• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – February 9, 2022

WordPress Vulnerability Report – February 9, 2022

Written by

Michael Moore

on

February 9, 2022

Last Updated on February 9, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. New in this report: vulnerabilities are now listed in order by the number of active installs, rather than the date of the disclosure.

Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Contents of the February 2, 2022 Report

WordPress 5.9: Core Major Version Update Now Available

WordPress 5.9 “Joséphine” was released on January 25, 2022, as the first major WordPress core release of the year. The biggest thing to know about WordPress 5.9 is simply this: Full Site Editing (FSE) using the WordPress block editor is here (well, if you want to use it or your theme supports it).

WordPress 5.9 represents the largest release of Gutenberg features since the initial Gutenberg launch in WordPress 5.0. In addition, WordPress 5.9 includes 99 enhancements and 100 bug fixes.

In this post, we unpack what’s new and noteworthy in WordPress 5.9 so you can get the most out of the latest version of WordPress.

You can update to WordPress 5.9 by downloading from WordPress.org or visiting your WordPress admin dashboard > Updates and clicking Update Now.

If you have sites that have enabled automatic background updates, they should have already updated successfully. Just be sure to verify that all your WordPress sites are on WordPress 5.9.

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

All-in-One WP Migration

Product image for All-in-One WP Migration.

Plugin
All-in-One WP Migration

Installations
4,000,000+

Vulnerability
Admin+ Arbitrary File Upload to RCE

Patched in Version
7.41

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.41.

Ad Inserter

Product image for Ad Inserter – Ad Manager & AdSense Ads.

Plugin
Ad Inserter – Ad Manager & AdSense Ads

Installations
200,000+

Vulnerability
Admin+ RCE / Stored XSS

Patched in Version
2.7.11

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.11.

White Label CMS

Product image for White Label CMS.

Plugin
White Label CMS

Installations
200,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
2.2.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.9.

WordPress Download Manager

Product image for Download Manager.

Plugin
Download Manager

Installations
100,000+

Vulnerability
Sensitive Information Disclosure

Patched in Version
3.2.35

Severity Score
High

The vulnerability has been patched, so you should update to version 3.2.35.

Product Feed PRO for WooCommerce

Product image for Product Feed PRO for WooCommerce.

Plugin
Product Feed PRO for WooCommerce

Installations
80,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
11.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 11.2.3.

Advanced iFrame

Product image for Advanced iFrame.

Plugin
Advanced iFrame

Installations
70,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
2022

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2022.

WordPress Real Cookie Banner

Product image for WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent.

Plugin
WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent

Installations
60,000+

Vulnerability
Settings Reset via CSRF

Patched in Version
2.14.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.14.2.

AdRotate

Product image for AdRotate – Ad manager & AdSense Ads.

Plugin
AdRotate – Ad manager & AdSense Ads

Installations
40,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
5.8.22

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.8.22.

Conversios.io

Product image for Conversios.io – Google Analytics and Google Shopping plugin for WooCommerce.

Plugin
Conversios.io – Google Analytics and Google Shopping plugin for WooCommerce

Installations
40,000+

Vulnerability
Subscriber+ SQL Injection

Patched in Version
4.6.2

Severity Score
High

The vulnerability has been patched, so you should update to version 4.6.2.

NotificationX

Product image for NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor.

Plugin
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor

Installations
30,000+

Vulnerability
Unauthenticated Blind SQL Injection

Patched in Version
2.3.9

Severity Score
High

The vulnerability has been patched, so you should update to version 2.3.9.

Contact Form & Lead Form Elementor Builder Plugin

Product image for Contact Form & Lead Form Elementor Builder.

Plugin
Contact Form & Lead Form Elementor Builder

Installations
20,000+

Vulnerability
Multiple Subscriber+ Settings Update

Patched in Version
1.7.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.4.

Easy Pricing Tables

Product image for Pricing Tables WordPress Plugin – Easy Pricing Tables.

Plugin
Pricing Tables WordPress Plugin – Easy Pricing Tables

Installations
20,000+

Vulnerability
Arbitrary Post Removal via CSRF

Patched in Version
3.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.3.

Page Views Count

Product image for Page View Count.

Plugin
Page View Count

Installations
20,000+

Vulnerability
Unauthenticated SQL Injection

Patched in Version
2.4.15

Severity Score
High

The vulnerability has been patched, so you should update to version 2.4.15.

IP2Location Country Blocker

Product image for IP2Location Country Blocker.

Plugin
IP2Location Country Blocker

Installations
10,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
2.26.9

Severity Score
Low

The vulnerability has been patched, so you should update to version 2.26.9.

RegistrationMagic

Product image for RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin.

Plugin
RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin

Installations
10,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
5.0.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.0.2.2.

Catch Themes Demo Import

Product image for Catch Themes Demo Import.

Plugin
Catch Themes Demo Import

Installations
10,000+

Vulnerability
Admin+ Remote Code Execution

Patched in Version
2.1.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.1.

MasterStudy LMS

Product image for MasterStudy LMS – WordPress LMS Plugin.

Plugin
MasterStudy LMS – WordPress LMS Plugin

Installations
10,000+

Vulnerability
Unauthenticated Admin Account Creation

Patched in Version
2.7.6

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.7.6.

Custom Content Shortcode

Product image for Custom Content Shortcode.

Plugin
Custom Content Shortcode

Installations
10,000+

Vulnerability
Unauthorised Arbitrary Post Metadata Access; Authenticated Arbitrary File Access / LFI; Authenticated Stored Cross-Site Scripting

Patched in Version
4.0.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.0.1.

EasyJobs

Product image for EasyJobs – Easiest Talent Recruitment Suite – Job Manager & Career Page in Elementor.

Plugin
EasyJobs – Easiest Talent Recruitment Suite – Job Manager & Career Page in Elementor

Installations
5,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
1.4.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.8.

WP Time Slots Booking Form

Product image for WP Time Slots Booking Form.

Plugin
WP Time Slots Booking Form

Installations
1,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
1.1.63

Severity Score
Low

The vulnerability has been patched, so you should update to version 1.1.63.

CP Blocks

Product image for CP Blocks.

Plugin
CP Blocks

Installations
1,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
1.0.15

Severity Score
Low

The vulnerability has been patched, so you should update to version 1.0.15.

Premium Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed in closed plugins. Each plugin listing includes the type of vulnerability, the severity rating, and the date of closure

Multisite User Sync/Unsync

Plugin
WordPress Multisite User Sync/Unsync

Installations
Unknown; Premium Plugin

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
2.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.2.

Multisite Content Copier/Updater Pro

Plugin
WordPress Multisite Content Copier/Updater

Installations
Unknown; Premium Plugin

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
2.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.

WordPress Plugin Vulnerabilities – No Known Fix

In this section, the latest WordPress plugin vulnerabilities have been disclosed in closed plugins. Each plugin listing includes the type of vulnerability, the severity rating, and the date of closure

Cost Calculator

Plugin
Cost Calculator

Vulnerability
Authenticated Local File Inclusion

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Vulnerabilities

No new theme vulnerabilities were disclosed this week.

How to Protect Your WordPress Website From Vulnerable Plugins and Themes

As you can see from this report, lots of new WordPress plugin and theme vulnerabilities are disclosed each week. We know it can be difficult to stay on top of every reported vulnerability disclosure, so the iThemes Security Pro plugin makes it easy to make sure your site isn’t running a theme, plugin, or WordPress core version with a known vulnerability.

Get iThemes Security Pro with 24/7 Website Security Monitoring

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.

Get iThemes Security Pro

Michael Moore

Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.

WordPress vulnerability report

Source link

Written by:
Abdul Wahid
Published on:
February 10, 2022

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter