• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – February 16, 2022

WordPress Vulnerability Report – February 16, 2022

Written by

Michael Moore

on

February 16, 2022

Last Updated on February 16, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. New in this report: vulnerabilities are now listed in order by the number of active installs, rather than the date of the disclosure.

Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Contents of the February 16, 2022 Report

WordPress 5.9: Core Major Version Update Now Available

The latest version of WordPress core is WordPress 5.9. Be sure to update to WordPress 5.9 as soon as possible!

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

WP Statistics

Product image for WP Statistics.

Plugin
WP Statistics

Installations
600,000+

Vulnerability
Unauthenticated Blind SQL Injection

Patched in Version
13.1.5

Severity Score
Critical

The vulnerability has been patched, so you should update to version 13.1.5.

LoginPress

Product image for LoginPress | Custom Login Page Customizer.

Plugin
LoginPress | Custom Login Page Customizer

Installations
200,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
1.5.12

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.12.

WP Cerber Security, Anti-spam & Malware Scan

Product image for WP Cerber Security, Anti-spam & Malware Scan.

Plugin
WP Cerber Security, Anti-spam & Malware Scan

Installations
200,000+

Vulnerability
Unauthenticated Stored Cross-Site Scripting

Patched in Version
8.9.6

Severity Score
High

The vulnerability has been patched, so you should update to version 8.9.6.

Email Subscribers & Newsletters

Product image for Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin.

Plugin
Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin

Installations
100,000+

Vulnerability
Subscriber+ Blind SQL injection; Unauthenticated arbitrary option update

Patched in Version
5.3.2

Severity Score
High

The vulnerability has been patched, so you should update to version 5.3.2.

WP-Matomo Integration (WP-Piwik)

Product image for WP-Matomo Integration (WP-Piwik).

Plugin
WP-Matomo Integration (WP-Piwik)

Installations
60,000+

Vulnerability
Plugin Settings Reset via CSRF

Patched in Version
1.0.27

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.27.

Ditty (formerly Ditty News Ticker)

Product image for Ditty (formerly Ditty News Ticker).

Plugin
Ditty (formerly Ditty News Ticker)

Installations
50,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
3.0.15

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.15.

WordPress File Upload

Product image for WordPress File Upload.

Plugin
WordPress File Upload

Installations
30,000+

Vulnerability
Contributor+ Stored Cross-Site Scripting via Malicious SVG; Contributor+ Stored Cross-Site Scripting via Shortcode

Patched in Version
4.16.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.16.3.

PHP Everywhere

Product image for PHP Everywhere.

Plugin
PHP Everywhere

Installations
30,000+

Vulnerability
Contributor+ RCE via Gutenberg Block; Subscriber+ RCE via Shortcode; Contributor+ RCE via Metabox

Patched in Version
3.0.0

Severity Score
Critical

The vulnerability has been patched, so you should update to version 3.0.0.

Video Conferencing with Zoom

Product image for Video Conferencing with Zoom.

Plugin
Video Conferencing with Zoom

Installations
30,000+

Vulnerability
E-mail Address Disclosure

Patched in Version
3.8.17

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.17.

WP Visitor Statistics (Real Time Traffic)

Product image for WP Visitor Statistics (Real Time Traffic).

Plugin
WP Visitor Statistics (Real Time Traffic)

Installations
20,000+

Vulnerability
Subscriber+ SQL Injection

Patched in Version
5.6

Severity Score
High

The vulnerability has been patched, so you should update to version 5.6.

YOP Poll

Product image for YOP Poll.

Plugin
YOP Poll

Installations
20,000+

Vulnerability
Author+ Stored Cross-Site Scripting

Patched in Version
6.3.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.3.5.

WP Event Manager

Product image for WP Event Manager – Easily Build your Calendar of Events!.

Plugin
WP Event Manager – Easily Build your Calendar of Events!

Installations
10,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
3.1.23

Severity Score
Low

The vulnerability has been patched, so you should update to version 3.1.23.

UsersWP

Product image for UsersWP – User Registration & User Profile.

Plugin
UsersWP – User Registration & User Profile

Installations
10,000+

Vulnerability
Subscriber+ User Avatar Override

Patched in Version
1.2.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.1.

Smart Forms

Product image for Smart Forms – when you need more than just a contact form.

Plugin
Smart Forms – when you need more than just a contact form

Installations
10,000+

Vulnerability
Subscriber+ Form Data Download

Patched in Version
2.6.71

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.71.

E2Pdf

Product image for E2Pdf – Export To Pdf Tool for WordPress.

Plugin
E2Pdf – Export To Pdf Tool for WordPress

Installations
7,000+

Vulnerability
Admin+ Stored Cross-Site Scripting (XSS)

Patched in Version
1.16.45

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.16.45.

WordPress File Upload Professional

Product image for WordPress File Upload.

Plugin
WordPress File Upload

Vulnerability
Contributor+ Stored Cross-Site Scripting via Malicious SVG; Contributor+ Stored Cross-Site Scripting via Shortcode

Patched in Version
4.16.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.16.3.

Premium Plugin Vulnerabilities

In this section, the latest vulnerabilities for premium plugins have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

Fancy Product Designer

Product image for Fancy Product Designer.

Plugin
Fancy Product Designer

Installations
Unknown; Premium Plugin

Vulnerability
Admin+ SQL Injection

Patched in Version
4.7.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.7.5.

WordPress File Upload Professional

Product image for WordPress File Upload.

Plugin
WordPress File Upload

Vulnerability
Contributor+ Stored Cross-Site Scripting via Malicious SVG; Contributor+ Stored Cross-Site Scripting via Shortcode

Patched in Version
4.16.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.16.3.

WordPress Plugin Vulnerabilities – No Known Fix

Good news! No plugins with no known fix were disclosed this week.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

ArileWP

Product image for ArileWP.

Theme
ArileWP

Downloads
401,314

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
2.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.7.

Travel Agency

Product image for Travel Agency.

Theme
Travel Agency

Downloads
213,208

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
1.4.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.2.

Perfect Portfolio

Product image for Perfect Portfolio.

Theme
Perfect Portfolio

Downloads
172,199

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
1.1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.6.

Rara Business

Product image for Rara Business.

Theme
Rara Business

Downloads
160,126

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

AwpBusinessPress

Product image for AwpBusinessPress.

Theme
AwpBusinessPress

Downloads
40,249

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
0.2.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.2.4.

ConsultStreet

Product image for ConsultStreet.

Theme
ConsultStreet

Downloads
143,798

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
1.6.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.7.

Designexo

Product image for Designexo.

Theme
Designexo

Downloads
114,513

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
3.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.7.

Travel Booking

Product image for Travel Booking.

Theme
Travel Booking

Downloads
38,747

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

WordPress Theme Vulnerabilities – No Known Fix

This section covers vulnerabilities in themes with no known fix. Until a patch is available, deactivate and uninstall the theme.

Colorway

Product image for ColorWay.

Theme
ColorWay

Downloads
1,313,341

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Wallstreet

Product image for Wallstreet.

Theme
Wallstreet

Downloads
718,444

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Quality

Product image for Quality.

Theme
Quality

Downloads
495,739

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

StartKit

Product image for StartKit.

Theme
StartKit

Downloads
459,051

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Busiprof

Product image for Busiprof.

Theme
Busiprof

Downloads
458,162

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Rambo

Product image for Rambo.

Theme
Rambo

Downloads
371,342

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Spasalon

Product image for Spasalon.

Theme
Spasalon

Downloads
334,726

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

HoneyPress

Product image for HoneyPress.

Theme
HoneyPress

Downloads
226,695

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Fifteen

Product image for Fifteen.

Theme
Fifteen

Downloads
212,109

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

ElitePress

Product image for ElitePress.

Theme
ElitePress

Downloads
148,007

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Envo Business

Product image for Envo Business.

Theme
Envo Business

Downloads
111,185

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

CloudPress

Product image for CloudPress.

Theme
CloudPress

Downloads
102,458

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Shopbiz Lite

Product image for Shopbiz Lite.

Theme
Shopbiz Lite

Downloads
83,149

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

ConsultEra

Product image for ConsultEra.

Theme
ConsultEra

Downloads
82,730

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

EventPress

Product image for EventPress.

Theme
EventPress

Downloads
70,771

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Blain

Product image for Blain.

Theme
Blain

Downloads
50,841

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Robolist Lite

Product image for Robolist Lite.

Theme
Robolist Lite

Downloads
48,328

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Short

Product image for Short.

Theme
Short

Downloads
46,868

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

BusiCare

Product image for BusiCare.

Theme
BusiCare

Downloads
42,606

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Spice Software

Product image for Spice Software.

Theme
Spice Software

Downloads
40,528

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

WP Real Estate

Product image for WP Real Estate.

Theme
WP Real Estate

Downloads
38,280

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Jewelry Store

Product image for Jewelry Store.

Theme
Jewelry Store

Downloads
31,042

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

IH Business Pro

Product image for IH Business Pro.

Theme
IH Business Pro

Downloads
25,480

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Spiko

Product image for Spiko.

Theme
Spiko

Downloads
20,289

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Mediciti LIte

Product image for Mediciti Lite.

Theme
Mediciti Lite

Downloads
20,137

Vulnerability
XSS

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Auto Car

Product image for Auto Car.

Theme
Auto Car

Downloads
10,972

Vulnerability
XSS

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Hasten Lite

Product image for Hasten Lite.

Theme
Hasten Lite

Downloads
10,364

Vulnerability
XSS

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

lawyerpress lite

Product image for lawyerpress lite.

Theme
lawyerpress lite

Downloads
9,576

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Spawp

Product image for Spawp.

Theme
Spawp

Downloads
8,864

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Businesswp

Product image for Businesswp.

Theme
Businesswp

Downloads
6,371

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

NGO Charity Lite

Theme
NGO Charity Lite

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

AStore

Theme
AStore

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

Cactus

Theme
Cactus

Vulnerability
Reflected Cross-Site Scripting via Customizer Notify

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the theme.

How to Protect Your WordPress Website From Vulnerable Plugins and Themes

As you can see from this report, lots of new WordPress plugin and theme vulnerabilities are disclosed each week. We know it can be difficult to stay on top of every reported vulnerability disclosure, so the iThemes Security Pro plugin makes it easy to make sure your site isn’t running a theme, plugin, or WordPress core version with a known vulnerability.

Get iThemes Security Pro with 24/7 Website Security Monitoring

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.

Get iThemes Security Pro

Michael Moore

Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.

wordpress vulnerability report

Source link

Written by:
Abdul Wahid
Published on:
February 18, 2022

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter