WordPress Vulnerability Report — April 17, 2024

In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core

1.1
WordPress Core

2. WordPress Plugins — 234 Patched / 81 Unpatched

2.1
Product Feed PRO for WooCommerce
2.2
What’s New Generator
2.3
Zero Spam for WordPress
2.4
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
2.5
Subscribe2 – Form, Email Subscribers & Newsletters
2.6
Leadinfo
2.7
PeproDev Ultimate Invoice
2.8
Sync Post With Other Site
2.9
Easy Textillate
2.10
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
2.11
Yoga Schedule Momoyoga
2.12
Simple Buttons Creator
2.13
Simple Buttons Creator
2.14
MM-email2image
2.15
MM-email2image
2.16
Bannerlid
2.17
Access Category Password
2.18
Ads.txt Admin
2.19
Advanced Search
2.20
Advanced Page Visit Counter
2.21
Advanced Post Block – Post Grid for WordPress block editor
2.22
AIKit
2.23
Aspose.Words Exporter
2.24
Shortcodes and extra features for Phlox theme
2.25
Shortcodes and extra features for Phlox theme
2.26
Before And After
2.27
bizcalendar-web
2.28
Bulk Block Converter
2.29
Canva – Design beautiful blog graphics
2.30
CBX Bookmark & Favorite
2.31
Citadela Listing
2.32
Citadela Listing
2.33
Convert Post Types
2.34
Crony Cronjob Manager
2.35
Custom Order Statuses for WooCommerce
2.36
Customily Product Personalizer
2.37
Delete Custom Fields
2.38
Disable Comments | WPZest
2.39
Easy CountDowner
2.40
Easy Logo
2.41
EZ Form Calculator
2.42
Filter Custom Fields & Taxonomies Light
2.43
Find Duplicates
2.44
Fixed HTML Toolbar
2.45
Flash Video Player
2.46
Font Farsi
2.47
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
2.48
Freshdesk (official)
2.49
Kimili Flash Embed
2.50
Contact Form & Lead Form Elementor Builder
2.51
Contact Form & Lead Form Elementor Builder
2.52
Libsyn Publisher Hub
2.53
Libsyn Publisher Hub
2.54
Related Posts for WordPress
2.55
MJ Update History
2.56
Ovic Addon Toolkit
2.57
Payment Forms for Paystack
2.58
Product Feed on WooCommerce for Google
2.59
Code Insert Manager (Q2W3 Inc Manager)
2.60
Realtyna Organic IDX plugin
2.61
Sangar Slider
2.62
Shopkeeper Extender
2.63
WP Matterport Shortcode
2.64
Short URL
2.65
Simple Testimonials Showcase
2.66
Tax Rate Upload
2.67
Post Type Builder (PTB)
2.68
Post Type Builder (PTB)
2.69
Mega Addons For Elementor
2.70
User Activity Log Pro
2.71
Appointment Bookings for Zoom GoogleMeet and more – Wappointment
2.72
WidgetKit
2.73
2Checkout Payment Gateway for WooCommerce
2.74
Simple Registration for WooCommerce
2.75
WP-Cufon
2.76
WP File Download Light
2.77
WP Radio – Worldwide Online Radio Stations Directory for WordPress
2.78
WP Radio – Worldwide Online Radio Stations Directory for WordPress
2.79
Search Keyword Redirect
2.80
WP TradingView
2.81
WP User Profile Avatar
2.82
WooCommerce
2.83
ElementsKit Elementor addons
2.84
EWWW Image Optimizer
2.85
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
2.86
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
2.87
Smart Slider 3
2.88
Meta Box – WordPress Custom Fields Framework
2.89
Ocean Extra
2.90
Premium Addons for Elementor
2.91
Premium Addons for Elementor
2.92
Premium Addons for Elementor
2.93
Premium Addons for Elementor
2.94
The Events Calendar
2.95
BackWPup – WordPress Backup Plugin
2.96
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
2.97
WP Shortcodes Plugin — Shortcodes Ultimate
2.98
Forminator – Contact Form, Payment Form & Custom Form Builder
2.99
WordPress Gallery Plugin – NextGEN Gallery
2.100
Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.101
WP Go Maps (formerly WP Google Maps)
2.102
Migration, Backup, Staging – WPvivid
2.103
Favicon by RealFaviconGenerator
2.104
Gutenberg
2.105
Newsletter – Send awesome emails from WordPress
2.106
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.107
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.108
Blocksy Companion
2.109
Smash Balloon Social Post Feed
2.110
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.111
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.112
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.113
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.114
Ivory Search – WordPress Search Plugin
2.115
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.116
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.117
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.118
Download Manager
2.119
Best WordPress Gallery Plugin – FooGallery
2.120
GiveWP – Donation Plugin and Fundraising Platform
2.121
Inline Related Posts
2.122
Inline Related Posts
2.123
Inline Related Posts
2.124
Import any XML or CSV File to WordPress
2.125
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.126
Enhanced Media Library
2.127
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.128
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.129
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.130
Remove Footer Credit
2.131
WPZOOM Social Feed Widget & Block
2.132
Real Media Library: Media Library Folder & File Manager
2.133
Sydney Toolbox
2.134
Theme My Login
2.135
Clone
2.136
BoldGrid Easy SEO – Simple and Effective SEO
2.137
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
2.138
ActiveCampaign – Forms, Site Tracking, Live Chat
2.139
Elementor Addons by Livemesh
2.140
Elementor Addons by Livemesh
2.141
Advanced iFrame
2.142
Booking for Appointments and Events Calendar – Amelia
2.143
Customer Reviews for WooCommerce
2.144
Exclusive Addons for Elementor
2.145
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.146
Redirection
2.147
Spotlight Social Feeds [Block, Shortcode, and Widget]
2.148
WPC Smart Quick View for WooCommerce
2.149
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
2.150
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
2.151
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
2.152
Bold Page Builder
2.153
Bold Page Builder
2.154
Bold Page Builder
2.155
Bold Page Builder
2.156
Bold Page Builder
2.157
FancyBox for WordPress
2.158
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
2.159
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
2.160
Carousel Slider
2.161
Carousel Slider
2.162
DethemeKit For Elementor
2.163
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.164
Advanced Cron Manager – debug & control
2.165
FV Flowplayer Video Player
2.166
Link Whisper Free
2.167
Login With Ajax – Fast Logins, 2FA, Redirects
2.168
Social Share, Social Login and Social Comments Plugin – Super Socializer
2.169
Testimonial Slider
2.170
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
2.171
WP Customer Reviews
2.172
Ultimate Before After Image Slider & Gallery – BEAF
2.173
Dashboard Welcome for Elementor
2.174
Envo Extra
2.175
Import Users from CSV
2.176
IP2Location Country Blocker
2.177
MailChimp Forms by MailMunch
2.178
Email Marketing for WooCommerce by Omnisend
2.179
Powerkit – Supercharge your WordPress Site
2.180
Top Bar
2.181
Top Bar
2.182
Welcart e-Commerce
2.183
weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.184
NextMove Lite – Thank You Page for WooCommerce
2.185
WP Accessibility Helper (WAH)
2.186
Asgaros Forum
2.187
BA Book Everything
2.188
bunny.net – WordPress CDN Plugin
2.189
Language Translate Widget for WordPress – ConveyThis
2.190
E2Pdf – Export To Pdf Tool for WordPress
2.191
eCommerce Product Catalog Plugin for WordPress
2.192
eRoom – Zoom Meetings & Webinars
2.193
Jobs for WordPress
2.194
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
2.195
LifterLMS – WordPress LMS Plugin for eLearning
2.196
Page Builder: Live Composer
2.197
Mailster WordPress Newsletter Plugin Compatibility Tester
2.198
Order Delivery Date for WooCommerce
2.199
Popup by Supsystic
2.200
Membership Plugin – Restrict Content
2.201
Simple Post Notes
2.202
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
2.203
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics
2.204
Mail logging – WP Mail Catcher
2.205
WooCommerce Google Feed Manager
2.206
Elements Plus!
2.207
WooCommerce UPS Shipping – Live Rates and Access Points
2.208
Smart Forms – when you need more than just a contact form
2.209
Smart Forms – when you need more than just a contact form
2.210
Fatal Error Notify
2.211
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
2.212
Unlimited Elementor Inner Sections By BoomDevs
2.213
WPvivid Backup for MainWP
2.214
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
2.215
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.216
Ultimate Product Catalog
2.217
WP Compress – Image Optimizer [All-In-One]
2.218
Load More Anything
2.219
Boostify Header Footer Builder for Elementor
2.220
Country State City Dropdown CF7
2.221
Product Input Fields for WooCommerce
2.222
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.223
Responsive Gallery Grid
2.224
Responsive Tabs
2.225
Ultimate Bootstrap Elements for Elementor
2.226
WP Login and Logout Redirect
2.227
WOLF – WordPress Posts Bulk Editor and Manager Professional
2.228
Church Content – Sermons, Events and More
2.229
GEO my WordPress
2.230
Intagrate Lite
2.231
Podlove Podcast Publisher
2.232
Podlove Podcast Publisher
2.233
WP Client Reports
2.234
Shopping Cart & eCommerce Store
2.235
Shopping Cart & eCommerce Store
2.236
CP Media Player – Audio Player and Video Player
2.237
Contact Form Plugin
2.238
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
2.239
Marker.io – Visual Website Feedback
2.240
MultiParcels Shipping For WooCommerce
2.241
Account Engagement
2.242
WordPress Hosting Benchmark tool
2.243
WPC Grouped Product for WooCommerce
2.244
WP Synchro – WordPress Migration Plugin for Database & Files
2.245
Zoho Campaigns
2.246
Zoho Campaigns
2.247
Premmerce Product Filter for WooCommerce
2.248
SEO Booster
2.249
TOP Table Of Contents
2.250
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History
2.251
Extra Product Options Builder for WooCommerce
2.252
Custom Thank You Page Customize For WooCommerce by Binary Carpenter
2.253
Currency per Product for WooCommerce
2.254
Gallery Box
2.255
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
2.256
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
2.257
InstaWP Connect – 1-click WP Staging & Migration
2.258
LH Add Media From Url
2.259
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
2.260
Open Close WooCommerce Store – Best Business Schedules Manager
2.261
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
2.262
AppPresser – Mobile App Framework
2.263
Benchmark Email Lite
2.264
Church Admin
2.265
TempTool [Show Current Template Info]
2.266
Dashboard To-Do List
2.267
ELEX WooCommerce Dynamic Pricing and Discounts
2.268
ELEX WooCommerce Dynamic Pricing and Discounts
2.269
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
2.270
Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
2.271
USPS Shipping for WooCommerce – Live Rates
2.272
Login with phone number
2.273
Login with phone number
2.274
MihanPanel – User Login , Registration and Dashboard
2.275
Netgsm
2.276
No-Bot Registration
2.277
Novelist
2.278
POEditor
2.279
ReDi Restaurant Reservation
2.280
Save as PDF Plugin by Pdfcrowd
2.281
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
2.282
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.283
TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys
2.284
Multi Currency For WooCommerce
2.285
WP Dynamic Keywords Injector
2.286
MWW Disclaimer Buttons
2.287
Siteimprove
2.288
BMI Adult & Kid Calculator
2.289
Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
2.290
Popup Like box – Page Plugin
2.291
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
2.292
F4 Improvements
2.293
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
2.294
NPS computy
2.295
NPS computy
2.296
Save as Image Plugin by Pdfcrowd
2.297
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
2.298
AffiEasy
2.299
AWP Classifieds
2.300
BWL Advanced FAQ Manager
2.301
Calendarista Basic Edition
2.302
Digital Publications by Supsystic
2.303
Essential Grid
2.304
Fancy Product Designer
2.305
WPBakery Page Builder
2.306
WPBakery Page Builder
2.307
RestroPress
2.308
Slider Revolution
2.309
Table & Contact Form 7 Database – Tablesome
2.310
WooCommerce Customers Manager
2.311
WP Cost Estimation & Payment Forms Builder
2.312
WP Cost Estimation & Payment Forms Builder
2.313
WP Activity Log Premium
2.314
WPB Show Core
2.315
WPB Show Core

3. WordPress Themes — 19 Patched / 7 Unpatched

3.1
Decode
3.2
Gridsby
3.3
GuCherry Blog
3.4
HappenStance
3.5
i-excel
3.6
i-max
3.7
Sensible WP
3.8
Blocksy
3.9
CityLogic
3.10
Default Mag
3.11
Emmet Lite
3.12
Lightning
3.13
Namaha
3.14
NewsXpress
3.15
Panoramic
3.16
PopularFX
3.17
Sarada Lite
3.18
Shopstar!
3.19
Sliding Door
3.20
Spa and Salon
3.21
Tainacan Interface
3.22
The Conference
3.23
X-T9
3.24
Soledad
3.25
Soledad
3.26
Soledad

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium

WordPress Plugins — 234 Patched / 81 Unpatched

Plugin Slug:: woo-product-feed-pro
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: whats-new-genarator
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: zero-spam
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: embed-form
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: subscribe2
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: leadinfo
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: pepro-ultimate-invoice
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: sync-post-with-other-site
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: easy-textillate
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: epoll-wp-voting
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin Slug:: momoyoga-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: bannerlid
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Access Category Password
Plugin Slug:: access-category-password
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Ads.txt Admin
Plugin Slug:: ads-txt-admin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Advanced Page Visit Counter
Plugin Slug:: advanced-page-visit-counter
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Advanced Post Block – Post Grid for WordPress block editor
Plugin Slug:: advanced-post-block
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: AIKit
Plugin Slug:: aikit-wordpress-ai-writing-assistant-using-gpt3
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Aspose.Words Exporter
Plugin Slug:: aspose-doc-exporter
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Before And After
Plugin Slug:: before-and-after
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: bizcalendar-web
Plugin Slug:: bizcalendar-web
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Bulk Block Converter
Plugin Slug:: bulk-block-converter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Canva – Design beautiful blog graphics
Plugin Slug:: canva
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: CBX Bookmark & Favorite
Plugin Slug:: cbxwpbookmark
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Citadela Listing
Plugin Slug:: citadela-directory
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Citadela Listing
Plugin Slug:: citadela-directory
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Convert Post Types
Plugin Slug:: convert-post-types
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Crony Cronjob Manager
Plugin Slug:: crony
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Custom Order Statuses for WooCommerce
Plugin Slug:: custom-order-statuses-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Customily Product Personalizer
Plugin Slug:: customily-v2
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Delete Custom Fields
Plugin Slug:: delete-custom-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Disable Comments | WPZest
Plugin Slug:: disable-comments-wpz
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Easy CountDowner
Plugin Slug:: easy-countdowner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy Logo
Plugin Slug:: easylogo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: EZ Form Calculator
Plugin Slug:: ez-form-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Filter Custom Fields & Taxonomies Light
Plugin Slug:: filter-custom-fields-taxonomies-light
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Find Duplicates
Plugin Slug:: find-duplicates
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Fixed HTML Toolbar
Plugin Slug:: fixed-html-toolbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Flash Video Player
Plugin Slug:: flash-video-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
Plugin Slug:: forms-to-zapier
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Freshdesk (official)
Plugin Slug:: freshdesk-support
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Kimili Flash Embed
Plugin Slug:: kimili-flash-embed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form & Lead Form Elementor Builder
Plugin Slug:: lead-form-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form & Lead Form Elementor Builder
Plugin Slug:: lead-form-builder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Libsyn Publisher Hub
Plugin Slug:: libsyn-podcasting
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Libsyn Publisher Hub
Plugin Slug:: libsyn-podcasting
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Related Posts for WordPress
Plugin Slug:: microkids-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Ovic Addon Toolkit
Plugin Slug:: ovic-addon-toolkit
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Payment Forms for Paystack
Plugin Slug:: payment-forms-for-paystack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Product Feed on WooCommerce for Google
Plugin Slug:: purple-xmls-google-product-feed-for-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Code Insert Manager (Q2W3 Inc Manager)
Plugin Slug:: q2w3-inc-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Realtyna Organic IDX plugin
Plugin Slug:: real-estate-listing-realtyna-wpl
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Sangar Slider
Plugin Slug:: sangar-slider-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Shopkeeper Extender
Plugin Slug:: shopkeeper-extender
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Matterport Shortcode
Plugin Slug:: shortcode-gallery-for-matterport-showcase
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Short URL
Plugin Slug:: shorten-url
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Simple Testimonials Showcase
Plugin Slug:: simple-testimonials-showcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Post Type Builder (PTB)
Plugin Slug:: themify-ptb
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Post Type Builder (PTB)
Plugin Slug:: themify-ptb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: User Activity Log Pro
Plugin Slug:: user-activity-log-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Appointment Bookings for Zoom GoogleMeet and more – Wappointment
Plugin Slug:: wappointment
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: 2Checkout Payment Gateway for WooCommerce
Plugin Slug:: woocommerce-2checkout-payment
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simple Registration for WooCommerce
Plugin Slug:: woocommerce-simple-registration
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: WP-Cufon
Plugin Slug:: wp-cufon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP File Download Light
Plugin Slug:: wp-file-download-light
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:: wp-radio
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:: wp-radio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Search Keyword Redirect
Plugin Slug:: wp-search-keyword-redirect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP TradingView
Plugin Slug:: wp-tradingview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP User Profile Avatar
Plugin Slug:: wp-user-profile-avatar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: woocommerce
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.6
Severity Score:: Medium

Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium

Plugin Slug:: ewww-image-optimizer
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.3.0
Severity Score:: Medium

Plugin Slug:: sg-cachepress
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.0
Severity Score:: Medium

Plugin Slug:: coming-soon
Installations: 900,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.15.21
Severity Score:: Medium

Plugin Slug:: smart-slider-3
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.1.23
Severity Score:: Medium

Plugin Slug:: meta-box
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4
Severity Score:: Medium

Plugin Slug:: ocean-extra
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.28
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.25
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.25
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.17
Severity Score:: Medium

Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.1
Severity Score:: Medium

Plugin Slug:: backwpup
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.4
Severity Score:: Medium

Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.70.1
Severity Score:: Medium

Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.5
Severity Score:: Medium

Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.3
Severity Score:: Medium

Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.59.1
Severity Score:: Medium

Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.12
Severity Score:: High

Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 9.0.35
Severity Score:: Medium

Plugin Slug:: wpvivid-backuprestore
Installations: 400,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.9.100
Severity Score:: Medium

Plugin Slug:: favicon-by-realfavicongenerator
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.30
Severity Score:: Medium

Plugin Slug:: gutenberg
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 18.1.0
Severity Score:: Medium

Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.7
Severity Score:: Medium

Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium

Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium

Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.29
Severity Score:: Medium

Plugin Slug:: custom-facebook-feed
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: Medium

Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.22
Severity Score:: Medium

Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: Medium

Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.5
Severity Score:: Medium

Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.6
Severity Score:: Medium

Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.6
Severity Score:: Medium

Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.0
Severity Score:: Medium

Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: Medium

Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.3
Severity Score:: Medium

Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.2.83
Severity Score:: Medium

Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium

Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium

Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium

Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.0
Severity Score:: Medium

Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium

Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.4
Severity Score:: Medium

Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.15
Severity Score:: Critical

Plugin Slug:: enhanced-media-library
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.10
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.2
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium

Plugin Slug:: remove-footer-credit
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.14
Severity Score:: Medium

Plugin Slug:: instagram-widget-by-wpzoom
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.14
Severity Score:: Medium

Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.12
Severity Score:: Medium

Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29
Severity Score:: Medium

Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.7
Severity Score:: Medium

Plugin Slug:: wp-clone-by-wp-academy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.4
Severity Score:: Medium

Plugin Slug:: boldgrid-easy-seo
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.15
Severity Score:: Medium

Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium

Plugin Slug:: activecampaign-subscription-forms
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.1.15
Severity Score:: Medium

Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.7
Severity Score:: Medium

Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.7
Severity Score:: Medium

Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.3
Severity Score:: Medium

Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.96
Severity Score:: Medium

Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9.1
Severity Score:: Medium

Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.24
Severity Score:: Medium

Plugin Slug:: redirect-redirection
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.0
Severity Score:: Medium

Plugin Slug:: spotlight-social-photo-feeds
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.11
Severity Score:: Medium

Plugin Slug:: woo-smart-quick-view
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium

Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.4
Severity Score:: High

Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium

Plugin Slug:: wp-letsencrypt-ssl
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.1.0
Severity Score:: High

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium

Plugin Slug:: fancybox-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium

Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.4
Severity Score:: Medium

Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium

Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium

Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.10
Severity Score:: Medium

Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium

Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.76
Severity Score:: Medium

Plugin Slug:: advanced-cron-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium

Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 7.5.45.7212
Severity Score:: Medium

Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.7.0
Severity Score:: Medium

Plugin Slug:: login-with-ajax
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium

Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.13.64
Severity Score:: Medium

Plugin Slug:: testimonial-slider-and-showcase
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium

Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4.2
Severity Score:: Medium

Plugin Slug:: wp-customer-reviews
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 3.7.1
Severity Score:: Medium

Plugin Slug:: beaf-before-and-after-gallery
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.5.5
Severity Score:: Medium

Plugin Slug:: dashboard-welcome-for-elementor
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8
Severity Score:: Medium

Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.12
Severity Score:: Medium

Plugin Slug:: import-users-from-csv
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3
Severity Score:: Medium

Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.34.3
Severity Score:: Medium

Plugin Slug:: mailchimp-forms-by-mailmunch
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.2
Severity Score:: Medium

Plugin Slug:: omnisend-connect
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.14.4
Severity Score:: Medium

Plugin Slug:: powerkit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: Medium

Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium

Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium

Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.10.0
Severity Score:: Medium

Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.21
Severity Score:: Medium

Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.18.2
Severity Score:: Medium

Plugin Slug:: wp-accessibility-helper
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.6.2.6
Severity Score:: Medium

Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.0
Severity Score:: Medium

Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.5
Severity Score:: High

Plugin Slug:: bunnycdn
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium

Plugin Slug:: conveythis-translate
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 224
Severity Score:: High

Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.23.00
Severity Score:: Medium

Plugin Slug:: ecommerce-product-catalog
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.3.29
Severity Score:: Medium

Plugin Slug:: eroom-zoom-meetings-webinar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.19
Severity Score:: Medium

Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: High

Plugin Slug:: legal-pages
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.3
Severity Score:: Medium

Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.5.1
Severity Score:: Medium

Plugin Slug:: live-composer-page-builder
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.36
Severity Score:: Medium

Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.7
Severity Score:: High

Plugin Slug:: order-delivery-date-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.21.0
Severity Score:: Medium

Plugin Slug:: popup-by-supsystic
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.28
Severity Score:: Medium

Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.9
Severity Score:: Medium

Plugin Slug:: simple-post-notes
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.7
Severity Score:: Medium

Plugin Slug:: userswp
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium

Plugin Slug:: wp-google-analytics-events
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High

Plugin Slug:: wp-mail-catcher
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.7
Severity Score:: Medium

Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.0
Severity Score:: High

Plugin Slug:: elements-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium

Plugin Slug:: flexible-shipping-ups
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.5
Severity Score:: Medium

Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.94
Severity Score:: Medium

Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.94
Severity Score:: Medium

Plugin Slug:: fatal-error-notify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium

Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.3
Severity Score:: Medium

Plugin Slug:: unlimited-elementor-inner-sections-by-boomdevs
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.5
Severity Score:: Medium

Plugin Slug:: wpvivid-backup-mainwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.34
Severity Score:: Medium

Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.18.1
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.7.9
Severity Score:: Medium

Plugin Slug:: ultimate-product-catalogue
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.16
Severity Score:: Medium

Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.11.01
Severity Score:: Medium

Plugin Slug:: ajax-load-more-anything
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium

Plugin Slug:: boostify-header-footer-builder
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium

Plugin Slug:: country-state-city-auto-dropdown
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium

Plugin Slug:: product-input-fields-for-woocommerce
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.0
Severity Score:: Medium

Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.74
Severity Score:: Medium

Plugin Slug:: responsive-gallery-grid
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.11
Severity Score:: Medium

Plugin Slug:: responsive-tabs
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: Medium

Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium

Plugin Slug:: wp-login-and-logout-redirect
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium

Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8.2
Severity Score:: Medium

Plugin Slug:: church-theme-content
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.1
Severity Score:: Medium

Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium

Plugin Slug:: instagrate-to-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium

Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.1
Severity Score:: Medium

Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.14
Severity Score:: High

Plugin Slug:: wp-client-reports
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.23
Severity Score:: Medium

Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.4
Severity Score:: High

Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.6.0
Severity Score:: Medium

Plugin Slug:: audio-and-video-player
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0
Severity Score:: Medium

Plugin Slug:: contact-form-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.25
Severity Score:: Medium

Plugin Slug:: everest-backup
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.5
Severity Score:: Critical

Plugin Slug:: marker-io
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.9
Severity Score:: Medium

Plugin Slug:: multiparcels-shipping-for-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.16.9
Severity Score:: Medium

Plugin Slug:: pardot
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium

Plugin Slug:: wpbenchmark
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium

Plugin Slug:: wpc-grouped-product
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium

Plugin Slug:: wpsynchro
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.11.3
Severity Score:: Medium

Plugin Slug:: zoho-campaigns
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8
Severity Score:: Medium

Plugin Slug:: zoho-campaigns
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8
Severity Score:: Medium

Plugin Slug:: premmerce-woocommerce-product-filter
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.3
Severity Score:: Medium

Plugin Slug:: seo-booster
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.10
Severity Score:: Medium

Plugin Slug:: top-table-of-contents
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.16
Severity Score:: Medium

Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.10
Severity Score:: Medium

Plugin Slug:: additional-product-fields-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.105
Severity Score:: Medium

Plugin Slug:: bc-woo-custom-thank-you-pages
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.14
Severity Score:: Medium

Plugin Slug:: currency-per-product-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.0
Severity Score:: Medium

Plugin Slug:: gallery-box
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.34
Severity Score:: Medium

Plugin Slug:: gg-woo-feed
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium

Plugin Slug:: gift-voucher
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.1
Severity Score:: Medium

Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.1.0.23
Severity Score:: Critical

Plugin Slug:: lh-add-media-from-url
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.23
Severity Score:: High

Plugin Slug:: sheets-to-wp-table-live-sync
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.1
Severity Score:: Medium

Plugin Slug:: woc-open-close
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.2
Severity Score:: Medium

Plugin Slug:: wp-event-aggregator
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.7
Severity Score:: Medium

Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.1
Severity Score:: Medium

Plugin Slug:: benchmark-email-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.28
Severity Score:: Medium

Plugin Slug:: current-template-name
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.13
Severity Score:: Medium

Plugin Slug:: dashboard-to-do-list
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.2
Severity Score:: Medium

Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium

Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium

Plugin Slug:: faq-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.1
Severity Score:: Medium

Plugin Slug:: feather-login-page
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.6
Severity Score:: Medium

Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.3
Severity Score:: Medium

Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.17
Severity Score:: High

Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.94
Severity Score:: High

Plugin Slug:: mihanpanel-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 12.7
Severity Score:: Medium

Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High

Plugin Slug:: no-bot-registration
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0
Severity Score:: Medium

Plugin Slug:: novelist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium

Plugin Slug:: poeditor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.9
Severity Score:: Medium

Plugin Slug:: redi-restaurant-reservation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 24.0303
Severity Score:: Medium

Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium

Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.1
Severity Score:: Medium

Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium

Plugin Slug:: visitor-analytics-io
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium

Plugin Slug:: wc-multi-currency
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium

Plugin Slug:: wp-dynamic-keywords-injector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High

Plugin Slug:: mww-disclaimer-buttons
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: Medium

Plugin Slug:: siteimprove
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.7
Severity Score:: Medium

Plugin Slug:: bmi-adultkid-calculator
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: High

Plugin Slug:: chat-help
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.0
Severity Score:: Medium

Plugin Slug:: ays-facebook-popup-likebox
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.3
Severity Score:: Medium

Plugin Slug:: webinar-ignition
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.06.0
Severity Score:: Medium

Plugin Slug:: f4-improvements
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium

Plugin Slug:: wp2leads
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.8
Severity Score:: Medium

Plugin Slug:: nps-computy
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium

Plugin Slug:: nps-computy
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: Medium

Plugin Slug:: save-as-image-by-pdfcrowd
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium

Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.3.02
Severity Score:: High

Plugin Slug:: affieasy
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.6
Severity Score:: Medium

Plugin:: AWP Classifieds
Plugin Slug:: another-wordpress-classifieds-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.2
Severity Score:: Medium

Plugin:: BWL Advanced FAQ Manager
Plugin Slug:: bwl-advanced-faq-manager
Vulnerability:: SQL Injection
Patched in Version:: 2.0.4
Severity Score:: High

Plugin:: Calendarista Basic Edition
Plugin Slug:: calendarista-basic-edition
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.3
Severity Score:: Medium

Plugin:: Digital Publications by Supsystic
Plugin Slug:: digital-publications-by-supsystic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: Medium

Plugin:: Essential Grid
Plugin Slug:: essential-grid
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: Medium

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.81
Severity Score:: Medium

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium

Plugin:: RestroPress
Plugin Slug:: restropress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2.1
Severity Score:: Medium

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.0
Severity Score:: Medium

Plugin:: Table & Contact Form 7 Database – Tablesome
Plugin Slug:: tablesome
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.26
Severity Score:: Medium

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: SQL Injection
Patched in Version:: 29.7
Severity Score:: High

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.1.76
Severity Score:: High

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Broken Access Control
Patched in Version:: 10.1.77
Severity Score:: Medium

Plugin:: WP Activity Log Premium
Plugin Slug:: wp-security-audit-log-premium
Vulnerability:: SQL Injection
Patched in Version:: 4.6.4.1
Severity Score:: High

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7
Severity Score:: High

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High

WordPress Themes — 19 Patched / 7 Unpatched

Theme Slug:: decode
Downloads: 269,521
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: gridsby
Downloads: 288,716
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: gucherry-blog
Downloads: 136,966
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme Slug:: happenstance
Downloads: 134,390
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: i-excel
Downloads: 262,257
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: i-max
Downloads: 270,530
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: sensible-wp
Downloads: 277,690
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: blocksy
Downloads: 3,056,299
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium

Theme Slug:: citylogic
Downloads: 292,720
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.30
Severity Score:: Medium

Theme Slug:: default-mag
Downloads: 93,066
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.6
Severity Score:: Medium

Theme Slug:: emmet-lite
Downloads: 104,881
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: Medium

Theme Slug:: lightning
Downloads: 2,240,450
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 15.19.0
Severity Score:: Medium

Theme Slug:: namaha
Downloads: 63,477
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.41
Severity Score:: Medium

Theme Slug:: newsxpress
Downloads: 11,096
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8
Severity Score:: Medium

Theme Slug:: panoramic
Downloads: 614,830
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.57
Severity Score:: Medium

Theme Slug:: popularfx
Downloads: 773,374
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.5
Severity Score:: Medium

Theme Slug:: sarada-lite
Downloads: 86,466
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium

Theme Slug:: shopstar
Downloads: 286,946
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.34
Severity Score:: Medium

Theme Slug:: sliding-door
Downloads: 537,017
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4
Severity Score:: Medium

Theme Slug:: spa-and-salon
Downloads: 155,971
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.8
Severity Score:: Medium

Theme Slug:: tainacan-interface
Downloads: 16,543
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: High

Theme Slug:: the-conference
Downloads: 52,521
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium

Theme Slug:: x-t9
Downloads: 30,187
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.19.1
Severity Score:: Medium

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.4.6
Severity Score:: Medium

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Broken Access Control
Patched in Version:: 8.4.6
Severity Score:: Medium

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Broken Access Control
Patched in Version:: 8.4.6
Severity Score:: High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

WordPress Vulnerability Report — April 17, 2024

Table of Contents

WordPress Core

WordPress Plugins — 234 Patched / 81 Unpatched

WordPress Themes — 19 Patched / 7 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

VirusWord by Promaps, Inc.

Table of Contents

WordPress Core

WordPress Plugins — 234 Patched / 81 Unpatched

WordPress Themes — 19 Patched / 7 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more