• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report — April 3, 2024

WordPress Vulnerability Report — April 3, 2024

In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 77 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

  1. 1. WordPress Core
  2. 2. WordPress Plugins — 175 Patched / 77 Unpatched
    1. 2.1
      Shortcodes and extra features for Phlox theme
    2. 2.2
      Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
    3. 2.3
      PDF Viewer for Elementor
    4. 2.4
      GetResponse for WordPress
    5. 2.5
      Better Elementor Addons
    6. 2.6
      Yoo Slider
    7. 2.7
      Responsive flipbook
    8. 2.8
      WP Twitter Mega Fan Box Widget
    9. 2.9
      Sponsors
    10. 2.10
      WP-Eggdrop
    11. 2.11
      WP-Eggdrop
    12. 2.12
      Broken Images
    13. 2.13
      Popup Cart Lite for WooCommerce
    14. 2.14
      Woocommerce Social Media Share Buttons
    15. 2.15
      WooCommerce Bookings Calendar
    16. 2.16
      Whizzy
    17. 2.17
      Whizzy
    18. 2.18
      Weekly Class Schedule
    19. 2.19
      10Web Map Builder for Google Maps
    20. 2.20
      User Rights Access Manager
    21. 2.21
      Ultimate Social Comments – Email Notification & Lazy Load
    22. 2.22
      Sticky Anything
    23. 2.23
      Thumbs Rating
    24. 2.24
      Tax Rate Upload
    25. 2.25
      Spin 360 deg and 3D Model Viewer
    26. 2.26
      SpiderFAQ
    27. 2.27
      Special Box for Content
    28. 2.28
      SP Project & Document Manager
    29. 2.29
      Social Author Bio
    30. 2.30
      Lightbox slider – Responsive Lightbox Gallery
    31. 2.31
      Shortcode Addons
    32. 2.32
      SEO Title Tag
    33. 2.33
      Prenotazioni
    34. 2.34
      Post-Plugin Library
    35. 2.35
      Pocket News Generator
    36. 2.36
      Pocket News Generator
    37. 2.37
      Platinum SEO
    38. 2.38
      pageMash > Page Management
    39. 2.39
      Oxygen Builder
    40. 2.40
      OpenID
    41. 2.41
      News Wall
    42. 2.42
      New Order Notification for Woocommerce
    43. 2.43
      Lordicon Animated Icons
    44. 2.44
      Kanban Boards for WordPress
    45. 2.45
      Mighty Classic Pros And Cons
    46. 2.46
      IP Blocker Lite
    47. 2.47
      iFlyChat – WordPress Chat
    48. 2.48
      HeartThis
    49. 2.49
      Header Image Slider
    50. 2.50
      Responsive Image Gallery, Gallery Album
    51. 2.51
      Responsive Image Gallery, Gallery Album
    52. 2.52
      Filter Custom Fields & Taxonomies Light
    53. 2.53
      WP ERP
    54. 2.54
      WP ERP
    55. 2.55
      WP ERP
    56. 2.56
      EnvíaloSimple
    57. 2.57
      DX-Watermark
    58. 2.58
      Hacklog Down As PDF
    59. 2.59
      DD Rating
    60. 2.60
      Custom Field Bulk Editor
    61. 2.61
      Convert Post Types
    62. 2.62
      Contact Forms by Cimatti
    63. 2.63
      Contact Form 7 Newsletter
    64. 2.64
      Comic Easel
    65. 2.65
      Christmas Greetings
    66. 2.66
      Chauffeur Taxi Booking System for WordPress
    67. 2.67
      Change default login logo,url and title
    68. 2.68
      CGC Maintenance Mode
    69. 2.69
      Carousel Anything For WPBakery Page Builder
    70. 2.70
      Button
    71. 2.71
      Breakdance
    72. 2.72
      Appointment Calendar
    73. 2.73
      All In One Redirection
    74. 2.74
      AI Twitter Feeds (Twitter widget & shortcode)
    75. 2.75
      Aesop Story Engine
    76. 2.76
      AdsPlace’r – Ad Manager, Inserter, AdSense Ads
    77. 2.77
      Add Shortcodes Actions And Filters
    78. 2.78
      Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
    79. 2.79
      Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
    80. 2.80
      All-In-One Security (AIOS) – Security and Firewall
    81. 2.81
      ElementsKit Elementor addons
    82. 2.82
      ElementsKit Elementor addons
    83. 2.83
      Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
    84. 2.84
      Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
    85. 2.85
      Forminator – Contact Form, Payment Form & Custom Form Builder
    86. 2.86
      Page Builder Gutenberg Blocks – CoBlocks
    87. 2.87
      Gutenberg Blocks by Kadence Blocks – Page Builder Features
    88. 2.88
      Gutenberg Blocks by Kadence Blocks – Page Builder Features
    89. 2.89
      MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
    90. 2.90
      Newsletter – Send awesome emails from WordPress
    91. 2.91
      Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
    92. 2.92
      CMP – Coming Soon & Maintenance Plugin by NiteoThemes
    93. 2.93
      Jeg Elementor Kit
    94. 2.94
      Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
    95. 2.95
      WooCommerce Cart Abandonment Recovery
    96. 2.96
      Elementor Addon Elements
    97. 2.97
      Elementor Addon Elements
    98. 2.98
      Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
    99. 2.99
      Beaver Builder – WordPress Page Builder
    100. 2.100
      Beaver Builder – WordPress Page Builder
    101. 2.101
      Colibri Page Builder
    102. 2.102
      Download Monitor
    103. 2.103
      Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
    104. 2.104
      Genesis Blocks
    105. 2.105
      List category posts
    106. 2.106
      Meta Tag Manager
    107. 2.107
      Page Builder: Pagelayer – Drag and Drop website builder
    108. 2.108
      Pods – Custom Content Types and Fields
    109. 2.109
      Pods – Custom Content Types and Fields
    110. 2.110
      Pods – Custom Content Types and Fields
    111. 2.111
      PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
    112. 2.112
      PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
    113. 2.113
      Social Icons Widget & Block by WPZOOM
    114. 2.114
      Stackable – Page Builder Gutenberg Blocks
    115. 2.115
      Template Kit – Import
    116. 2.116
      WooCommerce Multilingual & Multicurrency with WPML
    117. 2.117
      HUSKY – Products Filter Professional for WooCommerce
    118. 2.118
      HUSKY – Products Filter Professional for WooCommerce
    119. 2.119
      WP Chat App
    120. 2.120
      Events Manager – Calendar, Bookings, Tickets, and more!
    121. 2.121
      Events Manager – Calendar, Bookings, Tickets, and more!
    122. 2.122
      Events Manager – Calendar, Bookings, Tickets, and more!
    123. 2.123
      Events Manager – Calendar, Bookings, Tickets, and more!
    124. 2.124
      Sydney Toolbox
    125. 2.125
      BoldGrid Easy SEO – Simple and Effective SEO
    126. 2.126
      Media Library Assistant
    127. 2.127
      Export and Import Users and Customers
    128. 2.128
      underConstruction
    129. 2.129
      FOX – Currency Switcher Professional for WooCommerce
    130. 2.130
      WP-Members Membership Plugin
    131. 2.131
      WordPress Infinite Scroll – Ajax Load More
    132. 2.132
      Bold Page Builder
    133. 2.133
      Hubbub Lite – Fast, Reliable Social Sharing Buttons
    134. 2.134
      Hubbub Lite – Fast, Reliable Social Sharing Buttons
    135. 2.135
      WPFront User Role Editor
    136. 2.136
      Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM
    137. 2.137
      Klarna Payments for WooCommerce
    138. 2.138
      Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
    139. 2.139
      SecuPress Free — WordPress Security
    140. 2.140
      Pz-LinkCard
    141. 2.141
      Pz-LinkCard
    142. 2.142
      Themify – WooCommerce Product Filter
    143. 2.143
      Themify – WooCommerce Product Filter
    144. 2.144
      Themify – WooCommerce Product Filter
    145. 2.145
      Ultimate Addons for Beaver Builder – Lite
    146. 2.146
      BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
    147. 2.147
      Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
    148. 2.148
      Easy Appointments
    149. 2.149
      Easy Appointments
    150. 2.150
      Ecwid Ecommerce Shopping Cart
    151. 2.151
      MP3 Audio Player for Music, Radio & Podcast by Sonaar
    152. 2.152
      MP3 Audio Player for Music, Radio & Podcast by Sonaar
    153. 2.153
      My Calendar
    154. 2.154
      ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
    155. 2.155
      weForms – Easy Drag & Drop Contact Form Builder For WordPress
    156. 2.156
      WordPress File Upload
    157. 2.157
      Awesome Support – WordPress HelpDesk & Support Plugin
    158. 2.158
      Booking Package
    159. 2.159
      Favorites
    160. 2.160
      GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
    161. 2.161
      GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
    162. 2.162
      LWS Optimize
    163. 2.163
      Mailster WordPress Newsletter Plugin Compatibility Tester
    164. 2.164
      Mang Board WP
    165. 2.165
      MasterStudy LMS WordPress Plugin – for Online Courses and Education
    166. 2.166
      MasterStudy LMS WordPress Plugin – for Online Courses and Education
    167. 2.167
      Author Box, Guest Author and Co-Authors for Your Posts – Molongui
    168. 2.168
      Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
    169. 2.169
      SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster
    170. 2.170
      Simple Revisions Delete
    171. 2.171
      VS Contact Form
    172. 2.172
      WP Travel Engine – Best Travel Booking WordPress Plugin
    173. 2.173
      WP Travel Engine – Best Travel Booking WordPress Plugin
    174. 2.174
      140+ Widgets | Best Addons For Elementor – FREE
    175. 2.175
      Media Library Folders
    176. 2.176
      WP Hotel Booking
    177. 2.177
      WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
    178. 2.178
      Collect.chat – Chatbot ??
    179. 2.179
      Finale Lite – Sales Countdown Timer & Discount for WooCommerce
    180. 2.180
      Hash Elements
    181. 2.181
      ProfileGrid – User Profiles, Memberships, Groups and Communities
    182. 2.182
      ProfileGrid – User Profiles, Memberships, Groups and Communities
    183. 2.183
      ProfileGrid – User Profiles, Memberships, Groups and Communities
    184. 2.184
      The Plus Blocks for Block Editor | Gutenberg
    185. 2.185
      wp-forecast
    186. 2.186
      Announce from the Dashboard
    187. 2.187
      Better Elementor Addons
    188. 2.188
      MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
    189. 2.189
      JCH Optimize
    190. 2.190
      Nelio Content – Best Editorial Calendar & Social Media Scheduling
    191. 2.191
      Salon booking system
    192. 2.192
      Sliced Invoices – WordPress Invoice Plugin
    193. 2.193
      Beaver Builder Addons by WPZOOM
    194. 2.194
      Booking Activities
    195. 2.195
      Paid Memberships Pro – Mailchimp Add On
    196. 2.196
      B Slider – Slider for your block editor
    197. 2.197
      Slugs Manager: Delete Old Permalinks from WordPress Database
    198. 2.198
      Custom WooCommerce Checkout Fields Editor
    199. 2.199
      Builderall Builder for WordPress
    200. 2.200
      CubeWP – All-in-One Dynamic Content Framework
    201. 2.201
      Landingi Landing Pages
    202. 2.202
      Move Addons for Elementor
    203. 2.203
      Spiffy Calendar
    204. 2.204
      Spiffy Calendar
    205. 2.205
      Themify Event Post
    206. 2.206
      Product Sort and Display for WooCommerce
    207. 2.207
      CRM Perks Forms – WordPress Form Builder
    208. 2.208
      CRM Perks Forms – WordPress Form Builder
    209. 2.209
      CRM Perks Forms – WordPress Form Builder
    210. 2.210
      Layouts for Elementor
    211. 2.211
      WP Responsive Tabs horizontal vertical and accordion Tabs
    212. 2.212
      RT Easy Builder – Advanced addons for Elementor
    213. 2.213
      WP Express Checkout (Accept PayPal Payments Easily)
    214. 2.214
      WPC Badge Management for WooCommerce
    215. 2.215
      WordPress Page Builder – Zion Builder
    216. 2.216
      Zotpress
    217. 2.217
      AI WP Writer – ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????
    218. 2.218
      Announcement & Notification Banner – Bulletin
    219. 2.219
      Geo Controller
    220. 2.220
      Church Admin
    221. 2.221
      Church Admin
    222. 2.222
      Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
    223. 2.223
      Creative Addons for Elementor
    224. 2.224
      WPCS – WordPress Currency Switcher Professional
    225. 2.225
      Easy Form Builder
    226. 2.226
      Falang multilanguage for WordPress
    227. 2.227
      FG PrestaShop to WooCommerce
    228. 2.228
      A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials
    229. 2.229
      Web Icons
    230. 2.230
      OSS Aliyun
    231. 2.231
      Paid Memberships Pro – Payfast Gateway Add On
    232. 2.232
      Print Page block – Print the entire page or Section.
    233. 2.233
      OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
    234. 2.234
      Tainacan
    235. 2.235
      Tumult Hype Animations
    236. 2.236
      Tumult Hype Animations
    237. 2.237
      Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming
    238. 2.238
      WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
    239. 2.239
      Sharkdropship Dropshipping & Affiliate for for AliExpress
    240. 2.240
      WordPress CRM Plugin – WP-CRM System
    241. 2.241
      MDTF – Meta Data and Taxonomies Filter
    242. 2.242
      DELUCKS SEO
    243. 2.243
      Creative Image Slider – Responsive Slider Plugin
    244. 2.244
      YITH WooCommerce Account Funds Premium
    245. 2.245
      WP Cost Estimation & Payment Forms Builder
    246. 2.246
      Wholesale For WooCommerce
    247. 2.247
      Slider by Supsystic
    248. 2.248
      REHub Framework
    249. 2.249
      Limit Attempts by BestWebSoft
    250. 2.250
      LayerSlider
    251. 2.251
      WP ERP
    252. 2.252
      Calendarista Basic Edition
  3. 3. WordPress Themes — 3 Patched / 0 Unpatched
    1. 3.1
      Rehub
    2. 3.2
      Rehub
    3. 3.3
      Rehub

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5 “Regina” was released on April 2, 2024, as the first major release of 2024. With the new release, you can add and manage fonts across your site, get more from your revisions, play with enhanced background and shadow tools, discover new Data Views, and so much more.

Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 175 Patched / 77 Unpatched

Plugin Slug:
auxin-elements

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
easy-facebook-likebox

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pdf-viewer-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
getresponse-integration

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Yoo Slider

Plugin Slug:
yoo-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive flipbook

Plugin Slug:
wppdf

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Twitter Mega Fan Box Widget

Plugin Slug:
wp-twitter-mega-fan-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sponsors

Plugin Slug:
wp-sponsors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Eggdrop

Plugin Slug:
wp-eggdrop

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Eggdrop

Plugin Slug:
wp-eggdrop

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Broken Images

Plugin Slug:
wp-broken-images

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Popup Cart Lite for WooCommerce

Plugin Slug:
woocommerce-woocart-popup-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woocommerce Social Media Share Buttons

Plugin Slug:
woocommerce-social-media-share-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WooCommerce Bookings Calendar

Plugin Slug:
woo-bookings-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Whizzy

Plugin Slug:
whizzy

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Whizzy

Plugin Slug:
whizzy

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Weekly Class Schedule

Plugin Slug:
weekly-class-schedule

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

10Web Map Builder for Google Maps

Plugin Slug:
wd-google-maps

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

User Rights Access Manager

Plugin Slug:
user-rights-access-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Social Comments – Email Notification & Lazy Load

Plugin Slug:
ultimate-facebook-comments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sticky Anything

Plugin Slug:
toast-stick-anything

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Thumbs Rating

Plugin Slug:
thumbs-rating

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tax Rate Upload

Plugin Slug:
tax-rate-upload

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Spin 360 deg and 3D Model Viewer

Plugin Slug:
spin360

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SpiderFAQ

Plugin Slug:
spider-faq

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Special Box for Content

Plugin Slug:
special-box-for-content

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social Author Bio

Plugin Slug:
social-autho-bio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lightbox slider – Responsive Lightbox Gallery

Plugin Slug:
simple-lightbox-gallery

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcode Addons

Plugin Slug:
shortcode-addons

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

SEO Title Tag

Plugin Slug:
seo-title-tag

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Prenotazioni

Plugin Slug:
prenotazioni

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Post-Plugin Library

Plugin Slug:
post-plugin-library

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Pocket News Generator

Plugin Slug:
pocket-news-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pocket News Generator

Plugin Slug:
pocket-news-generator

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Platinum SEO

Plugin Slug:
platinum-seo-pack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

pageMash > Page Management

Plugin Slug:
pagemash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Oxygen Builder

Plugin Slug:
oxygen

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

OpenID

Plugin Slug:
openid

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

News Wall

Plugin Slug:
news-wall

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

New Order Notification for Woocommerce

Plugin Slug:
new-order-notification-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lordicon Animated Icons

Plugin Slug:
lordicon-interactive-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kanban Boards for WordPress

Plugin Slug:
kanban

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Mighty Classic Pros And Cons

Plugin Slug:
joomdev-wp-pros-cons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

IP Blocker Lite

Plugin Slug:
ip-address-blocker

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

iFlyChat – WordPress Chat

Plugin Slug:
iflychat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

HeartThis

Plugin Slug:
heart-this

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Header Image Slider

Plugin Slug:
header-image-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive Image Gallery, Gallery Album

Plugin Slug:
gallery-album

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive Image Gallery, Gallery Album

Plugin Slug:
gallery-album

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Filter Custom Fields & Taxonomies Light

Plugin Slug:
filter-custom-fields-taxonomies-light

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

EnvíaloSimple

Plugin Slug:
envialosimple-email-marketing-y-newsletters-gratis

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

DX-Watermark

Plugin Slug:
dx-watermark

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Hacklog Down As PDF

Plugin Slug:
down-as-pdf

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DD Rating

Plugin Slug:
dd-rating

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Field Bulk Editor

Plugin Slug:
custom-field-bulk-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Convert Post Types

Plugin Slug:
convert-post-types

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Contact Forms by Cimatti

Plugin Slug:
contact-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form 7 Newsletter

Plugin Slug:
contact-form-7-newsletter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Comic Easel

Plugin Slug:
comic-easel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Christmas Greetings

Plugin Slug:
christmas-greetings

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Chauffeur Taxi Booking System for WordPress

Plugin Slug:
chauffeur-booking-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Change default login logo,url and title

Plugin Slug:
change-default-login-logo-url-and-title

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CGC Maintenance Mode

Plugin Slug:
cgc-maintenance-mode

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Low

Plugin:

Carousel Anything For WPBakery Page Builder

Plugin Slug:
carousel-anything

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Button

Plugin Slug:
button

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Appointment Calendar

Plugin Slug:
appointment-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

All In One Redirection

Plugin Slug:
all-in-one-redirection-404-pages-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AI Twitter Feeds (Twitter widget & shortcode)

Plugin Slug:
ai-twitter-feeds

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Aesop Story Engine

Plugin Slug:
aesop-story-engine

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AdsPlace’r – Ad Manager, Inserter, AdSense Ads

Plugin Slug:
adsplacer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Add Shortcodes Actions And Filters

Plugin Slug:
add-actions-and-filters

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
5.9.14

Severity Score:
High

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.9.14

Severity Score:
Medium

Plugin Slug:
all-in-one-wp-security-and-firewall

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.2.7

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.7

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.0.7

Severity Score:
High

Plugin Slug:
ninja-forms

Installations
800,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.1

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
800,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.1

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.1

Severity Score:
High

Plugin Slug:
coblocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.18

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.26

Severity Score:
Medium

Plugin Slug:
metform

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.6

Severity Score:
Medium

Plugin Slug:
newsletter

Installations
300,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
8.2.1

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
Medium

Plugin Slug:
cmp-coming-soon-maintenance

Installations
200,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.1.11

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.97

Severity Score:
Medium

Plugin Slug:
woo-cart-abandonment-recovery

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.27

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.2

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.3

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
5.5.4

Severity Score:
High

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.0.7

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.4.5

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.270

Severity Score:
Medium

Plugin Slug:
download-monitor

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
4.9.5

Severity Score:
High

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.10

Severity Score:
Medium

Plugin Slug:
genesis-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.3

Severity Score:
Medium

Plugin Slug:
list-category-posts

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.89.7

Severity Score:
Medium

Plugin Slug:
meta-tag-manager

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1

Severity Score:
High

Plugin Slug:
pagelayer

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.2

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.10.2

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
3.0.10.2

Severity Score:
High

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
3.0.10.2

Severity Score:
Critical

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.18

Severity Score:
Medium

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.19

Severity Score:
Medium

Plugin Slug:
social-icons-widget-by-wpzoom

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.16

Severity Score:
Medium

Plugin Slug:
stackable-ultimate-gutenberg-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.12.12

Severity Score:
Medium

Plugin Slug:
template-kit-import

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.15

Severity Score:
Medium

Plugin Slug:
woocommerce-multilingual

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.5

Severity Score:
Medium

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.5.3

Severity Score:
Medium

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.5.2

Severity Score:
Medium

Plugin Slug:
wp-whatsapp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.3

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.4.7

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.27

Severity Score:
Medium

Plugin Slug:
boldgrid-easy-seo

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.14

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14

Severity Score:
Medium

Plugin Slug:
users-customers-import-export-for-wp-woocommerce

Installations
70,000+

Vulnerability:
Path Traversal

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
underconstruction

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.22

Severity Score:
Medium

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.1.8

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.3

Severity Score:
High

Plugin Slug:
ajax-load-more

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.2

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.1

Severity Score:
Medium

Plugin Slug:
social-pug

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.33.1

Severity Score:
Medium

Plugin Slug:
social-pug

Installations
50,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.33.2

Severity Score:
High

Plugin Slug:
wpfront-user-role-editor

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
fluent-crm

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.45

Severity Score:
Medium

Plugin Slug:
klarna-payments-for-woocommerce

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.0

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.76

Severity Score:
High

Plugin Slug:
secupress

Installations
40,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.5.2

Severity Score:
Medium

Plugin Slug:
pz-linkcard

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
pz-linkcard

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
High

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-beaver-builder-lite

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
Medium

Plugin Slug:
woo-bulk-editor

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.4.4

Severity Score:
Medium

Plugin Slug:
brave-popup-builder

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
0.6.6

Severity Score:
Medium

Plugin Slug:
easy-appointments

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.11.19

Severity Score:
Medium

Plugin Slug:
easy-appointments

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.11.19

Severity Score:
Medium

Plugin Slug:
ecwid-shopping-cart

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.12.11

Severity Score:
Medium

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.1

Severity Score:
Medium

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1.1

Severity Score:
High

Plugin Slug:
my-calendar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.24

Severity Score:
Medium

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.3

Severity Score:
Medium

Plugin Slug:
weforms

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.21

Severity Score:
Low

Plugin Slug:
wp-file-upload

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.24.6

Severity Score:
Medium

Plugin Slug:
awesome-support

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.1.8

Severity Score:
Medium

Plugin Slug:
booking-package

Installations
10,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.6.29

Severity Score:
High

Plugin Slug:
favorites

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.8.6

Severity Score:
Medium

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.9.1

Severity Score:
Medium

Plugin Slug:
lws-optimize

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
mailster

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.7

Severity Score:
High

Plugin Slug:
mangboard

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
High

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.3.2

Severity Score:
Critical

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.3.1

Severity Score:
Critical

Plugin Slug:
molongui-authorship

Installations
10,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
4.7.8

Severity Score:
Low

Plugin Slug:
page-builder-add

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1.8

Severity Score:
Medium

Plugin Slug:
sellkit

Installations
10,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
simple-revisions-delete

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.4

Severity Score:
Medium

Plugin Slug:
very-simple-contact-form

Installations
10,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
14.8

Severity Score:
Medium

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
5.8.0

Severity Score:
High

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
5.8.0

Severity Score:
Critical

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
media-library-plus

Installations
9,000+

Vulnerability:
SQL Injection

Patched in Version:
8.1.8

Severity Score:
High

Plugin Slug:
wp-hotel-booking

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.9.3

Severity Score:
Medium

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.6.3

Severity Score:
Medium

Plugin Slug:
collectchat

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.18.1

Severity Score:
High

Plugin Slug:
hash-elements

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.7.3

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.9

Severity Score:
High

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.9

Severity Score:
Critical

Plugin Slug:
the-plus-addons-for-block-editor

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.6

Severity Score:
High

Plugin Slug:
wp-forecast

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.3

Severity Score:
Medium

Plugin Slug:
announce-from-the-dashboard

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.3

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

Plugin Slug:
dc-woocommerce-multi-vendor

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.4

Severity Score:
Medium

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.1

Severity Score:
Medium

Plugin Slug:
nelio-content

Installations
6,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.1

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
6,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
9.5.1

Severity Score:
Critical

Plugin Slug:
sliced-invoices

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.3

Severity Score:
Medium

Plugin Slug:
wpzoom-addons-for-beaver-builder

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
booking-activities

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.20

Severity Score:
High

Plugin Slug:
pmpro-mailchimp

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.5

Severity Score:
Medium

Plugin Slug:
b-slider

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.13

Severity Score:
Medium

Plugin Slug:
remove-old-slugspermalinks

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
add-fields-to-checkout-page-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
builderall-cheetah-for-wp

Installations
3,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
cubewp-framework

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.13

Severity Score:
Critical

Plugin Slug:
landingi-landing-pages

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.2

Severity Score:
Medium

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.11

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.10

Severity Score:
Medium

Plugin Slug:
themify-event-post

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.8

Severity Score:
Medium

Plugin Slug:
woocommerce-product-sort-and-display

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.5

Severity Score:
High

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.5

Severity Score:
Critical

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
layouts-for-elementor

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8

Severity Score:
High

Plugin Slug:
responsive-horizontal-vertical-and-accordion-tabs

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.18

Severity Score:
High

Plugin Slug:
rt-easy-builder-advanced-addons-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
wp-express-checkout

Installations
2,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
2.3.8

Severity Score:
High

Plugin Slug:
wpc-badge-management

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.1

Severity Score:
Medium

Plugin Slug:
zionbuilder

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.10

Severity Score:
Medium

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
7.3.8

Severity Score:
High

Plugin Slug:
ai-wp-writer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.5.6

Severity Score:
Medium

Plugin Slug:
bulletin-announcements

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
3.9.0

Severity Score:
High

Plugin Slug:
cf-geoplugin

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.6.5

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.19

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.8

Severity Score:
Medium

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
21.3.6

Severity Score:
High

Plugin Slug:
creative-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
currency-switcher

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0.2

Severity Score:
Medium

Plugin Slug:
easy-form-builder

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
3.7.5

Severity Score:
High

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.3.48

Severity Score:
High

Plugin Slug:
fg-prestashop-to-woocommerce

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.47.0

Severity Score:
Medium

Plugin Slug:
gs-testimonial

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.5

Severity Score:
Medium

Plugin Slug:
icon

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.0.11

Severity Score:
Medium

Plugin Slug:
oss-aliyun

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.4.11

Severity Score:
High

Plugin Slug:
pmpro-payfast

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
print-page

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
stepbyteservice-openstreetmap

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
Medium

Plugin Slug:
tainacan

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.20.8

Severity Score:
Medium

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.12

Severity Score:
High

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.12

Severity Score:
Medium

Plugin Slug:
webinar-and-video-conference-with-jitsi-meet

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
wholesalex

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.3.3

Severity Score:
Critical

Plugin Slug:
wooshark-aliexpress-importer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.5

Severity Score:
Medium

Plugin Slug:
wp-crm-system

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.9.1

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.3.2

Severity Score:
Medium

Plugin Slug:
delucks-seo

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.5

Severity Score:
Medium

Plugin Slug:
creative-image-slider

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
High

Plugin:

YITH WooCommerce Account Funds Premium

Plugin Slug:
yith-woocommerce-account-funds-premium

Vulnerability:
Broken Access Control

Patched in Version:
1.34.0

Severity Score:
Medium

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
SQL Injection

Patched in Version:
10.1.76

Severity Score:
High

Plugin:

Wholesale For WooCommerce

Plugin Slug:
woocommerce-wholesale-pricing

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.1

Severity Score:
Medium

Plugin:

Slider by Supsystic

Plugin Slug:
slider-by-supsystic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.11

Severity Score:
Medium

Plugin:

REHub Framework

Plugin Slug:
rehub-framework

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Plugin:

Limit Attempts by BestWebSoft

Plugin Slug:
limit-attempts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
High

Plugin:

LayerSlider

Plugin Slug:
layerslider

Vulnerability:
SQL Injection

Patched in Version:
7.10.1

Severity Score:
Critical

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
1.30.0

Severity Score:
High

Plugin:

Calendarista Basic Edition

Plugin Slug:
calendarista-basic-edition

Vulnerability:
Broken Access Control

Patched in Version:
3.0.6

Severity Score:
Medium

WordPress Themes — 3 Patched / 0 Unpatched

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

Written by:
Abdul Wahid
Published on:
April 5, 2024

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter