• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – April 5, 2023

WordPress Vulnerability Report – April 5, 2023

This week, the total number of patched and unpatched vulnerabilities is low but still may affect five million+ WordPress sites. There are 55 plugin vulnerabilities and two themes with security patches available, so run those updates if you use these plugins! Additionally, there are 18 plugin vulnerabilities with no patch available yet. At least three of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

WordPress Core News

WordPress 6.2 is the first major release of 2023, with over 900 enhancements and fixes. You’ll notice a reimagined Site Editor, blocks get even better, and new tools and improvements in WordPress 6.2. As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.2 automatically. You can download WordPress 6.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.2 HelpHub documentation page.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Advanced Custom Fields

Product image for Advanced Custom Fields (ACF).

Plugin Slug
advanced-custom-fields

Installations
2,000,000+

Vulnerability
PHP Object Injection

Patched in Version
6.1.0

Severity Score
High

The vulnerability has been patched, so you should update to version 6.1.0.

Custom Post Type UI

Product image for Custom Post Type UI.

Plugin Slug
custom-post-type-ui

Installations
1,000,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.13.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.13.5.

WPCode

Plugin Slug
insert-headers-and-footers

Installations
1,000,000+

Vulnerability
Cross-Site Request Forgery (CSRF)

Patched in Version
2.0.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.9.

Happy Addons for Elementor

Product image for Happy Addons for Elementor.

Plugin Slug
happy-elementor-addons

Installations
300,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.8.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.3.

Newsletter

Product image for Newsletter – Send awesome emails from WordPress.

Plugin Slug
newsletter

Installations
300,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
7.6.9

Severity Score
High

The vulnerability has been patched, so you should update to version 7.6.9.

Slimstat Analytics

Product image for Slimstat Analytics.

Plugin Slug
wp-slimstat

Installations
100,000+

Vulnerability
SQL Injection

Patched in Version
4.9.3.4

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.3.4.

WC Fields Factory

Plugin
WC Fields Factory

Plugin Slug
wc-fields-factory

Vulnerability
SQL Injection

Patched in Version
4.1.6

Severity Score
High

The vulnerability has been patched, so you should update to version 4.1.6.

Enhanced WP Contact Form

Plugin
Enhanced WP Contact Form

Plugin Slug
enhanced-wordpress-contactform

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.

AJAX Search Pro

Plugin
Ajax Search Pro

Plugin Slug
ajax-search-pro

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.26.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.26.2.

AJAX Search Lite

Product image for Ajax Search Lite.

Plugin Slug
ajax-search-lite

Installations
70,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.11.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.11.1.

Simple Author Box

Product image for Simple Author Box.

Plugin Slug
simple-author-box

Installations
60,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.51

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.51.

Advanced Shipment Tracking for WooCommerce

Product image for Advanced Shipment Tracking for WooCommerce.

Plugin Slug
woo-advanced-shipment-tracking

Installations
60,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.5.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.5.3.

Maps Widget for Google Maps

Product image for Maps Widget for Google Maps.

Plugin Slug
google-maps-widget

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.24

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.24.

Popup Anything

Product image for Popup Anything – A Marketing Popup and Lead Generation Conversions.

Plugin Slug
popup-anything-on-click

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.2.

Feed Them Social

Product image for Feed Them Social – Page, Post, Video, and Photo Galleries.

Plugin Slug
feed-them-social

Installations
40,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.0.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.8.

Gallery by BestWebSoft

Product image for Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress.

Plugin Slug
gallery-plugin

Installations
20,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.7.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.7.0.

WP Meta SEO

Product image for WP Meta SEO.

Plugin Slug
wp-meta-seo

Installations
20,000+

Vulnerability
Deserialization of untrusted data

Patched in Version
4.5.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.5.

Direct checkout, Add to cart redirect for WooCommerce

Product image for Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce.

Plugin Slug
add-to-cart-direct-checkout-for-woocommerce

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.1.49

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.49.

Affiliates Manager

Product image for Affiliates Manager.

Plugin Slug
affiliates-manager

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.9.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.21.

MasterStudy LMS

Product image for MasterStudy LMS WordPress Plugin – for Online Courses and Education.

Plugin Slug
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
2.9.35

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.35.

WP Ultimate Review

Product image for Wp Ultimate Review.

Plugin Slug
wp-ultimate-review

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.

WP Ultimate Review

Product image for Wp Ultimate Review.

