google Calendar
- 2.21
Fan Page Widget by ThemeNcode
- 2.22
Filterable Portfolio
- 2.23
Share This Image
- 2.24
Smart Maintenance Mode
- 2.25
ENL Newsletter
- 2.26
ENL Newsletter
- 2.27
ENL Newsletter
- 2.28
Advanced Search
- 2.29
Advanced Most Recent Posts Mod
- 2.30
Advanced Post List
- 2.31
AJAX Login and Registration modal popup + inline form
- 2.32
Element Pack Pro
- 2.33
CF7 File Download – File Download for CF7
- 2.34
Client Dash
- 2.35
Contact Form 7 Extension For Mailchimp
- 2.36
CPO Companion
- 2.37
Crelly Slider
- 2.38
Easy Set Favicon
- 2.39
Embed Google Fonts
- 2.40
XStore Core
- 2.41
XStore Core
- 2.42
XStore Core
- 2.43
XStore Core
- 2.44
XStore Core
- 2.45
XStore Core
- 2.46
XStore Core
- 2.47
XStore Core
- 2.48
Giphypress
- 2.49
GWP-Histats
- 2.50
JW Player for WordPress
- 2.51
MF Gig Calendar
- 2.52
Mini Loops
- 2.53
Opal Widgets For Elementor
- 2.54
CodeBard’s Patron Button and Widgets for Patreon
- 2.55
PB MailCrypt
- 2.56
Piotnet Addons For Elementor Pro
- 2.57
Piotnet Addons For Elementor Pro
- 2.58
Piotnet Addons For Elementor Pro
- 2.59
Piotnet Addons For Elementor Pro
- 2.60
Piotnet Addons For Elementor Pro
- 2.61
Progressive WordPress (PWA)
- 2.62
Realtyna Organic IDX plugin
- 2.63
Recencio Book Reviews
- 2.64
Regenerate post permalink
- 2.65
School Management Pro
- 2.66
Shortcode Addons
- 2.67
Sliding Widgets
- 2.68
Social Share Buttons by Supsystic
- 2.69
Solid Affiliate
- 2.70
SP Project & Document Manager
- 2.71
Sticky Anything
- 2.72
WidgetKit
- 2.73
WZone
- 2.74
WZone
- 2.75
WZone
- 2.76
WZone
- 2.77
WZone
- 2.78
WZone
- 2.79
WP GDPR Compliance
- 2.80
WP Masquerade
- 2.81
WP Page Post Widget Clone
- 2.82
WTI Like Post
- 2.83
XforWooCommerce
- 2.84
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
- 2.85
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- 2.86
Rank Math SEO with AI Best SEO Tools
- 2.87
ElementsKit Elementor addons and Templates Library
- 2.88
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
- 2.89
Premium Addons for Elementor
- 2.90
Premium Addons for Elementor
- 2.91
Spectra – WordPress Gutenberg Blocks
- 2.92
Contact Form 7 Database Addon – CFDB7
- 2.93
WP Shortcodes Plugin — Shortcodes Ultimate
- 2.94
Happy Addons for Elementor
- 2.95
Duplicate Post
- 2.96
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
- 2.97
Royal Elementor Addons and Templates
- 2.98
Royal Elementor Addons and Templates
- 2.99
PDF Invoices & Packing Slips for WooCommerce
- 2.100
PDF Invoices & Packing Slips for WooCommerce
- 2.101
Call Now Button – The #1 Click to Call Button for WordPress
- 2.102
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
- 2.103
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
- 2.104
Jeg Elementor Kit
- 2.105
Jeg Elementor Kit
- 2.106
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- 2.107
Qi Addons For Elementor
- 2.108
YITH WooCommerce Compare
- 2.109
Elementor Addon Elements
- 2.110
BackUpWordPress
- 2.111
Colibri Page Builder
- 2.112
Colibri Page Builder
- 2.113
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
- 2.114
FileOrganizer – Manage WordPress and Website Files
- 2.115
Table Rate Shipping Method for WooCommerce by Flexible Shipping
- 2.116
HT Mega – Absolute Addons For Elementor
- 2.117
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
- 2.118
Social Sharing Plugin – Sassy Social Share
- 2.119
Schema & Structured Data for WP & AMP
- 2.120
Strong Testimonials
- 2.121
Social Media Share Buttons & Social Sharing Icons
- 2.122
WP Chat App
- 2.123
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- 2.124
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- 2.125
VK Block Patterns
- 2.126
WP STAGING WordPress Backup Plugin – Migration Backup Restore
- 2.127
Backup Migration
- 2.128
Import and export users and customers
- 2.129
MainWP Child Reports
- 2.130
Tutor LMS – eLearning and online course solution
- 2.131
Tutor LMS – eLearning and online course solution
- 2.132
WP SMTP
- 2.133
WP ULike – Most Advanced WordPress Marketing Toolkit
- 2.134
WP ULike – Most Advanced WordPress Marketing Toolkit
- 2.135
WP ULike – Most Advanced WordPress Marketing Toolkit
- 2.136
Comments – wpDiscuz
- 2.137
Database for Contact Form 7, WPforms, Elementor forms
- 2.138
Media Cleaner: Clean your WordPress!
- 2.139
Export and Import Users and Customers
- 2.140
Blog2Social: Social Media Auto Post & Scheduler
- 2.141
Exclusive Addons for Elementor
- 2.142
Exclusive Addons for Elementor
- 2.143
Exclusive Addons for Elementor
- 2.144
Getwid – Gutenberg Blocks
- 2.145
FOX – Currency Switcher Professional for WooCommerce
- 2.146
WP-Members Membership Plugin
- 2.147
Enhanced Text Widget
- 2.148
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- 2.149
Collapse-O-Matic
- 2.150
Quick Featured Images
- 2.151
Simple Membership
- 2.152
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- 2.153
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- 2.154
Simply Static
- 2.155
Print Invoice & Delivery Notes for WooCommerce
- 2.156
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- 2.157
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- 2.158
AGCA – Custom Dashboard & Login Page
- 2.159
Popup Box – Best WordPress Popup Plugin
- 2.160
FV Flowplayer Video Player
- 2.161
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- 2.162
Timetable and Event Schedule by MotoPress
- 2.163
Social Sharing Plugin – Social Warfare
- 2.164
VOD Infomaniak
- 2.165
WP Google Review Slider
- 2.166
Hide Dashboard Notifications
- 2.167
Appointment Hour Booking – WordPress Booking Plugin
- 2.168
Payment Gateway Based Fees and Discounts for WooCommerce
- 2.169
Data Tables Generator by Supsystic
- 2.170
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
- 2.171
Pricing Table by Supsystic
- 2.172
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- 2.173
Rate My Post – Star Rating Plugin by FeedbackWP
- 2.174
Secure Copy Content Protection and Content Locking
- 2.175
Secure Copy Content Protection and Content Locking
- 2.176
Social Share Icons & Social Share Buttons
- 2.177
Social Share Icons & Social Share Buttons
- 2.178
Video Conferencing with Zoom
- 2.179
Product Addons & Fields for WooCommerce
- 2.180
Brevo for WooCommerce
- 2.181
WPZOOM Addons for Elementor (Templates, Widgets)
- 2.182
Advanced Floating Content Lite
- 2.183
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- 2.184
rtMedia for WordPress, BuddyPress and bbPress
- 2.185
Classified Listing – Classified ads & Business Directory Plugin
- 2.186
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
- 2.187
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
- 2.188
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
- 2.189
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- 2.190
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
- 2.191
SSL Mixed Content Fix
- 2.192
List Custom Taxonomy Widget
- 2.193
Page Builder: Live Composer
- 2.194
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
- 2.195
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- 2.196
Pop-up
- 2.197
Five Star Restaurant Reservations – WordPress Booking Plugin
- 2.198
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
- 2.199
RomethemeKit For Elementor
- 2.200
RomethemeKit For Elementor
- 2.201
Send PDF for Contact Form 7
- 2.202
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
- 2.203
Ultimate Posts Widget
- 2.204
Easy Accept Payments via PayPal
- 2.205
WP Datepicker
- 2.206
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
- 2.207
WP Travel Engine – Best Travel Booking WordPress Plugin
- 2.208
Arconix FAQ
- 2.209
FG Joomla to WordPress
- 2.210
RomethemeForm For Elementor
- 2.211
Smart Forms – when you need more than just a contact form
- 2.212
Smart Forms – when you need more than just a contact form
- 2.213
WP LinkedIn Auto Publish
- 2.214
WordPress Backup & Migration
- 2.215
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- 2.216
Maintenance Mode
- 2.217
WPC Composite Products for WooCommerce
- 2.218
ProfileGrid – User Profiles, Memberships, Groups and Communities
- 2.219
ProfileGrid – User Profiles, Memberships, Groups and Communities
- 2.220
ProfileGrid – User Profiles, Memberships, Groups and Communities
- 2.221
The Plus Blocks for Block Editor | Gutenberg
- 2.222
Better Elementor Addons
- 2.223
Easy Property Listings
- 2.224
Image Slider
- 2.225
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
- 2.226
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
- 2.227
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
- 2.228
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- 2.229
Arconix Shortcodes
- 2.230
Assistant – Every Day Productivity Apps
- 2.231
Podlove Podcast Publisher
- 2.232
Podlove Podcast Publisher
- 2.233
Salon booking system
- 2.234
Salon booking system
- 2.235
Salon booking system
- 2.236
Ultimate 410 Gone Status Code
- 2.237
Advanced Local Pickup for WooCommerce
- 2.238
Embed Google Photos album
- 2.239
Import WP – Export and Import CSV and XML files to WordPress
- 2.240
Tickera – WordPress Event Ticketing
- 2.241
VikRentCar Car Rental Management System
- 2.242
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
- 2.243
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
- 2.244
Coupon & Discount Code Reveal Button
- 2.245
Debug Log Manager
- 2.246
Newsletters
- 2.247
Newsletters
- 2.248
PropertyHive
- 2.249
Vision – Image Map Builder
- 2.250
Widget Post Slider
- 2.251
WP-Lister Lite for eBay
- 2.252
WP-Recall – Registration, Profile, Commerce & More
- 2.253
WP-Recall – Registration, Profile, Commerce & More
- 2.254
Accessibility Widget
- 2.255
Advanced Testimonial Carousel for Elementor
- 2.256
All-in-one Like Widget
- 2.257
Knowledge Base documentation & wiki plugin – BasePress Docs
- 2.258
Knowledge Base documentation & wiki plugin – BasePress Docs
- 2.259
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
- 2.260
Custom field finder
- 2.261
RSS Redirect & Feedburner Alternative
- 2.262
InstaWP Connect – 1-click WP Staging & Migration
- 2.263
iPages Flipbook For WordPress
- 2.264
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
- 2.265
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
- 2.266
User Meta – User Profile Builder and User management plugin
- 2.267
SuperFaktura WooCommerce
- 2.268
Academy LMS – eLearning and online course solution for WordPress
- 2.269
Academy LMS – eLearning and online course solution for WordPress
- 2.270
ActiveDEMAND
- 2.271
Admin Bar Editor – Hide Toolbar by User Roles
- 2.272
AI Post Generator | AutoWriter
- 2.273
AppPresser – Mobile App Framework
- 2.274
Booking Ultra Pro Appointments Booking Calendar Plugin
- 2.275
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
- 2.276
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
- 2.277
ChatBot Conversational Forms
- 2.278
Culqi
- 2.279
EPROLO Dropshipping
- 2.280
USPS Shipping for WooCommerce – Live Rates
- 2.281
Headline Analyzer
- 2.282
KB Support – WordPress Help Desk and Knowledge Base
- 2.283
Login with phone number
- 2.284
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
- 2.285
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
- 2.286
Reviews Plus
- 2.287
Save as PDF Plugin by Pdfcrowd
- 2.288
Seers | GDPR & CCPA Cookie Consent & Compliance
- 2.289
Image Optimizer, Resizer and CDN – Sirv
- 2.290
StreamWeasels Twitch Integration
- 2.291
Poll | Vote | Contest – Best Poll Plugin for WordPress
- 2.292
Vitepos – Point of sale (POS) plugin for WooCommerce
- 2.293
WP Club Manager – WordPress Sports Club Plugin
- 2.294
WP GoToWebinar
- 2.295
MDTF – Meta Data and Taxonomies Filter
- 2.296
WP Time Slots Booking Form
- 2.297
WPCal.io – Easy Meeting Scheduler
- 2.298
WPPizza – A Restaurant Plugin
- 2.299
Frontend Dashboard
- 2.300
Leaky Paywall
- 2.301
Olive One Click Demo Import
- 2.302
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
- 2.303
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- 2.304
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- 2.305
Slash Admin
- 2.306
Car Dealer (Dealership) and Vehicle sales
- 2.307
ShortPixel Critical CSS
- 2.308
Admin and Customer Messages After Order for WooCommerce: OrderConvo
- 2.309
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
- 2.310
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
- 2.311
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
- 2.312
Better Comments
- 2.313
Better Comments
- 2.314
Header Footer Code Manager Pro
- 2.315
ARForms
- 2.316
ARForms
- 2.317
ARForms
- 2.318
ARForms
- 2.319
ARForms
- 2.320
ARForms Form Builder
- 2.321
Digital Publications by Supsystic
- 2.322
ElementsKit Pro
- 2.323
Fancy Product Designer
- 2.324
Interactive World Maps
- 2.325
Max Addons Pro for Bricks
- 2.326
Max Addons Pro for Bricks
- 2.327
WooCommerce Shipping Label
- 2.328
WooCommerce Customers Manager
- 2.329
WooCommerce Customers Manager
- 2.330
WP Media Category Management
- 2.331
Wp Staging Pro
- 3. WordPress Themes — 21 Patched / 7 Unpatched
- 3.1
UDesign
- 3.2
XStore
- 3.3
XStore
- 3.4
XStore
- 3.5
XStore
- 3.6
XStore
- 3.7
XStore
- 3.8
Accountra
- 3.9
Althea WP
- 3.10
Blocksy
- 3.11
Blocksy
- 3.12
Brite
- 3.13
Colibri WP
- 3.14
ColorNews
- 3.15
Elevate WP
- 3.16
Financio
- 3.17
Hugo WP
- 3.18
Intrace
- 3.19
Pathway
- 3.20
Photology
- 3.21
Royal Elementor Kit
- 3.22
Startupzy
- 3.23
Teluro
- 3.24
Travey
- 3.25
Vertice
- 3.26
Virtue
- 3.27
WP Portfolio
- 3.28
Zeever
Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
No new core vulnerabilities were disclosed this week.
WordPress Plugins — 248 Patched / 21 Unpatched
Plugin Slug:
auto-post-thumbnail
Installations
70,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
famethemes-demo-importer
Installations
50,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
piotnet-addons-for-elementor
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
ag-custom-admin
Installations
30,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
cryout-serious-slider
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
meks-smart-social-widget
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
xserver-migrator
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
Plugin Slug:
anual-archive
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
buddypress-media
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
clickcease-click-fraud-protection
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
democracy-poll
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
login-logout-register-menu
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
meks-themeforest-smart-widget
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
print-o-matic
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
smart-recent-posts-widget
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
enhanced-tooltipglossary
Installations
8,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
customify-sites
Installations
6,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
No Fix
Severity Score:
Critical
Plugin Slug:
ad-widget
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
popupally
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
pretty-google-calendar
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
facebook-fan-page-widget
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
filterable-portfolio
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
share-this-image
Installations
2,000+
Vulnerability:
Open Redirection
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
smart-maintenance-mode
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
enl-newsletter
Installations
10+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
enl-newsletter
Installations
10+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
enl-newsletter
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Advanced Search
Plugin Slug:
advance-search
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Advanced Most Recent Posts Mod
Plugin Slug:
advanced-most-recent-posts-mod
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Advanced Post List
Plugin Slug:
advanced-post-list
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
AJAX Login and Registration modal popup + inline form
Plugin Slug:
ajax-login-and-registration-modal-popup
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Element Pack Pro
Plugin Slug:
bdthemes-element-pack
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
High
Plugin:
CF7 File Download – File Download for CF7
Plugin Slug:
cf7-file-download
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Client Dash
Plugin Slug:
client-dash
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Contact Form 7 Extension For Mailchimp
Plugin Slug:
contact-form-7-mailchimp-extension
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
CPO Companion
Plugin Slug:
cpo-companion
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Crelly Slider
Plugin Slug:
crelly-slider
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Easy Set Favicon
Plugin Slug:
easy-set-favicon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Embed Google Fonts
Plugin Slug:
embed-google-fonts
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
High
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
XStore Core
Plugin Slug:
et-core-plugin
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
Giphypress
Plugin Slug:
giphypress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
GWP-Histats
Plugin Slug:
gwp-histats
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
JW Player for WordPress
Plugin Slug:
jw-player-7-for-wp
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
MF Gig Calendar
Plugin Slug:
mf-gig-calendar
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Mini Loops
Plugin Slug:
mini-loops
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Opal Widgets For Elementor
Plugin Slug:
opal-widgets-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
CodeBard’s Patron Button and Widgets for Patreon
Plugin Slug:
patron-button-and-widgets-by-codebard
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
PB MailCrypt
Plugin Slug:
pb-mailcrypt-antispam-email-encryption
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Piotnet Addons For Elementor Pro
Plugin Slug:
piotnet-addons-for-elementor-pro
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Piotnet Addons For Elementor Pro
Plugin Slug:
piotnet-addons-for-elementor-pro
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Piotnet Addons For Elementor Pro
Plugin Slug:
piotnet-addons-for-elementor-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Piotnet Addons For Elementor Pro
Plugin Slug:
piotnet-addons-for-elementor-pro
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Piotnet Addons For Elementor Pro
Plugin Slug:
piotnet-addons-for-elementor-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Progressive WordPress (PWA)
Plugin Slug:
progressive-wp
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Realtyna Organic IDX plugin
Plugin Slug:
real-estate-listing-realtyna-wpl
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Recencio Book Reviews
Plugin Slug:
recencio-book-reviews
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Regenerate post permalink
Plugin Slug:
regenerate-post-permalinks
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
School Management Pro
Plugin Slug:
school-management-pro
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Shortcode Addons
Plugin Slug:
shortcode-addons
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Sliding Widgets
Plugin Slug:
sliding-widgets
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Social Share Buttons by Supsystic
Plugin Slug:
social-share-buttons-by-supsystic
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Solid Affiliate
Plugin Slug:
solid-affiliate
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
Plugin:
SP Project & Document Manager
Plugin Slug:
sp-client-document-manager
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Sticky Anything
Plugin Slug:
toast-stick-anything
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WidgetKit
Plugin Slug:
widgetkit-for-elementor
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WZone
Plugin Slug:
woozone
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
WP GDPR Compliance
Plugin Slug:
wp-gdpr-compliance
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP Masquerade
Plugin Slug:
wp-masquerade
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WP Page Post Widget Clone
Plugin Slug:
wp-page-post-widget-clone
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WTI Like Post
Plugin Slug:
wti-like-post
Vulnerability:
Bypass Vulnerability
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
XforWooCommerce
Plugin Slug:
xforwoocommerce
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
all-in-one-seo-pack
Installations
3,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.6.1.1
Severity Score:
Medium
Plugin Slug:
essential-addons-for-elementor-lite
Installations
2,000,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.9.16
Severity Score:
Medium
Plugin Slug:
seo-by-rank-math
Installations
2,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.217
Severity Score:
Medium
Plugin Slug:
elementskit-lite
Installations
1,000,000+
Vulnerability:
Local File Inclusion
Patched in Version:
3.1.1
Severity Score:
High
Plugin Slug:
optinmonster
Installations
1,000,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.16.0
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.29
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.26
Severity Score:
Medium
Plugin Slug:
ultimate-addons-for-gutenberg
Installations
700,000+
Vulnerability:
Path Traversal
Patched in Version:
2.12.7
Severity Score:
Medium
Plugin Slug:
contact-form-cfdb7
Installations
600,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.2.7
Severity Score:
Medium
Plugin Slug:
shortcodes-ultimate
Installations
600,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.1.0
Severity Score:
Medium
Plugin Slug:
happy-elementor-addons
Installations
400,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.10.7
Severity Score:
Medium
Plugin Slug:
copy-delete-posts
Installations
300,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.5
Severity Score:
Medium
Plugin Slug:
metform
Installations
300,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.8.4
Severity Score:
Medium
Plugin Slug:
royal-elementor-addons
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.972
Severity Score:
Medium
Plugin Slug:
royal-elementor-addons
Installations
300,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.3.95
Severity Score:
Medium
Plugin Slug:
woocommerce-pdf-invoices-packing-slips
Installations
300,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
3.8.1
Severity Score:
High
Plugin Slug:
woocommerce-pdf-invoices-packing-slips
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.8.1
Severity Score:
High
Plugin Slug:
call-now-button
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.7
Severity Score:
Medium
Plugin Slug:
chaty
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.9
Severity Score:
Medium
Plugin Slug:
instant-images
Installations
200,000+
Vulnerability:
Privilege Escalation
Patched in Version:
6.1.1
Severity Score:
High
Plugin Slug:
jeg-elementor-kit
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.5
Severity Score:
Medium
Plugin Slug:
jeg-elementor-kit
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.4
Severity Score:
Medium
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.8.21
Severity Score:
Medium
Plugin Slug:
qi-addons-for-elementor
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.1
Severity Score:
Medium
Plugin Slug:
yith-woocommerce-compare
Installations
200,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.38.0
Severity Score:
Medium
Plugin Slug:
addon-elements-for-elementor-page-builder
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.13.4
Severity Score:
Medium
Plugin Slug:
backupwordpress
Installations
100,000+
Vulnerability:
Directory Traversal
Patched in Version:
3.14
Severity Score:
Low
Plugin Slug:
colibri-page-builder
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.264
Severity Score:
Medium
Plugin Slug:
colibri-page-builder
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.274
Severity Score:
Medium
Plugin Slug:
content-views-query-and-display-post-page
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.1
Severity Score:
Medium
Plugin Slug:
fileorganizer
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.7
Severity Score:
Medium
Plugin Slug:
flexible-shipping
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.24.16
Severity Score:
Medium
Plugin Slug:
ht-mega-for-elementor
Installations
100,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.4.8
Severity Score:
Medium
Plugin Slug:
hummingbird-performance
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.7.4
Severity Score:
Medium
Plugin Slug:
sassy-social-share
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.61
Severity Score:
Medium
Plugin Slug:
schema-and-structured-data-for-wp
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.30
Severity Score:
Medium
Plugin Slug:
strong-testimonials
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.12
Severity Score:
Medium
Plugin Slug:
ultimate-social-media-icons
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.8.7
Severity Score:
Medium
Plugin Slug:
wp-whatsapp
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.4
Severity Score:
Medium
Plugin Slug:
paid-memberships-pro
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0
Severity Score:
Medium
Plugin Slug:
paid-memberships-pro
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0
Severity Score:
Medium
Plugin Slug:
vk-block-patterns
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.31.1.1
Severity Score:
Medium
Plugin Slug:
wp-staging
Installations
90,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.5.0
Severity Score:
Medium
Plugin Slug:
backup-backup
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.2
Severity Score:
Medium
Plugin Slug:
import-users-from-csv-with-meta
Installations
80,000+
Vulnerability:
PHP Object Injection
Patched in Version:
1.26.3
Severity Score:
Medium
Plugin Slug:
mainwp-child-reports
Installations
80,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2
Severity Score:
Medium
Plugin Slug:
tutor
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.7.0
Severity Score:
Medium
Plugin Slug:
tutor
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.0
Severity Score:
Medium
Plugin Slug:
wp-smtp
Installations
80,000+
Vulnerability:
SQL Injection
Patched in Version:
1.2.7
Severity Score:
High
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7.0
Severity Score:
Medium
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
SQL Injection
Patched in Version:
4.7.0
Severity Score:
High
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7.0
Severity Score:
Medium
Plugin Slug:
wpdiscuz
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.6.16
Severity Score:
Medium
Plugin Slug:
contact-form-entries
Installations
70,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.9
Severity Score:
High
Plugin Slug:
media-cleaner
Installations
70,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
6.7.3
Severity Score:
Medium
Plugin Slug:
users-customers-import-export-for-wp-woocommerce
Installations
70,000+
Vulnerability:
Deserialization of untrusted data
Patched in Version:
2.5.4
Severity Score:
Medium
Plugin Slug:
blog2social
Installations
60,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
7.5.0
Severity Score:
Medium
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.9.2
Severity Score:
Medium
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.9.4
Severity Score:
Medium
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.9.5
Severity Score:
Medium
Plugin Slug:
getwid
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.8
Severity Score:
Medium
Plugin Slug:
woocommerce-currency-switcher
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.1.9
Severity Score:
Medium
Plugin Slug:
wp-members
Installations
60,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.4.9.4
Severity Score:
Medium
Plugin Slug:
enhanced-text-widget
Installations
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.5
Severity Score:
Medium
Plugin Slug:
form-maker
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.15.25
Severity Score:
Medium
Plugin Slug:
jquery-collapse-o-matic
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.5.6
Severity Score:
Medium
Plugin Slug:
quick-featured-images
Installations
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
13.7.1
Severity Score:
Medium
Plugin Slug:
simple-membership
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.4.4
Severity Score:
Medium
Plugin Slug:
sina-extension-for-elementor
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5.3
Severity Score:
Medium
Plugin Slug:
post-grid
Installations
40,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.2.79
Severity Score:
High
Plugin Slug:
simply-static
Installations
40,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.1.4
Severity Score:
High
Plugin Slug:
woocommerce-delivery-notes
Installations
40,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.9.0
Severity Score:
Medium
Plugin Slug:
wp-analytify
Installations
40,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.2.4
Severity Score:
Medium
Plugin Slug:
wp-analytify
Installations
40,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.2.4
Severity Score:
Medium
Plugin Slug:
ag-custom-admin
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.2.2
Severity Score:
Medium
Plugin Slug:
ays-popup-box
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.3.7
Severity Score:
Medium
Plugin Slug:
fv-wordpress-flowplayer
Installations
30,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
7.5.45.7212
Severity Score:
Medium
Plugin Slug:
master-addons
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.5.6
Severity Score:
Medium
Plugin Slug:
mp-timetable
Installations
30,000+
Vulnerability:
SQL Injection
Patched in Version:
2.4.12
Severity Score:
High
Plugin Slug:
social-warfare
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.4.6.2
Severity Score:
Medium
Plugin Slug:
vod-infomaniak
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.7
Severity Score:
High
Plugin Slug:
wp-google-places-review-slider
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
13.6
Severity Score:
Medium
Plugin Slug:
wp-hide-backed-notices
Installations
30,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.3
Severity Score:
Medium
Plugin Slug:
appointment-hour-booking
Installations
20,000+
Vulnerability:
Other Vulnerability Type
Patched in Version:
1.4.57
Severity Score:
Medium
Plugin Slug:
checkout-fees-for-woocommerce
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.12.2
Severity Score:
Medium
Plugin Slug:
data-tables-generator-by-supsystic
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.10.32
Severity Score:
Medium
Plugin Slug:
gt3-photo-video-gallery
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.7.22
Severity Score:
Medium
Plugin Slug:
pricing-table-by-supsystic
Installations
20,000+
Vulnerability:
Content Injection
Patched in Version:
1.9.13
Severity Score:
Medium
Plugin Slug:
rafflepress
Installations
20,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.12.11
Severity Score:
Medium
Plugin Slug:
rate-my-post
Installations
20,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
3.4.5
Severity Score:
Medium
Plugin Slug:
secure-copy-content-protection
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.9.1
Severity Score:
Medium
Plugin Slug:
secure-copy-content-protection
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.7.2
Severity Score:
Medium
Plugin Slug:
ultimate-social-media-plus
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.6.2
Severity Score:
Medium
Plugin Slug:
ultimate-social-media-plus
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.6.3
Severity Score:
Medium
Plugin Slug:
video-conferencing-with-zoom-api
Installations
20,000+
Vulnerability:
Open Redirection
Patched in Version:
4.4.5
Severity Score:
Medium
Plugin Slug:
woocommerce-product-addon
Installations
20,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
32.0.19
Severity Score:
Critical
Plugin Slug:
woocommerce-sendinblue-newsletter-subscription
Installations
20,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
4.0.18
Severity Score:
High
Plugin Slug:
wpzoom-elementor-addons
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.36
Severity Score:
Medium
Plugin Slug:
advanced-floating-content-lite
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.6
Severity Score:
Medium
Plugin Slug:
bp-better-messages
Installations
10,000+
Vulnerability:
Broken Authentication
Patched in Version:
2.4.33
Severity Score:
Medium
Plugin Slug:
buddypress-media
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
4.6.19
Severity Score:
High
Plugin Slug:
classified-listing
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.11
Severity Score:
Medium
Plugin Slug:
directorist
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.9.0
Severity Score:
Medium
Plugin Slug:
elespare
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.3
Severity Score:
Medium
Plugin Slug:
email-customizer-for-woocommerce
Installations
10,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.6.1
Severity Score:
High
Plugin Slug:
gamipress
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
6.8.9
Severity Score:
Low
Plugin Slug:
geodirectory
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.49
Severity Score:
Medium
Plugin Slug:
http-https-remover
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.7
Severity Score:
Medium
Plugin Slug:
list-custom-taxonomy-widget
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2
Severity Score:
Medium
Plugin Slug:
live-composer-page-builder
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.39
Severity Score:
Medium
Plugin Slug:
mycred
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.4
Severity Score:
Medium
Plugin Slug:
paid-member-subscriptions
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.11.1
Severity Score:
Medium
Plugin Slug:
pop-up-pop-up
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.4
Severity Score:
Medium
Plugin Slug:
restaurant-reservations
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.17
Severity Score:
Medium
Plugin Slug:
reviewx
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.22
Severity Score:
Medium
Plugin Slug:
rometheme-for-elementor
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.2
Severity Score:
Medium
Plugin Slug:
rometheme-for-elementor
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.2
Severity Score:
Medium
Plugin Slug:
send-pdf-for-contact-form-7
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.0.2.4
Severity Score:
Medium
Plugin Slug:
socialsnap
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.6
Severity Score:
Medium
Plugin Slug:
ultimate-posts-widget
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.3.0
Severity Score:
Medium
Plugin Slug:
wordpress-easy-paypal-payment-or-donation-accept-plugin
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.0
Severity Score:
High
Plugin Slug:
wp-datepicker
Installations
10,000+
Vulnerability:
Privilege Escalation
Patched in Version:
2.1.1
Severity Score:
High
Plugin Slug:
wp-scheduled-posts
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.0.9
Severity Score:
Medium
Plugin Slug:
wp-travel-engine
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.8.1
Severity Score:
High
Plugin Slug:
arconix-faq
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.9.4
Severity Score:
Medium
Plugin Slug:
fg-joomla-to-wordpress
Installations
9,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
4.21.0
Severity Score:
Medium
Plugin Slug:
romethemeform
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.3
Severity Score:
Medium
Plugin Slug:
smart-forms
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.96
Severity Score:
Medium
Plugin Slug:
smart-forms
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.92
Severity Score:
Medium
Plugin Slug:
wp-linkedin-auto-publish
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
8.12
Severity Score:
Medium
Plugin Slug:
wp-migration-duplicator
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.9
Severity Score:
Medium
Plugin Slug:
armember-membership
Installations
8,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0.29
Severity Score:
Critical
Plugin Slug:
hkdev-maintenance-mode
Installations
8,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
3.0.2
Severity Score:
Low
Plugin Slug:
wpc-composite-products
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.2.8
Severity Score:
Medium
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
5.8.0
Severity Score:
Medium
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
5.8.3
Severity Score:
Medium
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
5.8.0
Severity Score:
Medium
Plugin Slug:
the-plus-addons-for-block-editor
Installations
7,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.6
Severity Score:
Medium
Plugin Slug:
better-elementor-addons
Installations
6,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.4.2
Severity Score:
Medium
Plugin Slug:
easy-property-listings
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.4
Severity Score:
Medium
Plugin Slug:
image-slider-widget
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.127
Severity Score:
Medium
Plugin Slug:
integrate-google-drive
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.91
Severity Score:
High
Plugin Slug:
integrate-google-drive
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.91
Severity Score:
Medium
Plugin Slug:
print-my-blog
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.26.3
Severity Score:
Medium
Plugin Slug:
radio-player
Installations
6,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.0.74
Severity Score:
Medium
Plugin Slug:
arconix-shortcodes
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.11
Severity Score:
Medium
Plugin Slug:
assistant
Installations
5,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.9.2
Severity Score:
Medium
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
4.0.12
Severity Score:
Medium
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0.15
Severity Score:
High
Plugin Slug:
salon-booking-system
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.6.6
Severity Score:
Medium
Plugin Slug:
salon-booking-system
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.6.6
Severity Score:
Medium
Plugin Slug:
salon-booking-system
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
9.6.6
Severity Score:
Medium
Plugin Slug:
ultimate-410
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5
Severity Score:
Medium
Plugin Slug:
advanced-local-pickup-for-woocommerce
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.2
Severity Score:
Medium
Plugin Slug:
embed-google-photos-album-easily
Installations
4,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.2.1
Severity Score:
Medium
Plugin Slug:
jc-importer
Installations
4,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.13.1
Severity Score:
Medium
Plugin Slug:
tickera-event-ticketing-system
Installations
4,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
3.5.2.5
Severity Score:
Medium
Plugin Slug:
vikrentcar
Installations
4,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.3.3
Severity Score:
Medium
Plugin Slug:
wp-ada-compliance-check-basic
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.1.4
Severity Score:
Medium
Plugin Slug:
wp-fusion-lite
Installations
4,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.43.0
Severity Score:
Medium
Plugin Slug:
coupon-reveal-button
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.6
Severity Score:
Medium
Plugin Slug:
debug-log-manager
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.3.2
Severity Score:
Medium
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
4.9.6
Severity Score:
Critical
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
4.9.6
Severity Score:
High
Plugin Slug:
propertyhive
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.13
Severity Score:
Medium
Plugin Slug:
vision
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.7.2
Severity Score:
Medium
Plugin Slug:
widget-post-slider
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.6
Severity Score:
Medium
Plugin Slug:
wp-lister-for-ebay
Installations
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
3.6.0
Severity Score:
Critical
Plugin Slug:
wp-recall
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
16.26.6
Severity Score:
High
Plugin Slug:
wp-recall
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
16.26.6
Severity Score:
Critical
Plugin Slug:
accessibility-widget
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.1
Severity Score:
Medium
Plugin Slug:
advanced-testimonial-carousel-for-elementor
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.1
Severity Score:
Medium
Plugin Slug:
all-in-one-facebook-like-widget
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.8
Severity Score:
Medium
Plugin Slug:
basepress
Installations
2,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.16.2.1
Severity Score:
Medium
Plugin Slug:
basepress
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.16.2.1
Severity Score:
Medium
Plugin Slug:
cookiehub
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.1
Severity Score:
Medium
Plugin Slug:
custom-field-finder
Installations
2,000+
Vulnerability:
PHP Object Injection
Patched in Version:
0.4
Severity Score:
Medium
Plugin Slug:
feedburner-alternative-and-rss-redirect
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0
Severity Score:
Medium
Plugin Slug:
instawp-connect
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.1.0.25
Severity Score:
Medium
Plugin Slug:
ipages-flipbook
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.2
Severity Score:
Medium
Plugin Slug:
the-pack-addon
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.8.4
Severity Score:
High
Plugin Slug:
the-pack-addon
Installations
2,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.0.8.3
Severity Score:
Medium
Plugin Slug:
user-meta
Installations
2,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.1
Severity Score:
Medium
Plugin Slug:
woocommerce-superfaktura
Installations
2,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.40.4
Severity Score:
Medium
Plugin Slug:
academy
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.9.17
Severity Score:
High
Plugin Slug:
academy
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.9.17
Severity Score:
Medium
Plugin Slug:
activedemand
Installations
1,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
0.2.42
Severity Score:
Critical
Plugin Slug:
admin-bar
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.0.23
Severity Score:
Medium
Plugin Slug:
ai-post-generator
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.4
Severity Score:
Medium
Plugin Slug:
apppresser
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.3.1
Severity Score:
Medium
Plugin Slug:
booking-ultra-pro
Installations
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
1.1.13
Severity Score:
High
Plugin Slug:
buddyforms
Installations
1,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.8.9
Severity Score:
High
Plugin Slug:
contest-gallery
Installations
1,000+
Vulnerability:
Arbitrary File Deletion
Patched in Version:
21.3.5
Severity Score:
High
Plugin Slug:
conversational-forms
Installations
1,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
1.2.0
Severity Score:
High
Plugin Slug:
culqi-checkout
Installations
1,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
3.0.15
Severity Score:
Medium
Plugin Slug:
eprolo-dropshipping
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.7.2
Severity Score:
Medium
Plugin Slug:
flexible-shipping-usps
Installations
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.10.0
Severity Score:
Medium
Plugin Slug:
headline-analyzer
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.4
Severity Score:
Medium
Plugin Slug:
kb-support
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.1
Severity Score:
Medium
Plugin Slug:
login-with-phone-number
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.94
Severity Score:
Critical
Plugin Slug:
print-google-cloud-print-gcp-woocommerce
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.5.4
Severity Score:
High
Plugin Slug:
radio-station
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.5.8
Severity Score:
Medium
Plugin Slug:
reviews-plus
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.5
Severity Score:
Medium
Plugin Slug:
save-as-pdf-by-pdfcrowd
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.1
Severity Score:
Medium
Plugin Slug:
seers-cookie-consent-banner-privacy-policy
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.1.1
Severity Score:
High
Plugin Slug:
sirv
Installations
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
7.2.3
Severity Score:
High
Plugin Slug:
streamweasels-twitch-integration
Installations
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.8.0
Severity Score:
Medium
Plugin Slug:
totalpoll-lite
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.10.0
Severity Score:
Medium
Plugin Slug:
vitepos-lite
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.2
Severity Score:
Medium
Plugin Slug:
wp-club-manager
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.12
Severity Score:
Medium
Plugin Slug:
wp-gotowebinar
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
15.1
Severity Score:
Medium
Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.3.1
Severity Score:
Medium
Plugin Slug:
wp-time-slots-booking-form
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.07
Severity Score:
High
Plugin Slug:
wpcal
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
0.9.5.9
Severity Score:
Medium
Plugin Slug:
wppizza
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.18.11
Severity Score:
Medium
Plugin Slug:
frontend-dashboard
Installations
900+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.2.4
Severity Score:
High
Plugin Slug:
leaky-paywall
Installations
900+
Vulnerability:
Broken Access Control
Patched in Version:
4.20.9
Severity Score:
High
Plugin Slug:
olive-one-click-demo-import
Installations
900+
Vulnerability:
Arbitrary File Download
Patched in Version:
1.1.2
Severity Score:
High
Plugin Slug:
woo-aliexpress-dropshipping
Installations
900+
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
2.1.2
Severity Score:
High
Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations
800+
Vulnerability:
Privilege Escalation
Patched in Version:
1.5.4
Severity Score:
Critical
Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations
800+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.4
Severity Score:
Critical
Plugin Slug:
slash-admin
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.8.2
Severity Score:
High
Plugin Slug:
cardealer
Installations
700+
Vulnerability:
Content Injection
Patched in Version:
4.16
Severity Score:
Low
Plugin Slug:
shortpixel-critical-css
Installations
700+
Vulnerability:
Broken Access Control
Patched in Version:
1.0.3
Severity Score:
High
Plugin Slug:
admin-and-client-message-after-order-for-woocommerce
Installations
500+
Vulnerability:
Broken Access Control
Patched in Version:
12.5
Severity Score:
Critical
Plugin Slug:
wp-s3-smart-upload
Installations
400+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.1
Severity Score:
High
Plugin Slug:
evergreen-content-poster
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.3
Severity Score:
Medium
Plugin Slug:
5-stars-rating-funnel
Installations
40+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.02
Severity Score:
Medium
Plugin Slug:
better-comments
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.6
Severity Score:
Medium
Plugin Slug:
better-comments
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.6
Severity Score:
Medium
Plugin:
Header Footer Code Manager Pro
Plugin Slug:
99robots-header-footer-code-manager-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.17
Severity Score:
High
Plugin:
ARForms
Plugin Slug:
arforms
Vulnerability:
SQL Injection
Patched in Version:
6.4.1
Severity Score:
High
Plugin:
ARForms
Plugin Slug:
arforms
Vulnerability:
Settings Change
Patched in Version:
6.4.1
Severity Score:
High
Plugin:
ARForms
Plugin Slug:
arforms
Vulnerability:
Settings Change
Patched in Version:
6.4.1
Severity Score:
High
Plugin:
ARForms
Plugin Slug:
arforms
Vulnerability:
Arbitrary File Deletion
Patched in Version:
6.4.1
Severity Score:
High
Plugin:
ARForms
Plugin Slug:
arforms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.4.1
Severity Score:
High
Plugin:
ARForms Form Builder
Plugin Slug:
arforms-form-builder
Vulnerability:
Broken Access Control
Patched in Version:
1.6.5
Severity Score:
High
Plugin:
Digital Publications by Supsystic
Plugin Slug:
digital-publications-by-supsystic
Vulnerability:
Broken Access Control
Patched in Version:
1.7.8
Severity Score:
Medium
Plugin:
ElementsKit Pro
Plugin Slug:
elementskit
Vulnerability:
Local File Inclusion
Patched in Version:
3.6.1
Severity Score:
High
Plugin:
Fancy Product Designer
Plugin Slug:
fancy-product-designer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.1.8
Severity Score:
High
Plugin:
Interactive World Maps
Plugin Slug:
interactive-world-maps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5
Severity Score:
High
Plugin:
Max Addons Pro for Bricks
Plugin Slug:
max-addons-pro-bricks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.2
Severity Score:
High
Plugin:
Max Addons Pro for Bricks
Plugin Slug:
max-addons-pro-bricks
Vulnerability:
Settings Change
Patched in Version:
1.6.2
Severity Score:
Medium
Plugin:
WooCommerce Shipping Label
Plugin Slug:
shipping-labels-for-woo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.9
Severity Score:
Medium
Plugin:
WooCommerce Customers Manager
Plugin Slug:
woocommerce-customers-manager
Vulnerability:
Broken Access Control
Patched in Version:
29.8
Severity Score:
Medium
Plugin:
WooCommerce Customers Manager
Plugin Slug:
woocommerce-customers-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
29.8
Severity Score:
High
Plugin:
WP Media Category Management
Plugin Slug:
wp-media-category-management
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.0
Severity Score:
High
Plugin:
Wp Staging Pro
Plugin Slug:
wp-staging-pro
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.5.0
Severity Score:
Medium
WordPress Themes — 21 Patched / 7 Unpatched
Theme:
UDesign
Theme Slug:
u-design
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
Settings Change
Patched in Version:
No Fix
Severity Score:
High
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Critical
Theme:
XStore
Theme Slug:
xstore
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
Theme Slug:
accountra
Downloads
20,885
Vulnerability:
Broken Access Control
Patched in Version:
1.0.4
Severity Score:
Medium
Theme Slug:
althea-wp
Downloads
52,642
Vulnerability:
Broken Access Control
Patched in Version:
1.0.16
Severity Score:
Medium
Theme Slug:
blocksy
Downloads
3,113,676
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.40
Severity Score:
Medium
Theme Slug:
blocksy
Downloads
3,113,676
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.34
Severity Score:
Medium
Theme Slug:
brite
Downloads
125,207
Vulnerability:
Broken Access Control
Patched in Version:
1.0.15
Severity Score:
Medium
Theme Slug:
colibri-wp
Downloads
1,271,195
Vulnerability:
Broken Access Control
Patched in Version:
1.0.99
Severity Score:
Medium
Theme Slug:
colornews
Downloads
266,626
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.7
Severity Score:
Medium
Theme Slug:
elevate-wp
Downloads
70,130
Vulnerability:
Broken Access Control
Patched in Version:
1.0.17
Severity Score:
Medium
Theme Slug:
financio
Downloads
17,197
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.4
Severity Score:
Medium
Theme Slug:
hugo-wp
Downloads
59,334
Vulnerability:
Broken Access Control
Patched in Version:
1.0.10
Severity Score:
Medium
Theme Slug:
intrace
Downloads
84,888
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.1
Severity Score:
Medium
Theme Slug:
pathway
Downloads
57,050
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.16
Severity Score:
Medium
Theme Slug:
photology
Downloads
17,339
Vulnerability:
Broken Access Control
Patched in Version:
1.1.4
Severity Score:
Medium
Theme Slug:
royal-elementor-kit
Downloads
461,793
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.117
Severity Score:
Medium
Theme Slug:
startupzy
Downloads
66,824
Vulnerability:
Broken Access Control
Patched in Version:
1.1.2
Severity Score:
Medium
Theme Slug:
teluro
Downloads
188,771
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.36
Severity Score:
Medium
Theme Slug:
travey
Downloads
17,666
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.5
Severity Score:
Medium
Theme Slug:
vertice
Downloads
47,531
Vulnerability:
Broken Access Control
Patched in Version:
1.0.11
Severity Score:
Medium
Theme Slug:
virtue
Downloads
2,473,892
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.9
Severity Score:
Medium
Theme Slug:
wp-portfolio
Downloads
82,208
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5
Severity Score:
Medium
Theme Slug:
zeever
Downloads
208,788
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.1
Severity Score:
Medium
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Get Solid Security
Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-01 11:27:57.
The article was hand-picked and curated for you by the Editorial Team of WP Archives.