In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.
Table of Contents
Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.5.2
Severity Score:
Medium
WordPress Plugins — 234 Patched / 81 Unpatched
Plugin Slug:
woo-product-feed-pro
Installations
90,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
whats-new-genarator
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
zero-spam
Installations
30,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
embed-form
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
subscribe2
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
leadinfo
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
pepro-ultimate-invoice
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
sync-post-with-other-site
Installations
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
easy-textillate
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
epoll-wp-voting
Installations
1,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
Plugin Slug:
momoyoga-integration
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
simple-buttons-creator
Installations
30+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
simple-buttons-creator
Installations
30+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
mm-email2image
Installations
20+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
Plugin Slug:
mm-email2image
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
bannerlid
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Access Category Password
Plugin Slug:
access-category-password
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Ads.txt Admin
Plugin Slug:
ads-txt-admin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Advanced Search
Plugin Slug:
advance-search
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Advanced Page Visit Counter
Plugin Slug:
advanced-page-visit-counter
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Advanced Post Block – Post Grid for WordPress block editor
Plugin Slug:
advanced-post-block
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
AIKit
Plugin Slug:
aikit-wordpress-ai-writing-assistant-using-gpt3
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Aspose.Words Exporter
Plugin Slug:
aspose-doc-exporter
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Shortcodes and extra features for Phlox theme
Plugin Slug:
auxin-elements
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Shortcodes and extra features for Phlox theme
Plugin Slug:
auxin-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Before And After
Plugin Slug:
before-and-after
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
bizcalendar-web
Plugin Slug:
bizcalendar-web
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Bulk Block Converter
Plugin Slug:
bulk-block-converter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Canva – Design beautiful blog graphics
Plugin Slug:
canva
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
CBX Bookmark & Favorite
Plugin Slug:
cbxwpbookmark
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Citadela Listing
Plugin Slug:
citadela-directory
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Citadela Listing
Plugin Slug:
citadela-directory
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Convert Post Types
Plugin Slug:
convert-post-types
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Crony Cronjob Manager
Plugin Slug:
crony
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Custom Order Statuses for WooCommerce
Plugin Slug:
custom-order-statuses-for-woocommerce
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Customily Product Personalizer
Plugin Slug:
customily-v2
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Delete Custom Fields
Plugin Slug:
delete-custom-fields
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Disable Comments | WPZest
Plugin Slug:
disable-comments-wpz
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Easy CountDowner
Plugin Slug:
easy-countdowner
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Easy Logo
Plugin Slug:
easylogo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
EZ Form Calculator
Plugin Slug:
ez-form-calculator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Filter Custom Fields & Taxonomies Light
Plugin Slug:
filter-custom-fields-taxonomies-light
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Find Duplicates
Plugin Slug:
find-duplicates
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Fixed HTML Toolbar
Plugin Slug:
fixed-html-toolbar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Flash Video Player
Plugin Slug:
flash-video-player
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Font Farsi
Plugin Slug:
font-farsi
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
Plugin Slug:
forms-to-zapier
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Freshdesk (official)
Plugin Slug:
freshdesk-support
Vulnerability:
Open Redirection
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Kimili Flash Embed
Plugin Slug:
kimili-flash-embed
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Contact Form & Lead Form Elementor Builder
Plugin Slug:
lead-form-builder
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Contact Form & Lead Form Elementor Builder
Plugin Slug:
lead-form-builder
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Libsyn Publisher Hub
Plugin Slug:
libsyn-podcasting
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Libsyn Publisher Hub
Plugin Slug:
libsyn-podcasting
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Related Posts for WordPress
Plugin Slug:
microkids-related-posts
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
MJ Update History
Plugin Slug:
mj-update-history
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Ovic Addon Toolkit
Plugin Slug:
ovic-addon-toolkit
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Payment Forms for Paystack
Plugin Slug:
payment-forms-for-paystack
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Product Feed on WooCommerce for Google
Plugin Slug:
purple-xmls-google-product-feed-for-woocommerce
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Code Insert Manager (Q2W3 Inc Manager)
Plugin Slug:
q2w3-inc-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Realtyna Organic IDX plugin
Plugin Slug:
real-estate-listing-realtyna-wpl
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
Sangar Slider
Plugin Slug:
sangar-slider-lite
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Shopkeeper Extender
Plugin Slug:
shopkeeper-extender
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP Matterport Shortcode
Plugin Slug:
shortcode-gallery-for-matterport-showcase
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Short URL
Plugin Slug:
shorten-url
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Simple Testimonials Showcase
Plugin Slug:
simple-testimonials-showcase
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Tax Rate Upload
Plugin Slug:
tax-rate-upload
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Post Type Builder (PTB)
Plugin Slug:
themify-ptb
Vulnerability:
Content Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Post Type Builder (PTB)
Plugin Slug:
themify-ptb
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Mega Addons For Elementor
Plugin Slug:
ultimate-addons-for-elementor
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
User Activity Log Pro
Plugin Slug:
user-activity-log-pro
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
Plugin:
Appointment Bookings for Zoom GoogleMeet and more – Wappointment
Plugin Slug:
wappointment
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WidgetKit
Plugin Slug:
widgetkit-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
2Checkout Payment Gateway for WooCommerce
Plugin Slug:
woocommerce-2checkout-payment
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Simple Registration for WooCommerce
Plugin Slug:
woocommerce-simple-registration
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
Plugin:
WP-Cufon
Plugin Slug:
wp-cufon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Plugin:
WP File Download Light
Plugin Slug:
wp-file-download-light
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:
wp-radio
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:
wp-radio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
Search Keyword Redirect
Plugin Slug:
wp-search-keyword-redirect
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP TradingView
Plugin Slug:
wp-tradingview
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin:
WP User Profile Avatar
Plugin Slug:
wp-user-profile-avatar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
Plugin Slug:
woocommerce
Installations
5,000,000+
Vulnerability:
Broken Access Control
Patched in Version:
8.6
Severity Score:
Medium
Plugin Slug:
elementskit-lite
Installations
1,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.7
Severity Score:
Medium
Plugin Slug:
ewww-image-optimizer
Installations
1,000,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
7.3.0
Severity Score:
Medium
Plugin Slug:
sg-cachepress
Installations
1,000,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.5.0
Severity Score:
Medium
Plugin Slug:
coming-soon
Installations
900,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.15.21
Severity Score:
Medium
Plugin Slug:
smart-slider-3
Installations
900,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.1.23
Severity Score:
Medium
Plugin Slug:
meta-box
Installations
700,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.9.4
Severity Score:
Medium
Plugin Slug:
ocean-extra
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.7
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.28
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.25
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.25
Severity Score:
Medium
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.17
Severity Score:
Medium
Plugin Slug:
the-events-calendar
Installations
700,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.3.1
Severity Score:
Medium
Plugin Slug:
backwpup
Installations
600,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
4.0.4
Severity Score:
Medium
Plugin Slug:
ml-slider
Installations
600,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.70.1
Severity Score:
Medium
Plugin Slug:
shortcodes-ultimate
Installations
600,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.0.5
Severity Score:
Medium
Plugin Slug:
forminator
Installations
500,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.29.3
Severity Score:
Medium
Plugin Slug:
nextgen-gallery
Installations
500,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.59.1
Severity Score:
Medium
Plugin Slug:
kadence-blocks
Installations
400,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
3.2.12
Severity Score:
High
Plugin Slug:
wp-google-maps
Installations
400,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
9.0.35
Severity Score:
Medium
Plugin Slug:
wpvivid-backuprestore
Installations
400,000+
Vulnerability:
PHP Object Injection
Patched in Version:
0.9.100
Severity Score:
Medium
Plugin Slug:
favicon-by-realfavicongenerator
Installations
300,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.30
Severity Score:
Medium
Plugin Slug:
gutenberg
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
18.1.0
Severity Score:
Medium
Plugin Slug:
newsletter
Installations
300,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.0.7
Severity Score:
Medium
Plugin Slug:
otter-blocks
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.9
Severity Score:
Medium
Plugin Slug:
otter-blocks
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.9
Severity Score:
Medium
Plugin Slug:
blocksy-companion
Installations
200,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.29
Severity Score:
Medium
Plugin Slug:
custom-facebook-feed
Installations
200,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.2.2
Severity Score:
Medium
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.22
Severity Score:
Medium
Plugin Slug:
ultimate-member
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.5
Severity Score:
Medium
Plugin Slug:
wp-user-avatar
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.15.5
Severity Score:
Medium
Plugin Slug:
wp-user-avatar
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.15.6
Severity Score:
Medium
Plugin Slug:
add-search-to-menu
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.5.6
Severity Score:
Medium
Plugin Slug:
bdthemes-element-pack-lite
Installations
100,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.6.0
Severity Score:
Medium
Plugin Slug:
bdthemes-element-pack-lite
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.5.4
Severity Score:
Medium
Plugin Slug:
bdthemes-element-pack-lite
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.3.3
Severity Score:
Medium
Plugin Slug:
download-manager
Installations
100,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
3.2.83
Severity Score:
Medium
Plugin Slug:
foogallery
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.15
Severity Score:
Medium
Plugin Slug:
give
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.0
Severity Score:
Medium
Plugin Slug:
intelly-related-posts
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.6.0
Severity Score:
Medium
Plugin Slug:
intelly-related-posts
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.4.0
Severity Score:
Medium
Plugin Slug:
intelly-related-posts
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5.0
Severity Score:
Medium
Plugin Slug:
wp-all-import
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.7.4
Severity Score:
Medium
Plugin Slug:
email-subscribers
Installations
90,000+
Vulnerability:
SQL Injection
Patched in Version:
5.7.15
Severity Score:
Critical
Plugin Slug:
enhanced-media-library
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.10
Severity Score:
Medium
Plugin Slug:
paid-memberships-pro
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0.2
Severity Score:
Medium
Plugin Slug:
paid-memberships-pro
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0
Severity Score:
Medium
Plugin Slug:
paid-memberships-pro
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0
Severity Score:
Medium
Plugin Slug:
remove-footer-credit
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.14
Severity Score:
Medium
Plugin Slug:
instagram-widget-by-wpzoom
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.14
Severity Score:
Medium
Plugin Slug:
real-media-library-lite
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.22.12
Severity Score:
Medium
Plugin Slug:
sydney-toolbox
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.29
Severity Score:
Medium
Plugin Slug:
theme-my-login
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.1.7
Severity Score:
Medium
Plugin Slug:
wp-clone-by-wp-academy
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4.4
Severity Score:
Medium
Plugin Slug:
boldgrid-easy-seo
Installations
70,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.6.15
Severity Score:
Medium
Plugin Slug:
user-registration
Installations
70,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.0
Severity Score:
Medium
Plugin Slug:
activecampaign-subscription-forms
Installations
60,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
8.1.15
Severity Score:
Medium
Plugin Slug:
addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.3.7
Severity Score:
Medium
Plugin Slug:
addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.3.7
Severity Score:
Medium
Plugin Slug:
advanced-iframe
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2024.3
Severity Score:
Medium
Plugin Slug:
ameliabooking
Installations
60,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.96
Severity Score:
Medium
Plugin Slug:
customer-reviews-woocommerce
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.47.0
Severity Score:
Medium
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.9.1
Severity Score:
Medium
Plugin Slug:
form-maker
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.15.24
Severity Score:
Medium
Plugin Slug:
redirect-redirection
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.0
Severity Score:
Medium
Plugin Slug:
spotlight-social-photo-feeds
Installations
60,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.11
Severity Score:
Medium
Plugin Slug:
woo-smart-quick-view
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.3
Severity Score:
Medium
Plugin Slug:
wp-carousel-free
Installations
60,000+
Vulnerability:
PHP Object Injection
Patched in Version:
2.6.4
Severity Score:
High
Plugin Slug:
wp-carousel-free
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.4
Severity Score:
Medium
Plugin Slug:
wp-letsencrypt-ssl
Installations
60,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
7.1.0
Severity Score:
High
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.9
Severity Score:
Medium
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.9
Severity Score:
Medium
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.9
Severity Score:
Medium
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.9
Severity Score:
Medium
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.9
Severity Score:
Medium
Plugin Slug:
fancybox-for-wordpress
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.4
Severity Score:
Medium
Plugin Slug:
feedzy-rss-feeds
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.3.4
Severity Score:
Medium
Plugin Slug:
print-invoices-packing-slip-labels-for-woocommerce
Installations
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.4.3
Severity Score:
Medium
Plugin Slug:
carousel-slider
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.7
Severity Score:
Medium
Plugin Slug:
carousel-slider
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.10
Severity Score:
Medium
Plugin Slug:
dethemekit-for-elementor
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.0
Severity Score:
Medium
Plugin Slug:
post-grid
Installations
40,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.76
Severity Score:
Medium
Plugin Slug:
advanced-cron-manager
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5.3
Severity Score:
Medium
Plugin Slug:
fv-wordpress-flowplayer
Installations
30,000+
Vulnerability:
Unvalidated Redirects and Forwards
Patched in Version:
7.5.45.7212
Severity Score:
Medium
Plugin Slug:
link-whisper
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
0.7.0
Severity Score:
Medium
Plugin Slug:
login-with-ajax
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.2
Severity Score:
Medium
Plugin Slug:
super-socializer
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.13.64
Severity Score:
Medium
Plugin Slug:
testimonial-slider-and-showcase
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.8
Severity Score:
Medium
Plugin Slug:
woo-bulk-editor
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.4.2
Severity Score:
Medium
Plugin Slug:
wp-customer-reviews
Installations
30,000+
Vulnerability:
Unvalidated Redirects and Forwards
Patched in Version:
3.7.1
Severity Score:
Medium
Plugin Slug:
beaf-before-and-after-gallery
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.5.5
Severity Score:
Medium
Plugin Slug:
dashboard-welcome-for-elementor
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.0.8
Severity Score:
Medium
Plugin Slug:
envo-extra
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.12
Severity Score:
Medium
Plugin Slug:
import-users-from-csv
Installations
20,000+
Vulnerability:
PHP Object Injection
Patched in Version:
1.3
Severity Score:
Medium
Plugin Slug:
ip2location-country-blocker
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.34.3
Severity Score:
Medium
Plugin Slug:
mailchimp-forms-by-mailmunch
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.2.2
Severity Score:
Medium
Plugin Slug:
omnisend-connect
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.14.4
Severity Score:
Medium
Plugin Slug:
powerkit
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.9.2
Severity Score:
Medium
Plugin Slug:
top-bar
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.5
Severity Score:
Medium
Plugin Slug:
top-bar
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.6
Severity Score:
Medium
Plugin Slug:
usc-e-shop
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.10.0
Severity Score:
Medium
Plugin Slug:
weforms
Installations
20,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.6.21
Severity Score:
Medium
Plugin Slug:
woo-thank-you-page-nextmove-lite
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.18.2
Severity Score:
Medium
Plugin Slug:
wp-accessibility-helper
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.6.2.6
Severity Score:
Medium
Plugin Slug:
asgaros-forum
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.9.0
Severity Score:
Medium
Plugin Slug:
ba-book-everything
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
1.6.5
Severity Score:
High
Plugin Slug:
bunnycdn
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.2
Severity Score:
Medium
Plugin Slug:
conveythis-translate
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
224
Severity Score:
High
Plugin Slug:
e2pdf
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.23.00
Severity Score:
Medium
Plugin Slug:
ecommerce-product-catalog
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.3.29
Severity Score:
Medium
Plugin Slug:
eroom-zoom-meetings-webinar
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.19
Severity Score:
Medium
Plugin Slug:
job-postings
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.6
Severity Score:
High
Plugin Slug:
legal-pages
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.4.3
Severity Score:
Medium
Plugin Slug:
lifterlms
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
7.5.1
Severity Score:
Medium
Plugin Slug:
live-composer-page-builder
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.36
Severity Score:
Medium
Plugin Slug:
mailster
Installations
10,000+
Vulnerability:
Local File Inclusion
Patched in Version:
4.0.7
Severity Score:
High
Plugin Slug:
order-delivery-date-for-woocommerce
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.21.0
Severity Score:
Medium
Plugin Slug:
popup-by-supsystic
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.10.28
Severity Score:
Medium
Plugin Slug:
restrict-content
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.9
Severity Score:
Medium
Plugin Slug:
simple-post-notes
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.7
Severity Score:
Medium
Plugin Slug:
userswp
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.6
Severity Score:
Medium
Plugin Slug:
wp-google-analytics-events
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.1
Severity Score:
High
Plugin Slug:
wp-mail-catcher
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.7
Severity Score:
Medium
Plugin Slug:
wp-product-feed-manager
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
2.6.0
Severity Score:
High
Plugin Slug:
elements-plus
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.16.4
Severity Score:
Medium
Plugin Slug:
flexible-shipping-ups
Installations
9,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.5
Severity Score:
Medium
Plugin Slug:
smart-forms
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.94
Severity Score:
Medium
Plugin Slug:
smart-forms
Installations
9,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.6.94
Severity Score:
Medium
Plugin Slug:
fatal-error-notify
Installations
8,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.3
Severity Score:
Medium
Plugin Slug:
mage-eventpress
Installations
8,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.1.3
Severity Score:
Medium
Plugin Slug:
unlimited-elementor-inner-sections-by-boomdevs
Installations
8,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.5
Severity Score:
Medium
Plugin Slug:
wpvivid-backup-mainwp
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.9.34
Severity Score:
Medium
Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount
Installations
7,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.18.1
Severity Score:
Medium
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.7.9
Severity Score:
Medium
Plugin Slug:
ultimate-product-catalogue
Installations
7,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.2.16
Severity Score:
Medium
Plugin Slug:
wp-compress-image-optimizer
Installations
7,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.11.01
Severity Score:
Medium
Plugin Slug:
ajax-load-more-anything
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.3.6
Severity Score:
Medium
Plugin Slug:
boostify-header-footer-builder
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.2
Severity Score:
Medium
Plugin Slug:
country-state-city-auto-dropdown
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.7.2
Severity Score:
Medium
Plugin Slug:
product-input-fields-for-woocommerce
Installations
6,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.8.0
Severity Score:
Medium
Plugin Slug:
radio-player
Installations
6,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.0.74
Severity Score:
Medium
Plugin Slug:
responsive-gallery-grid
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.11
Severity Score:
Medium
Plugin Slug:
responsive-tabs
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.7
Severity Score:
Medium
Plugin Slug:
ultimate-bootstrap-elements-for-elementor
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.1
Severity Score:
Medium
Plugin Slug:
wp-login-and-logout-redirect
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0
Severity Score:
Medium
Plugin Slug:
bulk-editor
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.8.2
Severity Score:
Medium
Plugin Slug:
church-theme-content
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.6.1
Severity Score:
Medium
Plugin Slug:
geo-my-wp
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.2
Severity Score:
Medium
Plugin Slug:
instagrate-to-wordpress
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8
Severity Score:
Medium
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.1.1
Severity Score:
Medium
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
SQL Injection
Patched in Version:
4.0.14
Severity Score:
High
Plugin Slug:
wp-client-reports
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.23
Severity Score:
Medium
Plugin Slug:
wp-easycart
Installations
5,000+
Vulnerability:
SQL Injection
Patched in Version:
5.6.4
Severity Score:
High
Plugin Slug:
wp-easycart
Installations
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.6.0
Severity Score:
Medium
Plugin Slug:
audio-and-video-player
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.0
Severity Score:
Medium
Plugin Slug:
contact-form-lite
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.25
Severity Score:
Medium
Plugin Slug:
everest-backup
Installations
4,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
2.2.5
Severity Score:
Critical
Plugin Slug:
marker-io
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.9
Severity Score:
Medium
Plugin Slug:
multiparcels-shipping-for-woocommerce
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.16.9
Severity Score:
Medium
Plugin Slug:
pardot
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.1
Severity Score:
Medium
Plugin Slug:
wpbenchmark
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.7
Severity Score:
Medium
Plugin Slug:
wpc-grouped-product
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.4.3
Severity Score:
Medium
Plugin Slug:
wpsynchro
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.11.3
Severity Score:
Medium
Plugin Slug:
zoho-campaigns
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.8
Severity Score:
Medium
Plugin Slug:
zoho-campaigns
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.8
Severity Score:
Medium
Plugin Slug:
premmerce-woocommerce-product-filter
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.7.3
Severity Score:
Medium
Plugin Slug:
seo-booster
Installations
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.8.10
Severity Score:
Medium
Plugin Slug:
top-table-of-contents
Installations
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.16
Severity Score:
Medium
Plugin Slug:
wallet-system-for-woocommerce
Installations
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.5.10
Severity Score:
Medium
Plugin Slug:
additional-product-fields-for-woocommerce
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.105
Severity Score:
Medium
Plugin Slug:
bc-woo-custom-thank-you-pages
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.14
Severity Score:
Medium
Plugin Slug:
currency-per-product-for-woocommerce
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.0
Severity Score:
Medium
Plugin Slug:
gallery-box
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.34
Severity Score:
Medium
Plugin Slug:
gg-woo-feed
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.7
Severity Score:
Medium
Plugin Slug:
gift-voucher
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.4.1
Severity Score:
Medium
Plugin Slug:
instawp-connect
Installations
2,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
0.1.0.23
Severity Score:
Critical
Plugin Slug:
lh-add-media-from-url
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.23
Severity Score:
High
Plugin Slug:
sheets-to-wp-table-live-sync
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.5.1
Severity Score:
Medium
Plugin Slug:
woc-open-close
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.9.2
Severity Score:
Medium
Plugin Slug:
wp-event-aggregator
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.7
Severity Score:
Medium
Plugin Slug:
apppresser
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.3.1
Severity Score:
Medium
Plugin Slug:
benchmark-email-lite
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.2
Severity Score:
Medium
Plugin Slug:
church-admin
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.0.28
Severity Score:
Medium
Plugin Slug:
current-template-name
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.13
Severity Score:
Medium
Plugin Slug:
dashboard-to-do-list
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.2
Severity Score:
Medium
Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.3
Severity Score:
Medium
Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.3
Severity Score:
Medium
Plugin Slug:
faq-for-woocommerce
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.1
Severity Score:
Medium
Plugin Slug:
feather-login-page
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.6
Severity Score:
Medium
Plugin Slug:
flexible-shipping-usps
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.9.3
Severity Score:
Medium
Plugin Slug:
login-with-phone-number
Installations
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
1.7.17
Severity Score:
High
Plugin Slug:
login-with-phone-number
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.94
Severity Score:
High
Plugin Slug:
mihanpanel-lite
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
12.7
Severity Score:
Medium
Plugin Slug:
netgsm
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.9
Severity Score:
High
Plugin Slug:
no-bot-registration
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0
Severity Score:
Medium
Plugin Slug:
novelist
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.3
Severity Score:
Medium
Plugin Slug:
poeditor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.9.9
Severity Score:
Medium
Plugin Slug:
redi-restaurant-reservation
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
24.0303
Severity Score:
Medium
Plugin Slug:
save-as-pdf-by-pdfcrowd
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.2
Severity Score:
Medium
Plugin Slug:
tour-booking-manager
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.1
Severity Score:
Medium
Plugin Slug:
ultimate-store-kit
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.0
Severity Score:
Medium
Plugin Slug:
visitor-analytics-io
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.0
Severity Score:
Medium
Plugin Slug:
wc-multi-currency
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.6
Severity Score:
Medium
Plugin Slug:
wp-dynamic-keywords-injector
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.22
Severity Score:
High
Plugin Slug:
mww-disclaimer-buttons
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2
Severity Score:
Medium
Plugin Slug:
siteimprove
Installations
900+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.7
Severity Score:
Medium
Plugin Slug:
bmi-adultkid-calculator
Installations
700+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.2
Severity Score:
High
Plugin Slug:
chat-help
Installations
400+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.0
Severity Score:
Medium
Plugin Slug:
ays-facebook-popup-likebox
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.3
Severity Score:
Medium
Plugin Slug:
webinar-ignition
Installations
200+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.06.0
Severity Score:
Medium
Plugin Slug:
f4-improvements
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.1
Severity Score:
Medium
Plugin Slug:
wp2leads
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
3.2.8
Severity Score:
Medium
Plugin Slug:
nps-computy
Installations
80+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.7.6
Severity Score:
Medium
Plugin Slug:
nps-computy
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.6
Severity Score:
Medium
Plugin Slug:
save-as-image-by-pdfcrowd
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.2
Severity Score:
Medium
Plugin Slug:
5-stars-rating-funnel
Installations
40+
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
1.3.02
Severity Score:
High
Plugin Slug:
affieasy
Installations
30+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.6
Severity Score:
Medium
Plugin:
AWP Classifieds
Plugin Slug:
another-wordpress-classifieds-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.3.2
Severity Score:
Medium
Plugin:
BWL Advanced FAQ Manager
Plugin Slug:
bwl-advanced-faq-manager
Vulnerability:
SQL Injection
Patched in Version:
2.0.4
Severity Score:
High
Plugin:
Calendarista Basic Edition
Plugin Slug:
calendarista-basic-edition
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.0.3
Severity Score:
Medium
Plugin:
Digital Publications by Supsystic
Plugin Slug:
digital-publications-by-supsystic
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.8
Severity Score:
Medium
Plugin:
Essential Grid
Plugin Slug:
essential-grid
Vulnerability:
Broken Access Control
Patched in Version:
3.1.2
Severity Score:
Medium
Plugin:
Fancy Product Designer
Plugin Slug:
fancy-product-designer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.1.81
Severity Score:
Medium
Plugin:
WPBakery Page Builder
Plugin Slug:
js_composer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.6
Severity Score:
Medium
Plugin:
WPBakery Page Builder
Plugin Slug:
js_composer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.6
Severity Score:
Medium
Plugin:
RestroPress
Plugin Slug:
restropress
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.1.2.1
Severity Score:
Medium
Plugin:
Slider Revolution
Plugin Slug:
revslider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.7.0
Severity Score:
Medium
Plugin:
Table & Contact Form 7 Database – Tablesome
Plugin Slug:
tablesome
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.26
Severity Score:
Medium
Plugin:
WooCommerce Customers Manager
Plugin Slug:
woocommerce-customers-manager
Vulnerability:
SQL Injection
Patched in Version:
29.7
Severity Score:
High
Plugin:
WP Cost Estimation & Payment Forms Builder
Plugin Slug:
wp-estimation-form
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.1.76
Severity Score:
High
Plugin:
WP Cost Estimation & Payment Forms Builder
Plugin Slug:
wp-estimation-form
Vulnerability:
Broken Access Control
Patched in Version:
10.1.77
Severity Score:
Medium
Plugin:
WP Activity Log Premium
Plugin Slug:
wp-security-audit-log-premium
Vulnerability:
SQL Injection
Patched in Version:
4.6.4.1
Severity Score:
High
Plugin:
WPB Show Core
Plugin Slug:
wpb-show-core
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7
Severity Score:
High
Plugin:
WPB Show Core
Plugin Slug:
wpb-show-core
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6
Severity Score:
High
WordPress Themes — 19 Patched / 7 Unpatched
Theme Slug:
decode
Downloads
269,521
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
gridsby
Downloads
288,716
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
gucherry-blog
Downloads
136,966
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
Theme Slug:
happenstance
Downloads
134,390
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
i-excel
Downloads
262,257
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
i-max
Downloads
270,530
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
sensible-wp
Downloads
277,690
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
Theme Slug:
blocksy
Downloads
3,056,299
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.23
Severity Score:
Medium
Theme Slug:
citylogic
Downloads
292,720
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.30
Severity Score:
Medium
Theme Slug:
default-mag
Downloads
93,066
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.6
Severity Score:
Medium
Theme Slug:
emmet-lite
Downloads
104,881
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.8
Severity Score:
Medium
Theme Slug:
lightning
Downloads
2,240,450
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
15.19.0
Severity Score:
Medium
Theme Slug:
namaha
Downloads
63,477
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.41
Severity Score:
Medium
Theme Slug:
newsxpress
Downloads
11,096
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.8
Severity Score:
Medium
Theme Slug:
panoramic
Downloads
614,830
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.57
Severity Score:
Medium
Theme Slug:
popularfx
Downloads
773,374
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.5
Severity Score:
Medium
Theme Slug:
sarada-lite
Downloads
86,466
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.3
Severity Score:
Medium
Theme Slug:
shopstar
Downloads
286,946
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.34
Severity Score:
Medium
Theme Slug:
sliding-door
Downloads
537,017
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.4
Severity Score:
Medium
Theme Slug:
spa-and-salon
Downloads
155,971
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.8
Severity Score:
Medium
Theme Slug:
tainacan-interface
Downloads
16,543
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.2
Severity Score:
High
Theme Slug:
the-conference
Downloads
52,521
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.1
Severity Score:
Medium
Theme Slug:
x-t9
Downloads
30,187
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.19.1
Severity Score:
Medium
Theme:
Soledad
Theme Slug:
soledad
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.4.6
Severity Score:
Medium
Theme:
Soledad
Theme Slug:
soledad
Vulnerability:
Broken Access Control
Patched in Version:
8.4.6
Severity Score:
Medium
Theme:
Soledad
Theme Slug:
soledad
Vulnerability:
Broken Access Control
Patched in Version:
8.4.6
Severity Score:
High
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Get Solid Security
Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-04-17 09:16:24.
The article was hand-picked and curated for you by the Editorial Team of WP Archives.