Plugin Slug
wp-ultimate-review

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.

WP VR

Product image for WP VR – 360 Panorama and Virtual Tour Builder For WordPress.

Plugin Slug
wpvr

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
8.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.3.0.

Zippy

Product image for Zippy.

Plugin Slug
zippy

Installations
10,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
1.6.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.2.

Magic Post Thumbnail

Product image for Magic Post Thumbnail.

Plugin Slug
magic-post-thumbnail

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.1.11

Severity Score
High

The vulnerability has been patched, so you should update to version 4.1.11.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Local File Inclusion

Patched in Version
5.4.3

Severity Score
High

The vulnerability has been patched, so you should update to version 5.4.3.

WPMobile.App

Product image for WPMobile.App — Android and iOS Mobile Application.

Plugin Slug
wpappninja

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
11.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 11.21.

Configurable Tag Cloud

Plugin Slug
configurable-tag-cloud-widget

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
5.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.3.

TF Random Numbers

Product image for Themeflection Numbers – Number Counter and Animated Numbers.

Plugin Slug
tf-numbers-number-counter-animaton

Installations
5,000+

Vulnerability
Broken Access Control

Patched in Version
2.0.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.1.

Advanced Local Pickup for WooCommerce

Product image for Advanced Local Pickup for WooCommerce.

Plugin Slug
advanced-local-pickup-for-woocommerce

Installations
4,000+

Vulnerability
Other Vulnerability Type

Patched in Version
1.5.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.3.

ChatBot

Product image for AI ChatBot.

Plugin Slug
chatbot

Installations
4,000+

Vulnerability
Broken Access Control

Patched in Version
4.4.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.4.8.

Sp*tify Play Button

Product image for Sp*tify Play Button for WordPress.

Plugin Slug
spotify-play-button-for-wordpress

Installations
4,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.08

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.08.

Trending/Popular Post Slider and Widget

Product image for Trending/Popular Post Slider and Widget.

Plugin Slug
wp-trending-post-slider-and-widget

Installations
4,000+

Vulnerability
Broken Access Control

Patched in Version
1.5.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.8.

Full Width Banner Slider

Product image for Full Width Banner Slider Wp.

Plugin Slug
full-width-responsive-slider-wp

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.1.8

Severity Score
High

The vulnerability has been patched, so you should update to version 1.1.8.

Quick Paypal Payments

Plugin Slug
quick-paypal-payments

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
5.7.26.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.7.26.4.

Coupon Affiliates

Product image for Coupon Affiliates – WooCommerce Affiliate Plugin.

Plugin Slug
woo-coupon-usage

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
5.4.4

Severity Score
High

The vulnerability has been patched, so you should update to version 5.4.4.

PropertyHive

Product image for PropertyHive.

Plugin Slug
propertyhive

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.5.47

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.47.

Affiliate Toolkit

Product image for affiliate-toolkit – WordPress Affiliate Plugin.

Plugin Slug
affiliate-toolkit-starter

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.4.

Albo Pretorio On line

Product image for Albo Pretorio On line.

Plugin Slug
albo-pretorio-on-line

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.6.2

Severity Score
High

The vulnerability has been patched, so you should update to version 4.6.2.

Conditional Extra Fees for WooCommerce

Product image for Conditional cart fee / Extra charge rule for WooCommerce extra fees.

Plugin Slug
conditional-extra-fees-for-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.97

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.97.

Product Enquiry for WooCommerce

Product image for Product Enquiry for WooCommerce, WooCommerce product catalog.

Plugin Slug
enquiry-quotation-for-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.2.13

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.13.

Order Date and Time for WooCommerce

Product image for Order date, Order pickup, Order date time, Pickup Location, delivery date  for WooCommerce.

Plugin Slug
pi-woocommerce-order-date-time-and-type

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.0.20

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.20.

Product Page Shipping Calculator for WooCommerce

Product image for Product page shipping calculator for WooCommerce.

Plugin Slug
product-page-shipping-calculator-for-woocommerce

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.21.

WishSuite – Wishlist for WooCommerce

Product image for WishSuite – Wishlist for WooCommerce.

Plugin Slug
wishsuite

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.4.

CopySafe Web Protection

Product image for CopySafe Web Protection.

Plugin Slug
wp-copysafe-web

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.14

Severity Score
High

The vulnerability has been patched, so you should update to version 3.14.

SMTP Mailing Queue

Plugin Slug
smtp-mailing-queue

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.0.

HT Builder

Product image for HT Builder – WordPress Theme Builder for Elementor.

Plugin Slug
ht-builder

Installations
500+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.0.

Mobile Banner

Product image for Mobile Banner.

Plugin Slug
mobile-banner

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.

Easy Quiz Maker

Product image for Easy Quiz Maker.

Plugin Slug
n-media-wp-simple-quiz

Installations
100+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.0.

Welcome Bar

Product image for Welcome Bar.

Plugin Slug
intelly-welcome-bar

Installations
30+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.4.

Welcome Bar

Product image for Welcome Bar.

Plugin Slug
intelly-welcome-bar

Installations
30+

Vulnerability
Broken Access Control

Patched in Version
2.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.4.

Add User Role

Plugin
Add User Role

Plugin Slug
add-user-role

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.7

Severity Score
High

The vulnerability has been patched, so you should update to version 1.6.7.

HappyFiles Pro

Plugin
HappyFiles Pro

Plugin Slug
happyfiles-pro

Vulnerability
Arbitrary File Deletion

Patched in Version
1.8.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.8.2.

HappyFiles Pro

Plugin
HappyFiles Pro

Plugin Slug
happyfiles-pro

Vulnerability
Broken Access Control

Patched in Version
1.8.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.2.

Image Over Image For WPBakery Page Builder

Plugin
Image Over Image For WPBakery Page Builder

Plugin Slug
image-over-image-vc-extension

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WC Fields Factory

Plugin
WC Fields Factory

Plugin Slug
wc-fields-factory

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Swatchly – WooCommerce Variation Swatches for Products

Product image for Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches).

Plugin Slug
swatchly

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

PixFields

Plugin Slug
pixfields

Installations
4,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Libsyn Publisher Hub

Product image for Libsyn Publisher Hub.

Plugin Slug
libsyn-podcasting

Installations
3,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Comment Reply Notification plugin <= 1.4 – Cross Site Request Forgery (CSRF) vulnerability

Plugin Slug
comment-reply-notification

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Media Replace

Product image for Easy Media Replace.

Plugin Slug
easy-media-replace

Installations
2,000+

Vulnerability
Arbitrary File Deletion

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

HT Menu – WordPress Mega Menu Builder for Elementor

Product image for HT Menu – WordPress Mega Menu Builder for Elementor.

Plugin Slug
ht-menu-lite

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

JustTables – WooCommerce Product Table

Product image for JustTables – WooCommerce Product Table.

Plugin Slug
just-tables

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

LionScripts: IP Blocker Lite

Product image for LionScripts: IP Blocker Lite.

Plugin Slug
ip-address-blocker

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Really Simple Google Tag Manager

Product image for Really Simple Google Tag Manager.

Plugin Slug
really-simple-google-tag-manager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Proof (Testimonial) Slider

Product image for Social Proof (Testimonial) Slider.

Plugin Slug
social-proof-testimonials-slider

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Premmerce Redirect Manager

Product image for Premmerce Redirect Manager.

Plugin Slug
premmerce-redirect-manager

Installations
900+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Premmerce Redirect Manager

Product image for Premmerce Redirect Manager.

Plugin Slug
premmerce-redirect-manager

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Custom More Link Complete

Product image for Custom More Link Complete.

Plugin Slug
custom-more-link-complete

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Custom Checkout Fields Editor With Drag & Drop

Product image for Woocommerce Custom Checkout Fields Editor With Drag & Drop.

Plugin Slug
woo-custom-checkout-fields

Installations
400+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Solidres

Product image for Solidres – Hotel booking plugin for WordPress.

Plugin Slug
solidres

Installations
100+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Gift Cards (Gift Vouchers and Packages) for WooCommerce

Plugin
Gift Vouchers

Plugin Slug
gift-voucher

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
Critical

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Product Specifications for WooCommerce

Plugin
Product Specifications for Woocommerce

Plugin Slug
product-specifications

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Viral Mag

Product image for Viral Mag.

Theme Slug
viral-mag

Downloads
16,279

Vulnerability
Broken Authentication

Patched in Version
1.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.0.

Outdoor

Theme
Outdoor

Theme Slug
outdoor

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.9.7

Severity Score
High

The vulnerability has been patched, so you should update to version 3.9.7.
iThemes Team

Source link

Written by:
Abdul Wahid
Published on:
April 8, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter