In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 18 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.5
- Severity Score:
- Medium
WordPress Plugins — 177 Patched / 18 Unpatched
- Plugin Slug:
- user-activity-log
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- bannerlid
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Auto Poster
- Plugin Slug:
- auto-poster
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Breakdance
- Plugin Slug:
- breakdance
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
CGC Maintenance Mode
- Plugin Slug:
- cgc-maintenance-mode
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Passster – Password Protection
- Plugin Slug:
- content-protector
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Easy Login Styler – White Label Admin Login Page for WordPress
- Plugin Slug:
- easy-login-styler
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
EnvíaloSimple
- Plugin Slug:
- envialosimple-email-marketing-y-newsletters-gratis
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Font Farsi
- Plugin Slug:
- font-farsi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Global Elementor Buttons
- Plugin Slug:
- global-elementor-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Gradient Text Widget for Elementor
- Plugin Slug:
- gradient-text-widget-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Oxygen Builder
- Plugin Slug:
- oxygen
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
WordPress Gallery Exporter
- Plugin Slug:
- wp-gallery-exporter
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- woocommerce
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.6.0
- Severity Score:
- Medium
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.9.14
- Severity Score:
- High
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.9.14
- Severity Score:
- Medium
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 7.2.6
- Severity Score:
- Medium
- Plugin Slug:
- ocean-extra
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.10.23
- Severity Score:
- Medium
- Plugin Slug:
- backwpup
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.0.4
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.4
- Severity Score:
- Medium
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.3
- Severity Score:
- Medium
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.1
- Severity Score:
- High
- Plugin Slug:
- nextgen-gallery
- Installations
- 500,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.59.1
- Severity Score:
- Medium
- Plugin Slug:
- coblocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.32
- Severity Score:
- Medium
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.18
- Severity Score:
- Medium
- Plugin Slug:
- cmb2
- Installations
- 300,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.11.0
- Severity Score:
- High
- Plugin Slug:
- metform
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.6
- Severity Score:
- Medium
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.95
- Severity Score:
- Medium
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.22
- Severity Score:
- Medium
- Plugin Slug:
- post-views-counter
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- Plugin Slug:
- responsive-lightbox
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- Plugin Slug:
- woo-cart-abandonment-recovery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.27
- Severity Score:
- Medium
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.3
- Severity Score:
- Medium
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.0.7
- Severity Score:
- Medium
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.270
- Severity Score:
- Medium
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.4
- Severity Score:
- Medium
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- Plugin Slug:
- genesis-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.18
- Severity Score:
- Medium
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.19
- Severity Score:
- Medium
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.22.2
- Severity Score:
- Medium
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- 4.22.2
- Severity Score:
- Medium
- Plugin Slug:
- template-kit-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.15
- Severity Score:
- Medium
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- Plugin Slug:
- woo-order-export-lite
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.4.5
- Severity Score:
- Critical
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.16
- Severity Score:
- Medium
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.14
- Severity Score:
- Medium
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.15
- Severity Score:
- Medium
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.9
- Severity Score:
- Medium
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.12
- Severity Score:
- Medium
- Plugin Slug:
- flexible-checkout-fields
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.3
- Severity Score:
- Medium
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.0.1
- Severity Score:
- High
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.6.4
- Severity Score:
- Medium
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.2.6.4
- Severity Score:
- Medium
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29
- Severity Score:
- Medium
- Plugin Slug:
- boldgrid-easy-seo
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.15
- Severity Score:
- Medium
- Plugin Slug:
- simple-tags
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.20.0
- Severity Score:
- Medium
- Plugin Slug:
- wp-carousel-free
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.9.3
- Severity Score:
- High
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.10
- Severity Score:
- Medium
- Plugin Slug:
- fancybox-for-wordpress
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.4
- Severity Score:
- Medium
- Plugin Slug:
- feedzy-rss-feeds
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.4
- Severity Score:
- Medium
- Plugin Slug:
- image-watermark
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- Plugin Slug:
- print-invoices-packing-slip-labels-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.11.3
- Severity Score:
- Medium
- Plugin Slug:
- social-pug
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.33.1
- Severity Score:
- Medium
- Plugin Slug:
- wpfront-user-role-editor
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.1.0
- Severity Score:
- Medium
- Plugin Slug:
- convertkit
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- Plugin Slug:
- secupress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.5.2
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- Plugin Slug:
- wp-import-export-lite
- Installations
- 40,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.9.27
- Severity Score:
- Medium
- Plugin Slug:
- google-maps-easy
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.11.12
- Severity Score:
- Medium
- Plugin Slug:
- sumome
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.35
- Severity Score:
- Low
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-addons-for-beaver-builder-lite
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.8
- Severity Score:
- Medium
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- Plugin Slug:
- ecwid-shopping-cart
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.12.11
- Severity Score:
- Medium
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 5.0
- Severity Score:
- High
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.24
- Severity Score:
- Medium
- Plugin Slug:
- powerkit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.2
- Severity Score:
- Medium
- Plugin Slug:
- shortpixel-adaptive-images
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.3
- Severity Score:
- Medium
- Plugin Slug:
- wp-file-upload
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.24.6
- Severity Score:
- Medium
- Plugin Slug:
- bookingpress-appointment-booking
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.0.82
- Severity Score:
- Medium
- Plugin Slug:
- bookingpress-appointment-booking
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.88
- Severity Score:
- Medium
- Plugin Slug:
- bunnycdn
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- Plugin Slug:
- captcha-bws
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.2.1
- Severity Score:
- Medium
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.5
- Severity Score:
- Medium
- Plugin Slug:
- contact-form-to-email
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.45
- Severity Score:
- Medium
- Plugin Slug:
- favorites
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.5.1
- Severity Score:
- Medium
- Plugin Slug:
- mailmunch
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.4
- Severity Score:
- Critical
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 240325
- Severity Score:
- High
- Plugin Slug:
- subscribe-to-comments-reloaded
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 240119
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-maps-by-supsystic
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.17
- Severity Score:
- Medium
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.6.03.005
- Severity Score:
- Critical
- Plugin Slug:
- wp-server-stats
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- Plugin Slug:
- media-library-plus
- Installations
- 9,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 8.1.9
- Severity Score:
- Medium
- Plugin Slug:
- wp-migration-duplicator
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.8
- Severity Score:
- Low
- Plugin Slug:
- announcer
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.0.1
- Severity Score:
- Medium
- Plugin Slug:
- generate-child-theme
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- Plugin Slug:
- learnpress-import-export
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.0.4
- Severity Score:
- High
- Plugin Slug:
- wpvivid-backup-mainwp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.34
- Severity Score:
- Medium
- Plugin Slug:
- armember-membership
- Installations
- 7,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 4.0.28
- Severity Score:
- Medium
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.7.9
- Severity Score:
- Medium
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.7.7
- Severity Score:
- Medium
- Plugin Slug:
- announce-from-the-dashboard
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.4
- Severity Score:
- High
- Plugin Slug:
- wordpress-tooltips
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.5.9
- Severity Score:
- High
- Plugin Slug:
- wp-sort-order
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- Plugin Slug:
- edwiser-bridge
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.4
- Severity Score:
- High
- Plugin Slug:
- js-support-ticket
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- Plugin Slug:
- wp-stateless
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.1
- Severity Score:
- High
- Plugin Slug:
- advanced-local-pickup-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.3
- Severity Score:
- High
- Plugin Slug:
- custom-post-types
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.5
- Severity Score:
- Medium
- Plugin Slug:
- peepso-core
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.3.1.2
- Severity Score:
- Medium
- Plugin Slug:
- watu
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.1.1
- Severity Score:
- Medium
- Plugin Slug:
- watu
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.4.1.1
- Severity Score:
- Medium
- Plugin Slug:
- comments-import-export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.6
- Severity Score:
- Medium
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.5
- Severity Score:
- High
- Plugin Slug:
- export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- Plugin Slug:
- import-xml-feed
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.1.6
- Severity Score:
- High
- Plugin Slug:
- modal-popup-box
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- Plugin Slug:
- multiple-pages-generator-by-porthas
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.1
- Severity Score:
- Medium
- Plugin Slug:
- oauth2-provider
- Installations
- 3,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 4.4.0
- Severity Score:
- Medium
- Plugin Slug:
- premmerce-woocommerce-product-filter
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.3
- Severity Score:
- Medium
- Plugin Slug:
- super-testimonial
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- Plugin Slug:
- woocommerce-product-sort-and-display
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- Plugin Slug:
- wpdirectorykit
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- Plugin Slug:
- arforms-form-builder
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- Plugin Slug:
- arforms-form-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.2
- Severity Score:
- High
- Plugin Slug:
- clover-online-orders
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- Plugin Slug:
- form-to-chat
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- Plugin Slug:
- learning-management-system
- Installations
- 2,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.7.3
- Severity Score:
- Critical
- Plugin Slug:
- quick-interest-slider
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.5
- Severity Score:
- Medium
- Plugin Slug:
- searchiq
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.6
- Severity Score:
- High
- Plugin Slug:
- user-spam-remover
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1
- Severity Score:
- Medium
- Plugin Slug:
- woo-checkout-regsiter-field-editor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.9
- Severity Score:
- Medium
- Plugin Slug:
- app-builder
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.8.8
- Severity Score:
- Medium
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- Plugin Slug:
- benchmark-email-lite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.7
- Severity Score:
- Medium
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.1.6
- Severity Score:
- Critical
- Plugin Slug:
- creative-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- High
- Plugin Slug:
- epoll-wp-voting
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.4
- Severity Score:
- High
- Plugin Slug:
- fg-drupal-to-wp
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.71.0
- Severity Score:
- Medium
- Plugin Slug:
- formsite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- Plugin Slug:
- nudgify
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- Plugin Slug:
- product-designer
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.33
- Severity Score:
- High
- Plugin Slug:
- redi-restaurant-reservation
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 24.0303
- Severity Score:
- High
- Plugin Slug:
- sign-up-sheets
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.12
- Severity Score:
- Medium
- Plugin Slug:
- transcoder
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-store-kit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- Plugin Slug:
- unusedcss
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.2.12
- Severity Score:
- High
- Plugin Slug:
- wooshark-aliexpress-importer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- Plugin Slug:
- wp-webinarsystem
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.33.10
- Severity Score:
- High
- Plugin Slug:
- wp2leads
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.8
- Severity Score:
- Medium
- Plugin Slug:
- 5-stars-rating-funnel
- Installations
- 30+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 1.3.02
- Severity Score:
- High
- Plugin:
-
AWP Classifieds
- Plugin Slug:
- another-wordpress-classifieds-plugin
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2
- Severity Score:
- Medium
- Plugin:
-
Beaver Themer
- Plugin Slug:
- beaver-themer
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.9.1
- Severity Score:
- Medium
- Plugin:
-
Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1.1
- Severity Score:
- Critical
- Plugin:
-
Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1.1
- Severity Score:
- High
- Plugin:
-
Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- Plugin:
-
Demo My WordPress
- Plugin Slug:
- demo-my-wordpress
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.0
- Severity Score:
- Critical
- Plugin:
-
Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons3
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 9.5
- Severity Score:
- Medium
- Plugin:
-
Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons3
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 9.5
- Severity Score:
- High
- Plugin:
-
LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.10.1
- Severity Score:
- Critical
- Plugin:
-
REHub Framework
- Plugin Slug:
- rehub-framework
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- Plugin:
-
Relevanssi Premium
- Plugin Slug:
- relevanssi-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.25.2
- Severity Score:
- Medium
- Plugin:
-
Relevanssi Premium
- Plugin Slug:
- relevanssi-premium
- Vulnerability:
- CSV Injection
- Patched in Version:
- 2.25.2
- Severity Score:
- Medium
- Plugin:
-
Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.0
- Severity Score:
- Medium
- Plugin:
-
Wholesale For WooCommerce
- Plugin Slug:
- woocommerce-wholesale-pricing
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.3.1
- Severity Score:
- High
- Plugin:
-
WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7
- Severity Score:
- High
- Plugin:
-
WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
WordPress Themes — 4 Patched / 0 Unpatched
- Theme Slug:
- hello-elementor
- Downloads
- 6,963,021
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- Theme:
-
Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- Theme:
-
Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- Theme:
-
Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- Critical
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!