In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. 1. WordPress Core
1. 1.1
   WordPress Core
2. 2. WordPress Plugins — 234 Patched / 81 Unpatched
1. 2.1
   Product Feed PRO for WooCommerce
2. 2.2
   What’s New Generator
3. 2.3
   Zero Spam for WordPress
4. 2.4
   Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
5. 2.5
   Subscribe2 – Form, Email Subscribers & Newsletters
6. 2.6
   Leadinfo
7. 2.7
   PeproDev Ultimate Invoice
8. 2.8
   Sync Post With Other Site
9. 2.9
   Easy Textillate
10. 2.10
    WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
11. 2.11
    Yoga Schedule Momoyoga
12. 2.12
    Simple Buttons Creator
13. 2.13
    Simple Buttons Creator
14. 2.14
    MM-email2image
15. 2.15
    MM-email2image
16. 2.16
    Bannerlid
17. 2.17
    Access Category Password
18. 2.18
    Ads.txt Admin
19. 2.19
    Advanced Search
20. 2.20
    Advanced Page Visit Counter
21. 2.21
    Advanced Post Block – Post Grid for WordPress block editor
22. 2.22
    AIKit
23. 2.23
    Aspose.Words Exporter
24. 2.24
    Shortcodes and extra features for Phlox theme
25. 2.25
    Shortcodes and extra features for Phlox theme
26. 2.26
    Before And After
27. 2.27
    bizcalendar-web
28. 2.28
    Bulk Block Converter
29. 2.29
    Canva – Design beautiful blog graphics
30. 2.30
    CBX Bookmark & Favorite
31. 2.31
    Citadela Listing
32. 2.32
    Citadela Listing
33. 2.33
    Convert Post Types
34. 2.34
    Crony Cronjob Manager
35. 2.35
    Custom Order Statuses for WooCommerce
36. 2.36
    Customily Product Personalizer
37. 2.37
    Delete Custom Fields
38. 2.38
    Disable Comments | WPZest
39. 2.39
    Easy CountDowner
40. 2.40
    Easy Logo
41. 2.41
    EZ Form Calculator
42. 2.42
    Filter Custom Fields & Taxonomies Light
43. 2.43
    Find Duplicates
44. 2.44
    Fixed HTML Toolbar
45. 2.45
    Flash Video Player
46. 2.46
    Font Farsi
47. 2.47
    Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
48. 2.48
    Freshdesk (official)
49. 2.49
    Kimili Flash Embed
50. 2.50
    Contact Form & Lead Form Elementor Builder
51. 2.51
    Contact Form & Lead Form Elementor Builder
52. 2.52
    Libsyn Publisher Hub
53. 2.53
    Libsyn Publisher Hub
54. 2.54
    Related Posts for WordPress
55. 2.55
    MJ Update History
56. 2.56
    Ovic Addon Toolkit
57. 2.57
    Payment Forms for Paystack
58. 2.58
    Product Feed on WooCommerce for Google
59. 2.59
    Code Insert Manager (Q2W3 Inc Manager)
60. 2.60
    Realtyna Organic IDX plugin
61. 2.61
    Sangar Slider
62. 2.62
    Shopkeeper Extender
63. 2.63
    WP Matterport Shortcode
64. 2.64
    Short URL
65. 2.65
    Simple Testimonials Showcase
66. 2.66
    Tax Rate Upload
67. 2.67
    Post Type Builder (PTB)
68. 2.68
    Post Type Builder (PTB)
69. 2.69
    Mega Addons For Elementor
70. 2.70
    User Activity Log Pro
71. 2.71
    Appointment Bookings for Zoom GoogleMeet and more – Wappointment
72. 2.72
    WidgetKit
73. 2.73
    2Checkout Payment Gateway for WooCommerce
74. 2.74
    Simple Registration for WooCommerce
75. 2.75
    WP-Cufon
76. 2.76
    WP File Download Light
77. 2.77
    WP Radio – Worldwide Online Radio Stations Directory for WordPress
78. 2.78
    WP Radio – Worldwide Online Radio Stations Directory for WordPress
79. 2.79
    Search Keyword Redirect
80. 2.80
    WP TradingView
81. 2.81
    WP User Profile Avatar
82. 2.82
    WooCommerce
83. 2.83
    ElementsKit Elementor addons
84. 2.84
    EWWW Image Optimizer
85. 2.85
    Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
86. 2.86
    Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
87. 2.87
    Smart Slider 3
88. 2.88
    Meta Box – WordPress Custom Fields Framework
89. 2.89
    Ocean Extra
90. 2.90
    Premium Addons for Elementor
91. 2.91
    Premium Addons for Elementor
92. 2.92
    Premium Addons for Elementor
93. 2.93
    Premium Addons for Elementor
94. 2.94
    The Events Calendar
95. 2.95
    BackWPup – WordPress Backup Plugin
96. 2.96
    Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
97. 2.97
    WP Shortcodes Plugin — Shortcodes Ultimate
98. 2.98
    Forminator – Contact Form, Payment Form & Custom Form Builder
99. 2.99
    WordPress Gallery Plugin – NextGEN Gallery
100. 2.100
     Gutenberg Blocks by Kadence Blocks – Page Builder Features
101. 2.101
     WP Go Maps (formerly WP Google Maps)
102. 2.102
     Migration, Backup, Staging – WPvivid
103. 2.103
     Favicon by RealFaviconGenerator
104. 2.104
     Gutenberg
105. 2.105
     Newsletter – Send awesome emails from WordPress
106. 2.106
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
107. 2.107
     Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
108. 2.108
     Blocksy Companion
109. 2.109
     Smash Balloon Social Post Feed
110. 2.110
     Photo Gallery by 10Web – Mobile-Friendly Image Gallery
111. 2.111
     Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
112. 2.112
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
113. 2.113
     Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
114. 2.114
     Ivory Search – WordPress Search Plugin
115. 2.115
     Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
116. 2.116
     Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
117. 2.117
     Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
118. 2.118
     Download Manager
119. 2.119
     Best WordPress Gallery Plugin – FooGallery
120. 2.120
     GiveWP – Donation Plugin and Fundraising Platform
121. 2.121
     Inline Related Posts
122. 2.122
     Inline Related Posts
123. 2.123
     Inline Related Posts
124. 2.124
     Import any XML or CSV File to WordPress
125. 2.125
     Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
126. 2.126
     Enhanced Media Library
127. 2.127
     Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
128. 2.128
     Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
129. 2.129
     Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
130. 2.130
     Remove Footer Credit
131. 2.131
     WPZOOM Social Feed Widget & Block
132. 2.132
     Real Media Library: Media Library Folder & File Manager
133. 2.133
     Sydney Toolbox
134. 2.134
     Theme My Login
135. 2.135
     Clone
136. 2.136
     BoldGrid Easy SEO – Simple and Effective SEO
137. 2.137
     User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
138. 2.138
     ActiveCampaign – Forms, Site Tracking, Live Chat
139. 2.139
     Elementor Addons by Livemesh
140. 2.140
     Elementor Addons by Livemesh
141. 2.141
     Advanced iFrame
142. 2.142
     Booking for Appointments and Events Calendar – Amelia
143. 2.143
     Customer Reviews for WooCommerce
144. 2.144
     Exclusive Addons for Elementor
145. 2.145
     Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
146. 2.146
     Redirection
147. 2.147
     Spotlight Social Feeds [Block, Shortcode, and Widget]
148. 2.148
     WPC Smart Quick View for WooCommerce
149. 2.149
     Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
150. 2.150
     Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
151. 2.151
     WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
152. 2.152
     Bold Page Builder
153. 2.153
     Bold Page Builder
154. 2.154
     Bold Page Builder
155. 2.155
     Bold Page Builder
156. 2.156
     Bold Page Builder
157. 2.157
     FancyBox for WordPress
158. 2.158
     RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
159. 2.159
     WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
160. 2.160
     Carousel Slider
161. 2.161
     Carousel Slider
162. 2.162
     DethemeKit For Elementor
163. 2.163
     Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
164. 2.164
     Advanced Cron Manager – debug & control
165. 2.165
     FV Flowplayer Video Player
166. 2.166
     Link Whisper Free
167. 2.167
     Login With Ajax – Fast Logins, 2FA, Redirects
168. 2.168
     Social Share, Social Login and Social Comments Plugin – Super Socializer
169. 2.169
     Testimonial Slider
170. 2.170
     BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
171. 2.171
     WP Customer Reviews
172. 2.172
     Ultimate Before After Image Slider & Gallery – BEAF
173. 2.173
     Dashboard Welcome for Elementor
174. 2.174
     Envo Extra
175. 2.175
     Import Users from CSV
176. 2.176
     IP2Location Country Blocker
177. 2.177
     MailChimp Forms by MailMunch
178. 2.178
     Email Marketing for WooCommerce by Omnisend
179. 2.179
     Powerkit – Supercharge your WordPress Site
180. 2.180
     Top Bar
181. 2.181
     Top Bar
182. 2.182
     Welcart e-Commerce
183. 2.183
     weForms – Easy Drag & Drop Contact Form Builder For WordPress
184. 2.184
     NextMove Lite – Thank You Page for WooCommerce
185. 2.185
     WP Accessibility Helper (WAH)
186. 2.186
     Asgaros Forum
187. 2.187
     BA Book Everything
188. 2.188
     bunny.net – WordPress CDN Plugin
189. 2.189
     Language Translate Widget for WordPress – ConveyThis
190. 2.190
     E2Pdf – Export To Pdf Tool for WordPress
191. 2.191
     eCommerce Product Catalog Plugin for WordPress
192. 2.192
     eRoom – Zoom Meetings & Webinars
193. 2.193
     Jobs for WordPress
194. 2.194
     Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
195. 2.195
     LifterLMS – WordPress LMS Plugin for eLearning
196. 2.196
     Page Builder: Live Composer
197. 2.197
     Mailster WordPress Newsletter Plugin Compatibility Tester
198. 2.198
     Order Delivery Date for WooCommerce
199. 2.199
     Popup by Supsystic
200. 2.200
     Membership Plugin – Restrict Content
201. 2.201
     Simple Post Notes
202. 2.202
     UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
203. 2.203
     WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics
204. 2.204
     Mail logging – WP Mail Catcher
205. 2.205
     WooCommerce Google Feed Manager
206. 2.206
     Elements Plus!
207. 2.207
     WooCommerce UPS Shipping – Live Rates and Access Points
208. 2.208
     Smart Forms – when you need more than just a contact form
209. 2.209
     Smart Forms – when you need more than just a contact form
210. 2.210
     Fatal Error Notify
211. 2.211
     Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
212. 2.212
     Unlimited Elementor Inner Sections By BoomDevs
213. 2.213
     WPvivid Backup for MainWP
214. 2.214
     Finale Lite – Sales Countdown Timer & Discount for WooCommerce
215. 2.215
     ProfileGrid – User Profiles, Memberships, Groups and Communities
216. 2.216
     Ultimate Product Catalog
217. 2.217
     WP Compress – Image Optimizer [All-In-One]
218. 2.218
     Load More Anything
219. 2.219
     Boostify Header Footer Builder for Elementor
220. 2.220
     Country State City Dropdown CF7
221. 2.221
     Product Input Fields for WooCommerce
222. 2.222
     Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
223. 2.223
     Responsive Gallery Grid
224. 2.224
     Responsive Tabs
225. 2.225
     Ultimate Bootstrap Elements for Elementor
226. 2.226
     WP Login and Logout Redirect
227. 2.227
     WOLF – WordPress Posts Bulk Editor and Manager Professional
228. 2.228
     Church Content – Sermons, Events and More
229. 2.229
     GEO my WordPress
230. 2.230
     Intagrate Lite
231. 2.231
     Podlove Podcast Publisher
232. 2.232
     Podlove Podcast Publisher
233. 2.233
     WP Client Reports
234. 2.234
     Shopping Cart & eCommerce Store
235. 2.235
     Shopping Cart & eCommerce Store
236. 2.236
     CP Media Player – Audio Player and Video Player
237. 2.237
     Contact Form Plugin
238. 2.238
     Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
239. 2.239
     Marker.io – Visual Website Feedback
240. 2.240
     MultiParcels Shipping For WooCommerce
241. 2.241
     Account Engagement
242. 2.242
     WordPress Hosting Benchmark tool
243. 2.243
     WPC Grouped Product for WooCommerce
244. 2.244
     WP Synchro – WordPress Migration Plugin for Database & Files
245. 2.245
     Zoho Campaigns
246. 2.246
     Zoho Campaigns
247. 2.247
     Premmerce Product Filter for WooCommerce
248. 2.248
     SEO Booster
249. 2.249
     TOP Table Of Contents
250. 2.250
     Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History
251. 2.251
     Extra Product Options Builder for WooCommerce
252. 2.252
     Custom Thank You Page Customize For WooCommerce by Binary Carpenter
253. 2.253
     Currency per Product for WooCommerce
254. 2.254
     Gallery Box
255. 2.255
     GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
256. 2.256
     Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
257. 2.257
     InstaWP Connect – 1-click WP Staging & Migration
258. 2.258
     LH Add Media From Url
259. 2.259
     Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
260. 2.260
     Open Close WooCommerce Store – Best Business Schedules Manager
261. 2.261
     WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
262. 2.262
     AppPresser – Mobile App Framework
263. 2.263
     Benchmark Email Lite
264. 2.264
     Church Admin
265. 2.265
     TempTool [Show Current Template Info]
266. 2.266
     Dashboard To-Do List
267. 2.267
     ELEX WooCommerce Dynamic Pricing and Discounts
268. 2.268
     ELEX WooCommerce Dynamic Pricing and Discounts
269. 2.269
     XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
270. 2.270
     Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
271. 2.271
     USPS Shipping for WooCommerce – Live Rates
272. 2.272
     Login with phone number
273. 2.273
     Login with phone number
274. 2.274
     MihanPanel – User Login , Registration and Dashboard
275. 2.275
     Netgsm
276. 2.276
     No-Bot Registration
277. 2.277
     Novelist
278. 2.278
     POEditor
279. 2.279
     ReDi Restaurant Reservation
280. 2.280
     Save as PDF Plugin by Pdfcrowd
281. 2.281
     WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
282. 2.282
     Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
283. 2.283
     TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys
284. 2.284
     Multi Currency For WooCommerce
285. 2.285
     WP Dynamic Keywords Injector
286. 2.286
     MWW Disclaimer Buttons
287. 2.287
     Siteimprove
288. 2.288
     BMI Adult & Kid Calculator
289. 2.289
     Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
290. 2.290
     Popup Like box – Page Plugin
291. 2.291
     Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
292. 2.292
     F4 Improvements
293. 2.293
     WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
294. 2.294
     NPS computy
295. 2.295
     NPS computy
296. 2.296
     Save as Image Plugin by Pdfcrowd
297. 2.297
     5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
298. 2.298
     AffiEasy
299. 2.299
     AWP Classifieds
300. 2.300
     BWL Advanced FAQ Manager
301. 2.301
     Calendarista Basic Edition
302. 2.302
     Digital Publications by Supsystic
303. 2.303
     Essential Grid
304. 2.304
     Fancy Product Designer
305. 2.305
     WPBakery Page Builder
306. 2.306
     WPBakery Page Builder
307. 2.307
     RestroPress
308. 2.308
     Slider Revolution
309. 2.309
     Table & Contact Form 7 Database – Tablesome
310. 2.310
     WooCommerce Customers Manager
311. 2.311
     WP Cost Estimation & Payment Forms Builder
312. 2.312
     WP Cost Estimation & Payment Forms Builder
313. 2.313
     WP Activity Log Premium
314. 2.314
     WPB Show Core
315. 2.315
     WPB Show Core
3. 3. WordPress Themes — 19 Patched / 7 Unpatched
1. 3.1
   Decode
2. 3.2
   Gridsby
3. 3.3
   GuCherry Blog
4. 3.4
   HappenStance
5. 3.5
   i-excel
6. 3.6
   i-max
7. 3.7
   Sensible WP
8. 3.8
   Blocksy
9. 3.9
   CityLogic
10. 3.10
    Default Mag
11. 3.11
    Emmet Lite
12. 3.12
    Lightning
13. 3.13
    Namaha
14. 3.14
    NewsXpress
15. 3.15
    Panoramic
16. 3.16
    PopularFX
17. 3.17
    Sarada Lite
18. 3.18
    Shopstar!
19. 3.19
    Sliding Door
20. 3.20
    Spa and Salon
21. 3.21
    Tainacan Interface
22. 3.22
    The Conference
23. 3.23
    X-T9
24. 3.24
    Soledad
25. 3.25
    Soledad
26. 3.26
    Soledad

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

WordPress Plugins — 234 Patched / 81 Unpatched

Plugin Slug:
woo-product-feed-pro

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
whats-new-genarator

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
zero-spam

Installations
30,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
embed-form

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
subscribe2

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
leadinfo

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pepro-ultimate-invoice

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
sync-post-with-other-site

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
easy-textillate

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
epoll-wp-voting

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
momoyoga-integration

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-buttons-creator

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-buttons-creator

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bannerlid

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Access Category Password

Plugin Slug:
access-category-password

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ads.txt Admin

Plugin Slug:
ads-txt-admin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Search

Plugin Slug:
advance-search

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Page Visit Counter

Plugin Slug:
advanced-page-visit-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Post Block – Post Grid for WordPress block editor

Plugin Slug:
advanced-post-block

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AIKit

Plugin Slug:
aikit-wordpress-ai-writing-assistant-using-gpt3

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Aspose.Words Exporter

Plugin Slug:
aspose-doc-exporter

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcodes and extra features for Phlox theme

Plugin Slug:
auxin-elements

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shortcodes and extra features for Phlox theme

Plugin Slug:
auxin-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Before And After

Plugin Slug:
before-and-after

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

bizcalendar-web

Plugin Slug:
bizcalendar-web

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bulk Block Converter

Plugin Slug:
bulk-block-converter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Canva – Design beautiful blog graphics

Plugin Slug:
canva

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CBX Bookmark & Favorite

Plugin Slug:
cbxwpbookmark

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Citadela Listing

Plugin Slug:
citadela-directory

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Citadela Listing

Plugin Slug:
citadela-directory

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Convert Post Types

Plugin Slug:
convert-post-types

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Crony Cronjob Manager

Plugin Slug:
crony

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Order Statuses for WooCommerce

Plugin Slug:
custom-order-statuses-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Customily Product Personalizer

Plugin Slug:
customily-v2

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Delete Custom Fields

Plugin Slug:
delete-custom-fields

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Disable Comments | WPZest

Plugin Slug:
disable-comments-wpz

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy CountDowner

Plugin Slug:
easy-countdowner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Logo

Plugin Slug:
easylogo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EZ Form Calculator

Plugin Slug:
ez-form-calculator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Filter Custom Fields & Taxonomies Light

Plugin Slug:
filter-custom-fields-taxonomies-light

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Find Duplicates

Plugin Slug:
find-duplicates

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Fixed HTML Toolbar

Plugin Slug:
fixed-html-toolbar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Flash Video Player

Plugin Slug:
flash-video-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Font Farsi

Plugin Slug:
font-farsi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook

Plugin Slug:
forms-to-zapier

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Freshdesk (official)

Plugin Slug:
freshdesk-support

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kimili Flash Embed

Plugin Slug:
kimili-flash-embed

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form & Lead Form Elementor Builder

Plugin Slug:
lead-form-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form & Lead Form Elementor Builder

Plugin Slug:
lead-form-builder

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Libsyn Publisher Hub

Plugin Slug:
libsyn-podcasting

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Libsyn Publisher Hub

Plugin Slug:
libsyn-podcasting

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Related Posts for WordPress

Plugin Slug:
microkids-related-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

MJ Update History

Plugin Slug:
mj-update-history

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ovic Addon Toolkit

Plugin Slug:
ovic-addon-toolkit

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Payment Forms for Paystack

Plugin Slug:
payment-forms-for-paystack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Product Feed on WooCommerce for Google

Plugin Slug:
purple-xmls-google-product-feed-for-woocommerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Code Insert Manager (Q2W3 Inc Manager)

Plugin Slug:
q2w3-inc-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Realtyna Organic IDX plugin

Plugin Slug:
real-estate-listing-realtyna-wpl

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Sangar Slider

Plugin Slug:
sangar-slider-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shopkeeper Extender

Plugin Slug:
shopkeeper-extender

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Matterport Shortcode

Plugin Slug:
shortcode-gallery-for-matterport-showcase

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Short URL

Plugin Slug:
shorten-url

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Testimonials Showcase

Plugin Slug:
simple-testimonials-showcase

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tax Rate Upload

Plugin Slug:
tax-rate-upload

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Post Type Builder (PTB)

Plugin Slug:
themify-ptb

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Post Type Builder (PTB)

Plugin Slug:
themify-ptb

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Mega Addons For Elementor

Plugin Slug:
ultimate-addons-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Activity Log Pro

Plugin Slug:
user-activity-log-pro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Appointment Bookings for Zoom GoogleMeet and more – Wappointment

Plugin Slug:
wappointment

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WidgetKit

Plugin Slug:
widgetkit-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

2Checkout Payment Gateway for WooCommerce

Plugin Slug:
woocommerce-2checkout-payment

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Registration for WooCommerce

Plugin Slug:
woocommerce-simple-registration

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP-Cufon

Plugin Slug:
wp-cufon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP File Download Light

Plugin Slug:
wp-file-download-light

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Radio – Worldwide Online Radio Stations Directory for WordPress

Plugin Slug:
wp-radio

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Radio – Worldwide Online Radio Stations Directory for WordPress

Plugin Slug:
wp-radio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Search Keyword Redirect

Plugin Slug:
wp-search-keyword-redirect

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP TradingView

Plugin Slug:
wp-tradingview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP User Profile Avatar

Plugin Slug:
wp-user-profile-avatar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woocommerce

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.6

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.7

Severity Score:
Medium

Plugin Slug:
ewww-image-optimizer

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.3.0

Severity Score:
Medium

Plugin Slug:
sg-cachepress

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.5.0

Severity Score:
Medium

Plugin Slug:
coming-soon

Installations
900,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.15.21

Severity Score:
Medium

Plugin Slug:
smart-slider-3

Installations
900,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.1.23

Severity Score:
Medium

Plugin Slug:
meta-box

Installations
700,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.9.4

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.28

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.25

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.25

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.17

Severity Score:
Medium

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.3.1

Severity Score:
Medium

Plugin Slug:
backwpup

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.0.4

Severity Score:
Medium

Plugin Slug:
ml-slider

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.70.1

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.5

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.3

Severity Score:
Medium

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.59.1

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.12

Severity Score:
High

Plugin Slug:
wp-google-maps

Installations
400,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
9.0.35

Severity Score:
Medium

Plugin Slug:
wpvivid-backuprestore

Installations
400,000+

Vulnerability:
PHP Object Injection

Patched in Version:
0.9.100

Severity Score:
Medium

Plugin Slug:
favicon-by-realfavicongenerator

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.30

Severity Score:
Medium

Plugin Slug:
gutenberg

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
18.1.0

Severity Score:
Medium

Plugin Slug:
newsletter

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.0.7

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
blocksy-companion

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.29

Severity Score:
Medium

Plugin Slug:
custom-facebook-feed

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.2

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.22

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.5

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.5

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.6

Severity Score:
Medium

Plugin Slug:
add-search-to-menu

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.5.6

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.0

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.5.4

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.3.3

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.2.83

Severity Score:
Medium

Plugin Slug:
foogallery

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.15

Severity Score:
Medium

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
wp-all-import

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.4

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.15

Severity Score:
Critical

Plugin Slug:
enhanced-media-library

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.10

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.2

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
remove-footer-credit

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
Medium

Plugin Slug:
instagram-widget-by-wpzoom

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.14

Severity Score:
Medium

Plugin Slug:
real-media-library-lite

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.22.12

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29

Severity Score:
Medium

Plugin Slug:
theme-my-login

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.1.7

Severity Score:
Medium

Plugin Slug:
wp-clone-by-wp-academy

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.4

Severity Score:
Medium

Plugin Slug:
boldgrid-easy-seo

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.15

Severity Score:
Medium

Plugin Slug:
user-registration

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.0

Severity Score:
Medium

Plugin Slug:
activecampaign-subscription-forms

Installations
60,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
8.1.15

Severity Score:
Medium

Plugin Slug:
addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.3.7

Severity Score:
Medium

Plugin Slug:
addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.3.7

Severity Score:
Medium

Plugin Slug:
advanced-iframe

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024.3

Severity Score:
Medium

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.96

Severity Score:
Medium

Plugin Slug:
customer-reviews-woocommerce

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.47.0

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.24

Severity Score:
Medium

Plugin Slug:
redirect-redirection

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
spotlight-social-photo-feeds

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.11

Severity Score:
Medium

Plugin Slug:
woo-smart-quick-view

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.3

Severity Score:
Medium

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.6.4

Severity Score:
High

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
wp-letsencrypt-ssl

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.1.0

Severity Score:
High

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
fancybox-for-wordpress

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.4

Severity Score:
Medium

Plugin Slug:
feedzy-rss-feeds

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.4

Severity Score:
Medium

Plugin Slug:
print-invoices-packing-slip-labels-for-woocommerce

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
carousel-slider

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
carousel-slider

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.10

Severity Score:
Medium

Plugin Slug:
dethemekit-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.76

Severity Score:
Medium

Plugin Slug:
advanced-cron-manager

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
fv-wordpress-flowplayer

Installations
30,000+

Vulnerability:
Unvalidated Redirects and Forwards

Patched in Version:
7.5.45.7212

Severity Score:
Medium

Plugin Slug:
link-whisper

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.7.0

Severity Score:
Medium

Plugin Slug:
login-with-ajax

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
super-socializer

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.13.64

Severity Score:
Medium

Plugin Slug:
testimonial-slider-and-showcase

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.8

Severity Score:
Medium

Plugin Slug:
woo-bulk-editor

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.4.2

Severity Score:
Medium

Plugin Slug:
wp-customer-reviews

Installations
30,000+

Vulnerability:
Unvalidated Redirects and Forwards

Patched in Version:
3.7.1

Severity Score:
Medium

Plugin Slug:
beaf-before-and-after-gallery

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.5.5

Severity Score:
Medium

Plugin Slug:
dashboard-welcome-for-elementor

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.8

Severity Score:
Medium

Plugin Slug:
envo-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.12

Severity Score:
Medium

Plugin Slug:
import-users-from-csv

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.3

Severity Score:
Medium

Plugin Slug:
ip2location-country-blocker

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.34.3

Severity Score:
Medium

Plugin Slug:
mailchimp-forms-by-mailmunch

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
omnisend-connect

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.14.4

Severity Score:
Medium

Plugin Slug:
powerkit

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.2

Severity Score:
Medium

Plugin Slug:
top-bar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
Medium

Plugin Slug:
top-bar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.6

Severity Score:
Medium

Plugin Slug:
usc-e-shop

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.10.0

Severity Score:
Medium

Plugin Slug:
weforms

Installations
20,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.6.21

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-nextmove-lite

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.18.2

Severity Score:
Medium

Plugin Slug:
wp-accessibility-helper

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.6.2.6

Severity Score:
Medium

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.9.0

Severity Score:
Medium

Plugin Slug:
ba-book-everything

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
1.6.5

Severity Score:
High

Plugin Slug:
bunnycdn

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
conveythis-translate

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
224

Severity Score:
High

Plugin Slug:
e2pdf

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.23.00

Severity Score:
Medium

Plugin Slug:
ecommerce-product-catalog

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.3.29

Severity Score:
Medium

Plugin Slug:
eroom-zoom-meetings-webinar

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.19

Severity Score:
Medium

Plugin Slug:
job-postings

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.6

Severity Score:
High

Plugin Slug:
legal-pages

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.5.1

Severity Score:
Medium

Plugin Slug:
live-composer-page-builder

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.36

Severity Score:
Medium

Plugin Slug:
mailster

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.0.7

Severity Score:
High

Plugin Slug:
order-delivery-date-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.21.0

Severity Score:
Medium

Plugin Slug:
popup-by-supsystic

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.10.28

Severity Score:
Medium

Plugin Slug:
restrict-content

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.9

Severity Score:
Medium

Plugin Slug:
simple-post-notes

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
userswp

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
wp-google-analytics-events

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1

Severity Score:
High

Plugin Slug:
wp-mail-catcher

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.7

Severity Score:
Medium

Plugin Slug:
wp-product-feed-manager

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.0

Severity Score:
High

Plugin Slug:
elements-plus

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.16.4

Severity Score:
Medium

Plugin Slug:
flexible-shipping-ups

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.5

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.94

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.94

Severity Score:
Medium

Plugin Slug:
fatal-error-notify

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.3

Severity Score:
Medium

Plugin Slug:
mage-eventpress

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.3

Severity Score:
Medium

Plugin Slug:
unlimited-elementor-inner-sections-by-boomdevs

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.5

Severity Score:
Medium

Plugin Slug:
wpvivid-backup-mainwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.34

Severity Score:
Medium

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.18.1

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.7.9

Severity Score:
Medium

Plugin Slug:
ultimate-product-catalogue

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.2.16

Severity Score:
Medium

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.11.01

Severity Score:
Medium

Plugin Slug:
ajax-load-more-anything

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.6

Severity Score:
Medium

Plugin Slug:
boostify-header-footer-builder

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
country-state-city-auto-dropdown

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.2

Severity Score:
Medium

Plugin Slug:
product-input-fields-for-woocommerce

Installations
6,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.74

Severity Score:
Medium

Plugin Slug:
responsive-gallery-grid

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.11

Severity Score:
Medium

Plugin Slug:
responsive-tabs

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.7

Severity Score:
Medium

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.1

Severity Score:
Medium

Plugin Slug:
wp-login-and-logout-redirect

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.8.2

Severity Score:
Medium

Plugin Slug:
church-theme-content

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.1

Severity Score:
Medium

Plugin Slug:
geo-my-wp

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
instagrate-to-wordpress

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.1

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
4.0.14

Severity Score:
High

Plugin Slug:
wp-client-reports

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
5.6.4

Severity Score:
High

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.6.0

Severity Score:
Medium

Plugin Slug:
audio-and-video-player

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
contact-form-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.25

Severity Score:
Medium

Plugin Slug:
everest-backup

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.2.5

Severity Score:
Critical

Plugin Slug:
marker-io

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.9

Severity Score:
Medium

Plugin Slug:
multiparcels-shipping-for-woocommerce

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.16.9

Severity Score:
Medium

Plugin Slug:
pardot

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.1

Severity Score:
Medium

Plugin Slug:
wpbenchmark

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.7

Severity Score:
Medium

Plugin Slug:
wpc-grouped-product

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
wpsynchro

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.11.3

Severity Score:
Medium

Plugin Slug:
zoho-campaigns

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
zoho-campaigns

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
premmerce-woocommerce-product-filter

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.3

Severity Score:
Medium

Plugin Slug:
seo-booster

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.10

Severity Score:
Medium

Plugin Slug:
top-table-of-contents

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.16

Severity Score:
Medium

Plugin Slug:
wallet-system-for-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.10

Severity Score:
Medium

Plugin Slug:
additional-product-fields-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.105

Severity Score:
Medium

Plugin Slug:
bc-woo-custom-thank-you-pages

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.14

Severity Score:
Medium

Plugin Slug:
currency-per-product-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.0

Severity Score:
Medium

Plugin Slug:
gallery-box

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.34

Severity Score:
Medium

Plugin Slug:
gg-woo-feed

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
gift-voucher

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.1

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.1.0.23

Severity Score:
Critical

Plugin Slug:
lh-add-media-from-url

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.23

Severity Score:
High

Plugin Slug:
sheets-to-wp-table-live-sync

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.5.1

Severity Score:
Medium

Plugin Slug:
woc-open-close

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.2

Severity Score:
Medium

Plugin Slug:
wp-event-aggregator

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.3.1

Severity Score:
Medium

Plugin Slug:
benchmark-email-lite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.0.28

Severity Score:
Medium

Plugin Slug:
current-template-name

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.13

Severity Score:
Medium

Plugin Slug:
dashboard-to-do-list

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
faq-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin Slug:
feather-login-page

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
flexible-shipping-usps

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.3

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.7.17

Severity Score:
High

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.94

Severity Score:
High

Plugin Slug:
mihanpanel-lite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
12.7

Severity Score:
Medium

Plugin Slug:
netgsm

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9

Severity Score:
High

Plugin Slug:
no-bot-registration

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
novelist

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
poeditor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.9

Severity Score:
Medium

Plugin Slug:
redi-restaurant-reservation

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
24.0303

Severity Score:
Medium

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
tour-booking-manager

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.1

Severity Score:
Medium

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
visitor-analytics-io

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
wc-multi-currency

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin Slug:
wp-dynamic-keywords-injector

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.22

Severity Score:
High

Plugin Slug:
mww-disclaimer-buttons

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2

Severity Score:
Medium

Plugin Slug:
siteimprove

Installations
900+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.7

Severity Score:
Medium

Plugin Slug:
bmi-adultkid-calculator

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.2

Severity Score:
High

Plugin Slug:
chat-help

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
ays-facebook-popup-likebox

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.3

Severity Score:
Medium

Plugin Slug:
webinar-ignition

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.06.0

Severity Score:
Medium

Plugin Slug:
f4-improvements

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
wp2leads

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.8

Severity Score:
Medium

Plugin Slug:
nps-computy

Installations
80+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.6

Severity Score:
Medium

Plugin Slug:
nps-computy

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.6

Severity Score:
Medium

Plugin Slug:
save-as-image-by-pdfcrowd

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
5-stars-rating-funnel

Installations
40+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
1.3.02

Severity Score:
High

Plugin Slug:
affieasy

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin:

AWP Classifieds

Plugin Slug:
another-wordpress-classifieds-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.3.2

Severity Score:
Medium

Plugin:

BWL Advanced FAQ Manager

Plugin Slug:
bwl-advanced-faq-manager

Vulnerability:
SQL Injection

Patched in Version:
2.0.4

Severity Score:
High

Plugin:

Calendarista Basic Edition

Plugin Slug:
calendarista-basic-edition

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.3

Severity Score:
Medium

Plugin:

Digital Publications by Supsystic

Plugin Slug:
digital-publications-by-supsystic

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.8

Severity Score:
Medium

Plugin:

Essential Grid

Plugin Slug:
essential-grid

Vulnerability:
Broken Access Control

Patched in Version:
3.1.2

Severity Score:
Medium

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.81

Severity Score:
Medium

Plugin:

WPBakery Page Builder

Plugin Slug:
js_composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6

Severity Score:
Medium

Plugin:

WPBakery Page Builder

Plugin Slug:
js_composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6

Severity Score:
Medium

Plugin:

RestroPress

Plugin Slug:
restropress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.2.1

Severity Score:
Medium

Plugin:

Slider Revolution

Plugin Slug:
revslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.7.0

Severity Score:
Medium

Plugin:

Table & Contact Form 7 Database – Tablesome

Plugin Slug:
tablesome

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.26

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
SQL Injection

Patched in Version:
29.7

Severity Score:
High

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
10.1.76

Severity Score:
High

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
Broken Access Control

Patched in Version:
10.1.77

Severity Score:
Medium

Plugin:

WP Activity Log Premium

Plugin Slug:
wp-security-audit-log-premium

Vulnerability:
SQL Injection

Patched in Version:
4.6.4.1

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6

Severity Score:
High

WordPress Themes — 19 Patched / 7 Unpatched

Theme Slug:
decode

Downloads
269,521

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
gridsby

Downloads
288,716

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
gucherry-blog

Downloads
136,966

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
happenstance

Downloads
134,390

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
i-excel

Downloads
262,257

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
i-max

Downloads
270,530

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
sensible-wp

Downloads
277,690

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,056,299

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.23

Severity Score:
Medium

Theme Slug:
citylogic

Downloads
292,720

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.30

Severity Score:
Medium

Theme Slug:
default-mag

Downloads
93,066

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.6

Severity Score:
Medium

Theme Slug:
emmet-lite

Downloads
104,881

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.8

Severity Score:
Medium

Theme Slug:
lightning

Downloads
2,240,450

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
15.19.0

Severity Score:
Medium

Theme Slug:
namaha

Downloads
63,477

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.41

Severity Score:
Medium

Theme Slug:
newsxpress

Downloads
11,096

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.8

Severity Score:
Medium

Theme Slug:
panoramic

Downloads
614,830

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.57

Severity Score:
Medium

Theme Slug:
popularfx

Downloads
773,374

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.5

Severity Score:
Medium

Theme Slug:
sarada-lite

Downloads
86,466

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.3

Severity Score:
Medium

Theme Slug:
shopstar

Downloads
286,946

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.34

Severity Score:
Medium

Theme Slug:
sliding-door

Downloads
537,017

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4

Severity Score:
Medium

Theme Slug:
spa-and-salon

Downloads
155,971

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.8

Severity Score:
Medium

Theme Slug:
tainacan-interface

Downloads
16,543

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2

Severity Score:
High

Theme Slug:
the-conference

Downloads
52,521

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

Theme Slug:
x-t9

Downloads
30,187

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.19.1

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.4.6

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Broken Access Control

Patched in Version:
8.4.6

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Broken Access Control

Patched in Version:
8.4.6

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-04-17 09:16:24.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. 1. WordPress Core
2. 2. WordPress Plugins — 73 Patched / 48 Unpatched
1. 2.1
   Slivery Extender
2. 2.2
   IDonate – blood request management system
3. 2.3
   Adsmonetizer
4. 2.4
   ArtiBot
5. 2.5
   Auto Refresh Single Page
6. 2.6
   BeePress
7. 2.7
   Blue Triad EZAnalytics
8. 2.8
   Change Memory Limit
9. 2.9
   Under Construction / Maintenance Mode from Acurax
10. 2.10
    Under Construction / Maintenance Mode from Acurax
11. 2.11
    Configure SMTP
12. 2.12
    Build & Control Block Patterns
13. 2.13
    Custom fields shortcode
14. 2.14
    Download Media
15. 2.15
    Duitku Payment Gateway
16. 2.16
    Easy!Appointments
17. 2.17
    Ebook Store
18. 2.18
    Conversios.io
19. 2.19
    FeedWordPress
20. 2.20
    Fontific | Google Fonts
21. 2.21
    Gestpay for WooCommerce
22. 2.22
    Maintenance Mode by helderk
23. 2.23
    JM Twitter Cards
24. 2.24
    Marketing Optimizer
25. 2.25
    Master Slider
26. 2.26
    Master Slider
27. 2.27
    Media Alt Renamer
28. 2.28
    WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
29. 2.29
    Page Builder Sandwich – Front-End Page Builder
30. 2.30
    Page Builder Sandwich – Front-End Page Builder
31. 2.31
    Page Restrict
32. 2.32
    Password Protected Store for WooCommerce
33. 2.33
    PayU India
34. 2.34
    postMash – custom post order
35. 2.35
    Restaurant Solutions – Checklist
36. 2.36
    Rolo Slider
37. 2.37
    Simple Tweet
38. 2.38
    Ultimate Bootstrap Elements for Elementor
39. 2.39
    Ultimate Bootstrap Elements for Elementor
40. 2.40
    User Shortcodes Plus
41. 2.41
    Vimeography: Vimeo Video Gallery WordPress Plugin
42. 2.42
    Watermark RELOADED
43. 2.43
    WordPress Access Control
44. 2.44
    CodeMirror Blocks
45. 2.45
    WP eCommerce
46. 2.46
    WP eCommerce
47. 2.47
    Page Duplicator
48. 2.48
    WP Private Content Plus
49. 2.49
    LiteSpeed Cache
50. 2.50
    LiteSpeed Cache
51. 2.51
    Complianz – GDPR/CCPA Cookie Consent
52. 2.52
    Premium Addons for Elementor
53. 2.53
    WP Shortcodes Plugin — Shortcodes Ultimate
54. 2.54
    SiteOrigin Widgets Bundle
55. 2.55
    Happy Addons for Elementor
56. 2.56
    Nextend Social Login and Register
57. 2.57
    GenerateBlocks
58. 2.58
    Page Builder: Pagelayer – Drag and Drop website builder
59. 2.59
    Orbit Fox by ThemeIsle
60. 2.60
    Orbit Fox by ThemeIsle
61. 2.61
    Beaver Builder – WordPress Page Builder
62. 2.62
    Download Manager
63. 2.63
    Download Manager
64. 2.64
    Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
65. 2.65
    Events Manager – Calendar, Bookings, Tickets, and more!
66. 2.66
    WP Show Posts
67. 2.67
    Advanced iFrame
68. 2.68
    AI Engine
69. 2.69
    Booking for Appointments and Events Calendar – Amelia
70. 2.70
    Exclusive Addons for Elementor
71. 2.71
    Exclusive Addons for Elementor
72. 2.72
    Exclusive Addons for Elementor
73. 2.73
    Exclusive Addons for Elementor
74. 2.74
    Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
75. 2.75
    Calculated Fields Form
76. 2.76
    Custom Field Suite
77. 2.77
    NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
78. 2.78
    WP Dashboard Notes
79. 2.79
    MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
80. 2.80
    Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
81. 2.81
    Restrict User Access – Ultimate Membership & Content Protection
82. 2.82
    Seraphinite Accelerator
83. 2.83
    NextMove Lite – Thank You Page for WooCommerce
84. 2.84
    Easy PayPal & Stripe Buy Now Button
85. 2.85
    Easy PayPal & Stripe Buy Now Button
86. 2.86
    WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
87. 2.87
    Wp Social Login and Register Social Counter
88. 2.88
    AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
89. 2.89
    Contact Form 7 – PayPal & Stripe Add-on
90. 2.90
    Contact Form 7 – PayPal & Stripe Add-on
91. 2.91
    Envo’s Elementor Templates & Widgets for WooCommerce
92. 2.92
    Envo’s Elementor Templates & Widgets for WooCommerce
93. 2.93
    Envo’s Elementor Templates & Widgets for WooCommerce
94. 2.94
    LifterLMS – WordPress LMS Plugin for eLearning
95. 2.95
    SportsPress – Sports Club & League Manager
96. 2.96
    Smart Forms – when you need more than just a contact form
97. 2.97
    WPvivid Backup for MainWP
98. 2.98
    Finale Lite – Sales Countdown Timer & Discount for WooCommerce
99. 2.99
    SoundCloud Shortcode
100. 2.100
     SMS Alert Order Notifications – WooCommerce
101. 2.101
     Thank You Page Customizer for WooCommerce – Increase Your Sales
102. 2.102
     Thank You Page Customizer for WooCommerce – Increase Your Sales
103. 2.103
     Coming Soon Page & Maintenance Mode
104. 2.104
     Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
105. 2.105
     Slider Responsive Slideshow – Image slider, Gallery slideshow
106. 2.106
     Spiffy Calendar
107. 2.107
     Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
108. 2.108
     Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
109. 2.109
     Friends
110. 2.110
     Oliver POS – A WooCommerce Point of Sale (POS)
111. 2.111
     Page Restriction WordPress (WP) – Protect WP Pages/Post
112. 2.112
     Image Optimizer, Resizer and CDN – Sirv
113. 2.113
     Image Optimizer, Resizer and CDN – Sirv
114. 2.114
     Tainacan
115. 2.115
     Comments Extra Fields For Post,Pages and CPT
116. 2.116
     Comments Extra Fields For Post,Pages and CPT
117. 2.117
     Backup
118. 2.118
     Elementor Pro
119. 2.119
     JobSearch
120. 2.120
     JobSearch
121. 2.121
     WP Social Widget
3. 3. WordPress Themes — 4 Patched / 1 Unpatched
1. 3.1
   Atahualpa
2. 3.2
   Yuki
3. 3.3
   Yuki
4. 3.4
   Avada
5. 3.5
   Avada

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 73 Patched / 48 Unpatched

Plugin Slug:
slivery-extender

Installations
2,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
idonate

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adsmonetizer

Plugin Slug:
adsensei-b30

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ArtiBot

Plugin Slug:
artibot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Auto Refresh Single Page

Plugin Slug:
auto-refresh-single-page

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BeePress

Plugin Slug:
beepress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Blue Triad EZAnalytics

Plugin Slug:
blue-triad-ezanalytics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Change Memory Limit

Plugin Slug:
change-memory-limit

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Under Construction / Maintenance Mode from Acurax

Plugin Slug:
coming-soon-maintenance-mode-from-acurax

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Under Construction / Maintenance Mode from Acurax

Plugin Slug:
coming-soon-maintenance-mode-from-acurax

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Configure SMTP

Plugin Slug:
configure-smtp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Build & Control Block Patterns

Plugin Slug:
control-block-patterns

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom fields shortcode

Plugin Slug:
custom-fields-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Download Media

Plugin Slug:
download-media

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Duitku Payment Gateway

Plugin Slug:
duitku-social-payment-gateway

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy!Appointments

Plugin Slug:
easyappointments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ebook Store

Plugin Slug:
ebook-store

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Conversios.io

Plugin Slug:
enhanced-e-commerce-for-woocommerce-store

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FeedWordPress

Plugin Slug:
feedwordpress

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fontific | Google Fonts

Plugin Slug:
fontific

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gestpay for WooCommerce

Plugin Slug:
gestpay-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Maintenance Mode by helderk

Plugin Slug:
hkdev-maintenance-mode

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

JM Twitter Cards

Plugin Slug:
jm-twitter-cards

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketing Optimizer

Plugin Slug:
marketing-optimizer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Media Alt Renamer

Plugin Slug:
media-alt-renamer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

Plugin Slug:
myshopkit-popup-smartbar-slidein

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Restrict

Plugin Slug:
pagerestrict

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Password Protected Store for WooCommerce

Plugin Slug:
password-protected-woo-store

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PayU India

Plugin Slug:
payu-india

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

postMash – custom post order

Plugin Slug:
postmash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
restaurant-solutions-checklist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Rolo Slider

Plugin Slug:
rolo-slider

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Tweet

Plugin Slug:
simple-tweet

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Shortcodes Plus

Plugin Slug:
user-shortcodes-plus

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Vimeography: Vimeo Video Gallery WordPress Plugin

Plugin Slug:
vimeography

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Watermark RELOADED

Plugin Slug:
watermark-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WordPress Access Control

Plugin Slug:
wordpress-access-control

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CodeMirror Blocks

Plugin Slug:
wp-codemirror-block

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP eCommerce

Plugin Slug:
wp-e-commerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP eCommerce

Plugin Slug:
wp-e-commerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Page Duplicator

Plugin Slug:
wp-page-duplicator

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Private Content Plus

Plugin Slug:
wp-private-content-plus

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
complianz-gdpr

Installations
900,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.0.0

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.22

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.4

Severity Score:
Medium

Plugin Slug:
so-widgets-bundle

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.58.8

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.2

Severity Score:
Medium

Plugin Slug:
nextend-facebook-connect

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.13

Severity Score:
High

Plugin Slug:
generateblocks

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.32

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.31

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.4.3

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.86

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.85

Severity Score:
Medium

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.7

Severity Score:
Medium

Plugin Slug:
wp-show-posts

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
advanced-iframe

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024.2

Severity Score:
Medium

Plugin Slug:
ai-engine

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
High

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.99

Severity Score:
High

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
visualcomposer

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
45.7.0

Severity Score:
Medium

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.57

Severity Score:
High

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.5

Severity Score:
Medium

Plugin Slug:
notificationx

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
wp-dashboard-notes

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.0.11

Severity Score:
Medium

Plugin Slug:
mainwp

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.0

Severity Score:
Medium

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.12.7

Severity Score:
High

Plugin Slug:
restrict-user-access

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6

Severity Score:
Medium

Plugin Slug:
seraphinite-accelerator

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.21

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-nextmove-lite

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.18.1

Severity Score:
Medium

Plugin Slug:
wp-ecommerce-paypal

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
wp-ecommerce-paypal

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
wp-event-manager

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.42

Severity Score:
High

Plugin Slug:
wp-social

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.1

Severity Score:
Medium

Plugin Slug:
aweber-web-form-widget

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
7.3.15

Severity Score:
High

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.5.2

Severity Score:
Medium

Plugin Slug:
sportspress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.18

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.87

Severity Score:
Medium

Plugin Slug:
wpvivid-backup-mainwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.33

Severity Score:
High

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.18.0

Severity Score:
Medium

Plugin Slug:
soundcloud-shortcode

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.2

Severity Score:
Medium

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
responsive-coming-soon

Installations
4,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
2.2.2

Severity Score:
Medium

Plugin Slug:
chat-bubble

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4

Severity Score:
Medium

Plugin Slug:
slider-responsive-slideshow

Installations
3,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.4.0

Severity Score:
High

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.9

Severity Score:
Medium

Plugin Slug:
antihacker

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.52

Severity Score:
Medium

Plugin Slug:
antihacker

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.53

Severity Score:
Medium

Plugin Slug:
friends

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.8.6

Severity Score:
Medium

Plugin Slug:
oliver-pos

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.1.9

Severity Score:
Medium

Plugin Slug:
page-and-post-restriction

Installations
1,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.2.1

Severity Score:
Medium

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
7.2.1

Severity Score:
Medium

Plugin Slug:
tainacan

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
0.20.7

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1

Severity Score:
Medium

Plugin:

Backup

Plugin Slug:
backup2

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.9.9

Severity Score:
High

Plugin:

Elementor Pro

Plugin Slug:
elementor-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.19.3

Severity Score:
Medium

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Broken Authentication

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

WP Social Widget

Plugin Slug:
wp-social-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

WordPress Themes — 4 Patched / 1 Unpatched

Theme Slug:
atahualpa

Downloads
1,333,690

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
yuki

Downloads
133,433

Vulnerability:
Broken Access Control

Patched in Version:
1.3.14

Severity Score:
Medium

Theme Slug:
yuki

Downloads
133,433

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.15

Severity Score:
Medium

Theme:

Avada

Theme Slug:
avada

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.11.6

Severity Score:
Medium

Theme:

Avada

Theme Slug:
avada

Vulnerability:
Arbitrary File Upload

Patched in Version:
7.11.5

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-03-06 14:16:57.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.