• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – April 12, 2023

WordPress Vulnerability Report – April 12, 2023

Written by

Dan Knauss

on

April 12, 2023

Last Updated on April 13, 2023

This week, 79 vulnerabilities may affect over 6.6 million WordPress sites. There are 55 plugin vulnerabilities and 5 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 19 plugin vulnerabilities with no patch available yet. At least three of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.

For reference, these reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

WordPress vulnerability report
  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

WordPress Core News

WordPress 6.2 is the first major release of 2023, with over 900 enhancements and fixes. You’ll notice a reimagined Site Editor, blocks get even better, and new tools and improvements in WordPress 6.2. As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.2 automatically. You can download WordPress 6.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.2 HelpHub documentation page.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Advanced Custom Fields

Product image for Advanced Custom Fields (ACF).

Plugin Slug
advanced-custom-fields

Installations
2,000,000+

Vulnerability
Authenticated (Contributor+) PHP Object Injection vulnerability

Patched in Version
6.1.0

Severity Score
High

The vulnerability has been patched, so you should update to version 6.1.0.

WPCode

Product image for WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager.

Plugin Slug
insert-headers-and-footers

Installations
1,000,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.9.

WP Fastest Cache

Product image for WP Fastest Cache.

Plugin Slug
wp-fastest-cache

Installations
1,000,000+

Vulnerability
Multiple Cross Site Request Forgery (CSRF)

Patched in Version
1.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.

WP Fastest Cache

Product image for WP Fastest Cache.

Plugin Slug
wp-fastest-cache

Installations
1,000,000+

Vulnerability
Multiple Missing Authorization

Patched in Version
1.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.

Formidable Forms

Product image for Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder.

Plugin Slug
formidable

Installations
300,000+

Vulnerability
PHP Object Injection

Patched in Version
6.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 6.2.

Health Check & Troubleshooting

Product image for Health Check & Troubleshooting.

Plugin Slug
health-check

Installations
300,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.0.

PHP Compatibility Checker

Product image for PHP Compatibility Checker.

Plugin Slug
php-compatibility-checker

Installations
200,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.0.

SEOPress

Product image for SEOPress – On-site SEO.

Plugin Slug
wp-seopress

Installations
200,000+

Vulnerability
Authenticated (Administrator+) PHP Object Injection

Patched in Version
6.5.0.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.5.0.3.

Ajax Search Lite

Product image for Ajax Search Lite.

Plugin Slug
ajax-search-lite

Installations
70,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
4.11.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.11.1.

User Registration

Product image for User Registration – Custom Registration Form, Login Form And User Profile For WordPress.

Plugin Slug
user-registration

Installations
60,000+

Vulnerability
Broken Access Control

Patched in Version
2.3.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.3.

Amelia

Product image for Appointment and Event Booking Calendar for WordPress – Amelia.

Plugin Slug
ameliabooking

Installations
50,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.76

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.76.

Maps Widget for Google Maps

Product image for Maps Widget for Google Maps.

Plugin Slug
google-maps-widget

Installations
50,000+

Vulnerability
Authenticated (Administrator+) Stored Cross-Site Scripting

Patched in Version
4.25

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.25.

MapPress Maps for WordPress

Product image for MapPress Maps for WordPress.

Plugin Slug
mappress-google-maps-for-wordpress

Installations
50,000+

Vulnerability
Authenticated SQL Injection

Patched in Version
2.85.5

Severity Score
High

The vulnerability has been patched, so you should update to version 2.85.5.

WCFM Frontend Manager

Product image for WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible.

Plugin Slug
wc-frontend-manager

Installations
30,000+

Vulnerability
Missing Authorization

Patched in Version
6.6.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.6.1.

WCFM Frontend Manager

Product image for WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible.

Plugin Slug
wc-frontend-manager

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.6.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.6.0.

WCFM Marketplace

Product image for WCFM Marketplace – Best Multivendor Marketplace for WooCommerce.

Plugin Slug
wc-multivendor-marketplace

Installations
30,000+

Vulnerability
Missing Authorization

Patched in Version
3.4.12

Severity Score
High

The vulnerability has been patched, so you should update to version 3.4.12.

WCFM Marketplace

Product image for WCFM Marketplace – Best Multivendor Marketplace for WooCommerce.

Plugin Slug
wc-multivendor-marketplace

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.5.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.5.0.

Limit Login Attempts

Product image for WP Limit Login Attempts.

Plugin Slug
wp-limit-login-attempts

Installations
30,000+

Vulnerability
Unauthenticated Stored Cross-Site Scripting

Patched in Version
1.7.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.7.2.

PixTypes

Plugin Slug
pixtypes

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.4.15

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.15.

Simple Job Board

Product image for Simple Job Board.

Plugin Slug
simple-job-board

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.10.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.10.4.

WCFM Membership

Product image for WCFM Membership – WooCommerce Memberships for Multivendor Marketplace.

Plugin Slug
wc-multivendor-membership

Installations
20,000+

Vulnerability
Missing Authorization

Patched in Version
2.10.11

Severity Score
High

The vulnerability has been patched, so you should update to version 2.10.11.

WCFM Membership

Product image for WCFM Membership – WooCommerce Memberships for Multivendor Marketplace.

Plugin Slug
wc-multivendor-membership

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.10.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.10.0.

WCFM Membership

Product image for WCFM Membership – WooCommerce Memberships for Multivendor Marketplace.

Plugin Slug
wc-multivendor-membership

Installations
20,000+

Vulnerability
Unauthenticated Privilege Escalation

Patched in Version
2.10.1

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.10.1.

Connections Business Directory

Product image for Connections Business Directory.

Plugin Slug
connections

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
10.4.37

Severity Score
Medium

The vulnerability has been patched, so you should update to version 10.4.37.

MasterStudy LMS WordPress

Product image for MasterStudy LMS WordPress Plugin – for Online Courses and Education.

Plugin Slug
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability
Missing Authorization via wp_ajax_stm_wpcfto_get_settings

Patched in Version
2.9.35

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.35.

Superb Social Media Share Buttons and Follow Buttons

Product image for Superb Social Media Share Buttons and Follow Buttons for WordPress.

Plugin Slug
superb-social-share-and-follow-buttons

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.5.

WP Data Access

Plugin Slug
wp-data-access

Installations
10,000+

Vulnerability
Authenticated (Subscriber+) Privilege Escalation

Patched in Version
5.3.8

Severity Score
High

The vulnerability has been patched, so you should update to version 5.3.8.

Magic Post Thumbnail

Product image for Magic Post Thumbnail.

Plugin Slug
magic-post-thumbnail

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.1.11

Severity Score
High

The vulnerability has been patched, so you should update to version 4.1.11.

Comments Ratings

Product image for Comments Ratings.

Plugin Slug
comments-ratings

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.7.

Spreadshop Plugin

Product image for Spreadshop Plugin.

Plugin Slug
spreadshop

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.6.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Admin+ LFI

Patched in Version
5.4.3

Severity Score
High

The vulnerability has been patched, so you should update to version 5.4.3.

Sp*tify Play Button for WordPress

Product image for Sp*tify Play Button for WordPress.

Plugin Slug
spotify-play-button-for-wordpress

Installations
4,000+

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
2.08

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.08.

Spiffy Calendar

Product image for Spiffy Calendar.

Plugin Slug
spiffy-calendar

Installations
3,000+

Vulnerability
Auth. SQL Injection (SQLi)

Patched in Version
4.9.2

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.2.

PropertyHive

Product image for PropertyHive.

Plugin Slug
propertyhive

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.5.47

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.47.

Albo Pretorio On line

Product image for Albo Pretorio On line.

Plugin Slug
albo-pretorio-on-line

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.6.2

Severity Score
High

The vulnerability has been patched, so you should update to version 4.6.2.

Cancel order request WooCommerce

Product image for Cancel order request / Return order / Repeat Order / Reorder for WooCommerce.

Plugin Slug
cancel-order-request-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.3.

Product Enquiry for WooCommerce

Product image for Product Enquiry for WooCommerce, WooCommerce product catalog.

Plugin Slug
enquiry-quotation-for-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.2.13

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.13.

Dynamics 365 Integration

Product image for Dynamics 365 Integration.

Plugin Slug
integration-dynamics

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
1.3.14

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.14.

Product Catalog Simple

Product image for Product Catalog Simple.

Plugin Slug
post-type-x

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.7.0

Severity Score
High

The vulnerability has been patched, so you should update to version 1.7.0.

Product page shipping calculator for WooCommerce

Product image for Product page shipping calculator for WooCommerce.

Plugin Slug
product-page-shipping-calculator-for-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.21.

qTranslate X Cleanup and WPML Import

Plugin Slug
qtranslate-to-wpml-export

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
3.0.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.2.

ShiftController Employee Shift Scheduling

Plugin Slug
shiftcontroller

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.9.24

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.9.24.

ShiftController Employee Shift Scheduling

Plugin Slug
shiftcontroller

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.9.24

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.24.

CopySafe Web Protection

Product image for CopySafe Web Protection.

Plugin Slug
wp-copysafe-web

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.14

Severity Score
High

The vulnerability has been patched, so you should update to version 3.14.

SMTP Mailing Queue

Plugin Slug
smtp-mailing-queue

Installations
900+

Vulnerability
Authenticated (Admin+) Stored Cross-Site Scripting

Patched in Version
2.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.0.

HT Builder

Product image for HT Builder – WordPress Theme Builder for Elementor.

Plugin Slug
ht-builder

Installations
400+

Vulnerability
Cross Site Request Forgery (CSRF) via plugin_activation

Patched in Version
1.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.0.

Welcome Bar

Product image for Welcome Bar.

Plugin Slug
intelly-welcome-bar

Installations
30+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.4.

Welcome Bar

Product image for Welcome Bar.

Plugin Slug
intelly-welcome-bar

Installations
30+

Vulnerability
Missing Authorization

Patched in Version
2.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.4.

User Role by BestWebSoft

Plugin
Add User Role

Plugin Slug
add-user-role

Vulnerability
Privilege Escalation via CSRF

Patched in Version
1.6.7

Severity Score
High

The vulnerability has been patched, so you should update to version 1.6.7.

Ajax Search Lite Pro

Plugin
Ajax Search Pro

Plugin Slug
ajax-search-pro

Vulnerability
Multiple Cross Site Scripting (XSS)

Patched in Version
4.26.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.26.2.

Ajax Search Pro

Plugin
Ajax Search Pro

Plugin Slug
ajax-search-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
4.26.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.26.2.

Fancy Product Designer

Plugin
Fancy Product Designer

Plugin Slug
fancy-product-designer

Vulnerability
Insufficient Authorization to Arbitrary Options Update via fpd_update_options

Patched in Version
4.7.0

Severity Score
High

The vulnerability has been patched, so you should update to version 4.7.0.

Fancy Product Designer

Plugin
Fancy Product Designer

Plugin Slug
fancy-product-designer

Vulnerability
Insufficient Authorization on Multiple AJAX Actions

Patched in Version
4.7.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.7.0.

Image Over Image For WPBakery Page Builder

Plugin
Image Over Image For WPBakery Page Builder

Plugin Slug
image-over-image-vc-extension

Vulnerability
Contributor+ Stored XSS

Patched in Version
3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.

Transbank Webpay REST

Plugin
Transbank Webpay REST

Plugin Slug
transbank-webpay-plus-rest

Vulnerability
SQL Injection

Patched in Version
1.6.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.7.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Optin Forms

Product image for Optin Forms – Simple List Building Plugin for WordPress.

Plugin Slug
optin-forms

Installations
7,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Libsyn Publisher Hub

Product image for Libsyn Publisher Hub.

Plugin Slug
libsyn-podcasting

Installations
3,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Comment Reply Notification

Plugin Slug
comment-reply-notification

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Cryptocurrency All-in-One

Product image for Cryptocurrency All-in-One.

Plugin Slug
cryptocurrency-prices

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Sign Up

Product image for Easy Sign Up.

Plugin Slug
easy-sign-up

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

iframe Shortcode

Plugin Slug
flynsarmy-iframe-shortcode

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Tiny carousel horizontal slider plus

Product image for Tiny carousel horizontal slider plus.

Plugin Slug
tiny-carousel-horizontal-slider-plus

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SimpleModal Contact Form (SMCF)

Plugin Slug
simplemodal-contact-form-smcf

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Solidres

Product image for Solidres – Hotel booking plugin for WordPress.

Plugin Slug
solidres

Installations
100+

Vulnerability
Multiple Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

tencentcloud-cos

Plugin
tencentcloud-cos

Plugin Slug
tencentcloud-cos

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP FEvents Book

Plugin
WP FEvents Book

Plugin Slug
wp-fevents-book

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

IMPress Listings

Plugin
IMPress Listings

Plugin Slug
wp-listings

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

YourChannel

Plugin
YourChannel: Everything you want in a YouTube

Plugin Slug
yourchannel

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Weaver Xtreme Theme

Product image for Weaver Xtreme.

Theme Slug
weaver-xtreme

Downloads
466,189

Vulnerability
Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

Patched in Version
6.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.

The7

Theme
The7

Theme Slug
dt-the7

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
11.6.1

Severity Score
High

The vulnerability has been patched, so you should update to version 11.6.1.

Houzez

Theme
Houzez

Theme Slug
houzez

Vulnerability
SQL Injection

Patched in Version
2.8.3

Severity Score
High

The vulnerability has been patched, so you should update to version 2.8.3.

Outdoor

Theme
Outdoor

Theme Slug
outdoor

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.9.7

Severity Score
High

The vulnerability has been patched, so you should update to version 3.9.7.

TheRoof

Theme
TheRoof

Theme Slug
theroof

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.4

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.4.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
April 14, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter