WordPress Vulnerability Report — April 3, 2024

In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 77 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 175 Patched / 77 Unpatched

2.1
Shortcodes and extra features for Phlox theme
2.2
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.3
PDF Viewer for Elementor
2.4
GetResponse for WordPress
2.5
Better Elementor Addons
2.6
Yoo Slider
2.7
Responsive flipbook
2.8
WP Twitter Mega Fan Box Widget
2.9
Sponsors
2.10
WP-Eggdrop
2.11
WP-Eggdrop
2.12
Broken Images
2.13
Popup Cart Lite for WooCommerce
2.14
Woocommerce Social Media Share Buttons
2.15
WooCommerce Bookings Calendar
2.16
Whizzy
2.17
Whizzy
2.18
Weekly Class Schedule
2.19
10Web Map Builder for Google Maps
2.20
User Rights Access Manager
2.21
Ultimate Social Comments – Email Notification & Lazy Load
2.22
Sticky Anything
2.23
Thumbs Rating
2.24
Tax Rate Upload
2.25
Spin 360 deg and 3D Model Viewer
2.26
SpiderFAQ
2.27
Special Box for Content
2.28
SP Project & Document Manager
2.29
Social Author Bio
2.30
Lightbox slider – Responsive Lightbox Gallery
2.31
Shortcode Addons
2.32
SEO Title Tag
2.33
Prenotazioni
2.34
Post-Plugin Library
2.35
Pocket News Generator
2.36
Pocket News Generator
2.37
Platinum SEO
2.38
pageMash > Page Management
2.39
Oxygen Builder
2.40
OpenID
2.41
News Wall
2.42
New Order Notification for Woocommerce
2.43
Lordicon Animated Icons
2.44
Kanban Boards for WordPress
2.45
Mighty Classic Pros And Cons
2.46
IP Blocker Lite
2.47
iFlyChat – WordPress Chat
2.48
HeartThis
2.49
Header Image Slider
2.50
Responsive Image Gallery, Gallery Album
2.51
Responsive Image Gallery, Gallery Album
2.52
Filter Custom Fields & Taxonomies Light
2.53
WP ERP
2.54
WP ERP
2.55
WP ERP
2.56
EnvíaloSimple
2.57
DX-Watermark
2.58
Hacklog Down As PDF
2.59
DD Rating
2.60
Custom Field Bulk Editor
2.61
Convert Post Types
2.62
Contact Forms by Cimatti
2.63
Contact Form 7 Newsletter
2.64
Comic Easel
2.65
Christmas Greetings
2.66
Chauffeur Taxi Booking System for WordPress
2.67
Change default login logo,url and title
2.68
CGC Maintenance Mode
2.69
Carousel Anything For WPBakery Page Builder
2.70
Button
2.71
Breakdance
2.72
Appointment Calendar
2.73
All In One Redirection
2.74
AI Twitter Feeds (Twitter widget & shortcode)
2.75
Aesop Story Engine
2.76
AdsPlace’r – Ad Manager, Inserter, AdSense Ads
2.77
Add Shortcodes Actions And Filters
2.78
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.79
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.80
All-In-One Security (AIOS) – Security and Firewall
2.81
ElementsKit Elementor addons
2.82
ElementsKit Elementor addons
2.83
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
2.84
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
2.85
Forminator – Contact Form, Payment Form & Custom Form Builder
2.86
Page Builder Gutenberg Blocks – CoBlocks
2.87
Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.88
Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.89
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.90
Newsletter – Send awesome emails from WordPress
2.91
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.92
CMP – Coming Soon & Maintenance Plugin by NiteoThemes
2.93
Jeg Elementor Kit
2.94
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.95
WooCommerce Cart Abandonment Recovery
2.96
Elementor Addon Elements
2.97
Elementor Addon Elements
2.98
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.99
Beaver Builder – WordPress Page Builder
2.100
Beaver Builder – WordPress Page Builder
2.101
Colibri Page Builder
2.102
Download Monitor
2.103
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.104
Genesis Blocks
2.105
List category posts
2.106
Meta Tag Manager
2.107
Page Builder: Pagelayer – Drag and Drop website builder
2.108
Pods – Custom Content Types and Fields
2.109
Pods – Custom Content Types and Fields
2.110
Pods – Custom Content Types and Fields
2.111
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
2.112
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
2.113
Social Icons Widget & Block by WPZOOM
2.114
Stackable – Page Builder Gutenberg Blocks
2.115
Template Kit – Import
2.116
WooCommerce Multilingual & Multicurrency with WPML
2.117
HUSKY – Products Filter Professional for WooCommerce
2.118
HUSKY – Products Filter Professional for WooCommerce
2.119
WP Chat App
2.120
Events Manager – Calendar, Bookings, Tickets, and more!
2.121
Events Manager – Calendar, Bookings, Tickets, and more!
2.122
Events Manager – Calendar, Bookings, Tickets, and more!
2.123
Events Manager – Calendar, Bookings, Tickets, and more!
2.124
Sydney Toolbox
2.125
BoldGrid Easy SEO – Simple and Effective SEO
2.126
Media Library Assistant
2.127
Export and Import Users and Customers
2.128
underConstruction
2.129
FOX – Currency Switcher Professional for WooCommerce
2.130
WP-Members Membership Plugin
2.131
WordPress Infinite Scroll – Ajax Load More
2.132
Bold Page Builder
2.133
Hubbub Lite – Fast, Reliable Social Sharing Buttons
2.134
Hubbub Lite – Fast, Reliable Social Sharing Buttons
2.135
WPFront User Role Editor
2.136
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM
2.137
Klarna Payments for WooCommerce
2.138
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.139
SecuPress Free — WordPress Security
2.140
Pz-LinkCard
2.141
Pz-LinkCard
2.142
Themify – WooCommerce Product Filter
2.143
Themify – WooCommerce Product Filter
2.144
Themify – WooCommerce Product Filter
2.145
Ultimate Addons for Beaver Builder – Lite
2.146
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
2.147
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
2.148
Easy Appointments
2.149
Easy Appointments
2.150
Ecwid Ecommerce Shopping Cart
2.151
MP3 Audio Player for Music, Radio & Podcast by Sonaar
2.152
MP3 Audio Player for Music, Radio & Podcast by Sonaar
2.153
My Calendar
2.154
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
2.155
weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.156
WordPress File Upload
2.157
Awesome Support – WordPress HelpDesk & Support Plugin
2.158
Booking Package
2.159
Favorites
2.160
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
2.161
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
2.162
LWS Optimize
2.163
Mailster WordPress Newsletter Plugin Compatibility Tester
2.164
Mang Board WP
2.165
MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.166
MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.167
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
2.168
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
2.169
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster
2.170
Simple Revisions Delete
2.171
VS Contact Form
2.172
WP Travel Engine – Best Travel Booking WordPress Plugin
2.173
WP Travel Engine – Best Travel Booking WordPress Plugin
2.174
140+ Widgets | Best Addons For Elementor – FREE
2.175
Media Library Folders
2.176
WP Hotel Booking
2.177
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
2.178
Collect.chat – Chatbot ??
2.179
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
2.180
Hash Elements
2.181
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.182
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.183
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.184
The Plus Blocks for Block Editor | Gutenberg
2.185
wp-forecast
2.186
Announce from the Dashboard
2.187
Better Elementor Addons
2.188
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
2.189
JCH Optimize
2.190
Nelio Content – Best Editorial Calendar & Social Media Scheduling
2.191
Salon booking system
2.192
Sliced Invoices – WordPress Invoice Plugin
2.193
Beaver Builder Addons by WPZOOM
2.194
Booking Activities
2.195
Paid Memberships Pro – Mailchimp Add On
2.196
B Slider – Slider for your block editor
2.197
Slugs Manager: Delete Old Permalinks from WordPress Database
2.198
Custom WooCommerce Checkout Fields Editor
2.199
Builderall Builder for WordPress
2.200
CubeWP – All-in-One Dynamic Content Framework
2.201
Landingi Landing Pages
2.202
Move Addons for Elementor
2.203
Spiffy Calendar
2.204
Spiffy Calendar
2.205
Themify Event Post
2.206
Product Sort and Display for WooCommerce
2.207
CRM Perks Forms – WordPress Form Builder
2.208
CRM Perks Forms – WordPress Form Builder
2.209
CRM Perks Forms – WordPress Form Builder
2.210
Layouts for Elementor
2.211
WP Responsive Tabs horizontal vertical and accordion Tabs
2.212
RT Easy Builder – Advanced addons for Elementor
2.213
WP Express Checkout (Accept PayPal Payments Easily)
2.214
WPC Badge Management for WooCommerce
2.215
WordPress Page Builder – Zion Builder
2.216
Zotpress
2.217
AI WP Writer – ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????
2.218
Announcement & Notification Banner – Bulletin
2.219
Geo Controller
2.220
Church Admin
2.221
Church Admin
2.222
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
2.223
Creative Addons for Elementor
2.224
WPCS – WordPress Currency Switcher Professional
2.225
Easy Form Builder
2.226
Falang multilanguage for WordPress
2.227
FG PrestaShop to WooCommerce
2.228
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials
2.229
Web Icons
2.230
OSS Aliyun
2.231
Paid Memberships Pro – Payfast Gateway Add On
2.232
Print Page block – Print the entire page or Section.
2.233
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
2.234
Tainacan
2.235
Tumult Hype Animations
2.236
Tumult Hype Animations
2.237
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming
2.238
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
2.239
Sharkdropship Dropshipping & Affiliate for for AliExpress
2.240
WordPress CRM Plugin – WP-CRM System
2.241
MDTF – Meta Data and Taxonomies Filter
2.242
DELUCKS SEO
2.243
Creative Image Slider – Responsive Slider Plugin
2.244
YITH WooCommerce Account Funds Premium
2.245
WP Cost Estimation & Payment Forms Builder
2.246
Wholesale For WooCommerce
2.247
Slider by Supsystic
2.248
REHub Framework
2.249
Limit Attempts by BestWebSoft
2.250
LayerSlider
2.251
WP ERP
2.252
Calendarista Basic Edition

3. WordPress Themes — 3 Patched / 0 Unpatched

3.1
Rehub
3.2
Rehub
3.3
Rehub

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5 “Regina” was released on April 2, 2024, as the first major release of 2024. With the new release, you can add and manage fonts across your site, get more from your revisions, play with enhanced background and shadow tools, discover new Data Views, and so much more.

Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.

WordPress Plugins — 175 Patched / 77 Unpatched

Plugin Slug:: auxin-elements
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: pdf-viewer-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: getresponse-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Yoo Slider
Plugin Slug:: yoo-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Responsive flipbook
Plugin Slug:: wppdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Twitter Mega Fan Box Widget
Plugin Slug:: wp-twitter-mega-fan-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Sponsors
Plugin Slug:: wp-sponsors
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP-Eggdrop
Plugin Slug:: wp-eggdrop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP-Eggdrop
Plugin Slug:: wp-eggdrop
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Broken Images
Plugin Slug:: wp-broken-images
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Popup Cart Lite for WooCommerce
Plugin Slug:: woocommerce-woocart-popup-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Woocommerce Social Media Share Buttons
Plugin Slug:: woocommerce-social-media-share-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WooCommerce Bookings Calendar
Plugin Slug:: woo-bookings-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Whizzy
Plugin Slug:: whizzy
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Whizzy
Plugin Slug:: whizzy
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Weekly Class Schedule
Plugin Slug:: weekly-class-schedule
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: 10Web Map Builder for Google Maps
Plugin Slug:: wd-google-maps
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: User Rights Access Manager
Plugin Slug:: user-rights-access-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ultimate Social Comments – Email Notification & Lazy Load
Plugin Slug:: ultimate-facebook-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Sticky Anything
Plugin Slug:: toast-stick-anything
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Thumbs Rating
Plugin Slug:: thumbs-rating
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Spin 360 deg and 3D Model Viewer
Plugin Slug:: spin360
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: SpiderFAQ
Plugin Slug:: spider-faq
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Special Box for Content
Plugin Slug:: special-box-for-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Social Author Bio
Plugin Slug:: social-autho-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Lightbox slider – Responsive Lightbox Gallery
Plugin Slug:: simple-lightbox-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: SEO Title Tag
Plugin Slug:: seo-title-tag
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Prenotazioni
Plugin Slug:: prenotazioni
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Post-Plugin Library
Plugin Slug:: post-plugin-library
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Pocket News Generator
Plugin Slug:: pocket-news-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Pocket News Generator
Plugin Slug:: pocket-news-generator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Platinum SEO
Plugin Slug:: platinum-seo-pack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: pageMash > Page Management
Plugin Slug:: pagemash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Oxygen Builder
Plugin Slug:: oxygen
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: OpenID
Plugin Slug:: openid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: News Wall
Plugin Slug:: news-wall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: New Order Notification for Woocommerce
Plugin Slug:: new-order-notification-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Lordicon Animated Icons
Plugin Slug:: lordicon-interactive-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Kanban Boards for WordPress
Plugin Slug:: kanban
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Mighty Classic Pros And Cons
Plugin Slug:: joomdev-wp-pros-cons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: IP Blocker Lite
Plugin Slug:: ip-address-blocker
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: iFlyChat – WordPress Chat
Plugin Slug:: iflychat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: HeartThis
Plugin Slug:: heart-this
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Header Image Slider
Plugin Slug:: header-image-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Filter Custom Fields & Taxonomies Light
Plugin Slug:: filter-custom-fields-taxonomies-light
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: EnvíaloSimple
Plugin Slug:: envialosimple-email-marketing-y-newsletters-gratis
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: DX-Watermark
Plugin Slug:: dx-watermark
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Hacklog Down As PDF
Plugin Slug:: down-as-pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: DD Rating
Plugin Slug:: dd-rating
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Custom Field Bulk Editor
Plugin Slug:: custom-field-bulk-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Convert Post Types
Plugin Slug:: convert-post-types
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Contact Forms by Cimatti
Plugin Slug:: contact-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form 7 Newsletter
Plugin Slug:: contact-form-7-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Comic Easel
Plugin Slug:: comic-easel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Christmas Greetings
Plugin Slug:: christmas-greetings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Chauffeur Taxi Booking System for WordPress
Plugin Slug:: chauffeur-booking-system
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Change default login logo,url and title
Plugin Slug:: change-default-login-logo-url-and-title
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: CGC Maintenance Mode
Plugin Slug:: cgc-maintenance-mode
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low

Plugin:: Carousel Anything For WPBakery Page Builder
Plugin Slug:: carousel-anything
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Button
Plugin Slug:: button
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Appointment Calendar
Plugin Slug:: appointment-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: All In One Redirection
Plugin Slug:: all-in-one-redirection-404-pages-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: AI Twitter Feeds (Twitter widget & shortcode)
Plugin Slug:: ai-twitter-feeds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Aesop Story Engine
Plugin Slug:: aesop-story-engine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: AdsPlace’r – Ad Manager, Inserter, AdSense Ads
Plugin Slug:: adsplacer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Add Shortcodes Actions And Filters
Plugin Slug:: add-actions-and-filters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.14
Severity Score:: High

Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.9.14
Severity Score:: Medium

Plugin Slug:: all-in-one-wp-security-and-firewall
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.7
Severity Score:: Medium

Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium

Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.0.7
Severity Score:: High

Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.1
Severity Score:: Medium

Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: Medium

Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High

Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium

Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.18
Severity Score:: Medium

Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.26
Severity Score:: Medium

Plugin Slug:: metform
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium

Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 8.2.1
Severity Score:: Medium

Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium

Plugin Slug:: cmp-coming-soon-maintenance
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.1.11
Severity Score:: Medium

Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium

Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.97
Severity Score:: Medium

Plugin Slug:: woo-cart-abandonment-recovery
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.27
Severity Score:: Medium

Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.2
Severity Score:: Medium

Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium

Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.5.4
Severity Score:: High

Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0.7
Severity Score:: Medium

Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.5
Severity Score:: Medium

Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.270
Severity Score:: Medium

Plugin Slug:: download-monitor
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.5
Severity Score:: High

Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.10
Severity Score:: Medium

Plugin Slug:: genesis-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium

Plugin Slug:: list-category-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.89.7
Severity Score:: Medium

Plugin Slug:: meta-tag-manager
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1
Severity Score:: High

Plugin Slug:: pagelayer
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.2
Severity Score:: Medium

Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.10.2
Severity Score:: Medium

Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.10.2
Severity Score:: High

Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.0.10.2
Severity Score:: Critical

Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.18
Severity Score:: Medium

Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.19
Severity Score:: Medium

Plugin Slug:: social-icons-widget-by-wpzoom
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.16
Severity Score:: Medium

Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.12
Severity Score:: Medium

Plugin Slug:: template-kit-import
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.15
Severity Score:: Medium

Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.5
Severity Score:: Medium

Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.5.3
Severity Score:: Medium

Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.5.2
Severity Score:: Medium

Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.7
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.7.2
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.7.2
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.7.2
Severity Score:: Medium

Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.27
Severity Score:: Medium

Plugin Slug:: boldgrid-easy-seo
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.14
Severity Score:: Medium

Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14
Severity Score:: Medium

Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.5.3
Severity Score:: Medium

Plugin Slug:: underconstruction
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22
Severity Score:: Medium

Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.1.8
Severity Score:: Medium

Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9.3
Severity Score:: High

Plugin Slug:: ajax-load-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.2
Severity Score:: Medium

Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.1
Severity Score:: Medium

Plugin Slug:: social-pug
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.33.1
Severity Score:: Medium

Plugin Slug:: social-pug
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.33.2
Severity Score:: High

Plugin Slug:: wpfront-user-role-editor
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.1.0
Severity Score:: Medium

Plugin Slug:: fluent-crm
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.45
Severity Score:: Medium

Plugin Slug:: klarna-payments-for-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.0
Severity Score:: Medium

Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.76
Severity Score:: High

Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.5.2
Severity Score:: Medium

Plugin Slug:: pz-linkcard
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.5.3
Severity Score:: Medium

Plugin Slug:: pz-linkcard
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium

Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium

Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: High

Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.4
Severity Score:: Medium

Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium

Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4.4
Severity Score:: Medium

Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 0.6.6
Severity Score:: Medium

Plugin Slug:: easy-appointments
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.19
Severity Score:: Medium

Plugin Slug:: easy-appointments
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.19
Severity Score:: Medium

Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.12.11
Severity Score:: Medium

Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium

Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.1
Severity Score:: High

Plugin Slug:: my-calendar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.24
Severity Score:: Medium

Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3
Severity Score:: Medium

Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.21
Severity Score:: Low

Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.6
Severity Score:: Medium

Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium

Plugin Slug:: booking-package
Installations: 10,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.6.29
Severity Score:: High

Plugin Slug:: favorites
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium

Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.8.6
Severity Score:: Medium

Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.1
Severity Score:: Medium

Plugin Slug:: lws-optimize
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0
Severity Score:: Medium

Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: High

Plugin Slug:: mangboard
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: High

Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.2
Severity Score:: Critical

Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.1
Severity Score:: Critical

Plugin Slug:: molongui-authorship
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.7.8
Severity Score:: Low

Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1.8
Severity Score:: Medium

Plugin Slug:: sellkit
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.8.3
Severity Score:: Medium

Plugin Slug:: simple-revisions-delete
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.4
Severity Score:: Medium

Plugin Slug:: very-simple-contact-form
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 14.8
Severity Score:: Medium

Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.8.0
Severity Score:: High

Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.8.0
Severity Score:: Critical

Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: Medium

Plugin Slug:: media-library-plus
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.1.8
Severity Score:: High

Plugin Slug:: wp-hotel-booking
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.9.3
Severity Score:: Medium

Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.6.3
Severity Score:: Medium

Plugin Slug:: collectchat
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium

Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.18.1
Severity Score:: High

Plugin Slug:: hash-elements
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.7.3
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.9
Severity Score:: High

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.9
Severity Score:: Critical

Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.6
Severity Score:: High

Plugin Slug:: wp-forecast
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.3
Severity Score:: Medium

Plugin Slug:: announce-from-the-dashboard
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium

Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium

Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.4
Severity Score:: Medium

Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.1
Severity Score:: Medium

Plugin Slug:: nelio-content
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.1
Severity Score:: Medium

Plugin Slug:: salon-booking-system
Installations: 6,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 9.5.1
Severity Score:: Critical

Plugin Slug:: sliced-invoices
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.3
Severity Score:: Medium

Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium

Plugin Slug:: booking-activities
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.20
Severity Score:: High

Plugin Slug:: pmpro-mailchimp
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.5
Severity Score:: Medium

Plugin Slug:: b-slider
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.13
Severity Score:: Medium

Plugin Slug:: remove-old-slugspermalinks
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.0
Severity Score:: Medium

Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.1
Severity Score:: Medium

Plugin Slug:: builderall-cheetah-for-wp
Installations: 3,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.2
Severity Score:: Medium

Plugin Slug:: cubewp-framework
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.13
Severity Score:: Critical

Plugin Slug:: landingi-landing-pages
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2
Severity Score:: Medium

Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium

Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.11
Severity Score:: Medium

Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.10
Severity Score:: Medium

Plugin Slug:: themify-event-post
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium

Plugin Slug:: woocommerce-product-sort-and-display
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.2
Severity Score:: Medium

Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: High

Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: Critical

Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium

Plugin Slug:: layouts-for-elementor
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.8
Severity Score:: High

Plugin Slug:: responsive-horizontal-vertical-and-accordion-tabs
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.18
Severity Score:: High

Plugin Slug:: rt-easy-builder-advanced-addons-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1
Severity Score:: Medium

Plugin Slug:: wp-express-checkout
Installations: 2,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 2.3.8
Severity Score:: High

Plugin Slug:: wpc-badge-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.1
Severity Score:: Medium

Plugin Slug:: zionbuilder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.10
Severity Score:: Medium

Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.3.8
Severity Score:: High

Plugin Slug:: ai-wp-writer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.5.6
Severity Score:: Medium

Plugin Slug:: bulletin-announcements
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.0
Severity Score:: High

Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.6.5
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.19
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.8
Severity Score:: Medium

Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 21.3.6
Severity Score:: High

Plugin Slug:: creative-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium

Plugin Slug:: currency-switcher
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0.2
Severity Score:: Medium

Plugin Slug:: easy-form-builder
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.5
Severity Score:: High

Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.48
Severity Score:: High

Plugin Slug:: fg-prestashop-to-woocommerce
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.47.0
Severity Score:: Medium

Plugin Slug:: gs-testimonial
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.5
Severity Score:: Medium

Plugin Slug:: icon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.11
Severity Score:: Medium

Plugin Slug:: oss-aliyun
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.11
Severity Score:: High

Plugin Slug:: pmpro-payfast
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.2
Severity Score:: Medium

Plugin Slug:: print-page
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium

Plugin Slug:: stepbyteservice-openstreetmap
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium

Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.20.8
Severity Score:: Medium

Plugin Slug:: tumult-hype-animations
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.12
Severity Score:: High

Plugin Slug:: tumult-hype-animations
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.12
Severity Score:: Medium

Plugin Slug:: webinar-and-video-conference-with-jitsi-meet
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium

Plugin Slug:: wholesalex
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.3
Severity Score:: Critical

Plugin Slug:: wooshark-aliexpress-importer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.5
Severity Score:: Medium

Plugin Slug:: wp-crm-system
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.9.1
Severity Score:: Medium

Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3.2
Severity Score:: Medium

Plugin Slug:: delucks-seo
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.5
Severity Score:: Medium

Plugin Slug:: creative-image-slider
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: High

Plugin:: YITH WooCommerce Account Funds Premium
Plugin Slug:: yith-woocommerce-account-funds-premium
Vulnerability:: Broken Access Control
Patched in Version:: 1.34.0
Severity Score:: Medium

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: SQL Injection
Patched in Version:: 10.1.76
Severity Score:: High

Plugin:: Wholesale For WooCommerce
Plugin Slug:: woocommerce-wholesale-pricing
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Medium

Plugin:: Slider by Supsystic
Plugin Slug:: slider-by-supsystic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.11
Severity Score:: Medium

Plugin:: REHub Framework
Plugin Slug:: rehub-framework
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High

Plugin:: Limit Attempts by BestWebSoft
Plugin Slug:: limit-attempts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High

Plugin:: LayerSlider
Plugin Slug:: layerslider
Vulnerability:: SQL Injection
Patched in Version:: 7.10.1
Severity Score:: Critical

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: 1.30.0
Severity Score:: High

Plugin:: Calendarista Basic Edition
Plugin Slug:: calendarista-basic-edition
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.6
Severity Score:: Medium

WordPress Themes — 3 Patched / 0 Unpatched

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: High

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

WordPress Vulnerability Report — April 3, 2024

Table of Contents

WordPress Core

WordPress Plugins — 175 Patched / 77 Unpatched

WordPress Themes — 3 Patched / 0 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

VirusWord by Promaps, Inc.

Table of Contents

WordPress Core

WordPress Plugins — 175 Patched / 77 Unpatched

WordPress Themes — 3 Patched / 0 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more