In this report, 53 vulnerabilities have been publicly disclosed. Security patches for 36 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 17 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
WordPress Plugins — 35 Patched / 17 Unpatched
- Plugin:
-
aBitGone CommentSafe
- Plugin Slug:
- abitgone-commentsafe
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Add SVG Support for Media Uploader | inventivo
- Plugin Slug:
- add-svg-support-for-media-uploader-inventivo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Advanced Schedule Posts
- Plugin Slug:
- advanced-schedule-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Better Follow Button for Jetpack
- Plugin Slug:
- better-follow-button-for-jetpack
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
enigma chart.js
- Plugin Slug:
- enigma-chartjs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
enigma chart.js
- Plugin Slug:
- enigma-chartjs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
(Simply) Guest Author Name
- Plugin Slug:
- guest-author-name
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
lasTunes
- Plugin Slug:
- lastunes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
illi Link Party!
- Plugin Slug:
- link-party
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
illi Link Party!
- Plugin Slug:
- link-party
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
illi Link Party!
- Plugin Slug:
- link-party
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Mang Board WP
- Plugin Slug:
- mangboard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Splashscreen
- Plugin Slug:
- splashscreen
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
SVG Uploads Support
- Plugin Slug:
- svg-uploads-support
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ultimate Noindex Nofollow Tool
- Plugin Slug:
- ultimate-noindex-nofollow-tool
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Marketing Twitter Bot
- Plugin Slug:
- wordpress-twitterbot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WP-Reply Notify
- Plugin Slug:
- wp-reply-notify
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- better-search-replace
- Installations
- 1,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.5
- Severity Score:
- Critical
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.2.2
- Severity Score:
- High
- Plugin Slug:
- wp-google-maps
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.29
- Severity Score:
- High
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.9.95
- Severity Score:
- Medium
- Plugin Slug:
- formidable
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.8
- Severity Score:
- Medium
- Plugin Slug:
- backuply
- Installations
- 200,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 1.8.20
- Severity Score:
- Critical
- Plugin Slug:
- accelerated-mobile-pages
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.93
- Severity Score:
- High
- Plugin Slug:
- filebird
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- Plugin Slug:
- instant-images
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.1
- Severity Score:
- High
- Plugin Slug:
- vk-block-patterns
- Installations
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.31.2.0
- Severity Score:
- Medium
- Plugin Slug:
- form-maker
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.15.22
- Severity Score:
- Medium
- Plugin Slug:
- wp-rss-aggregator
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.23.5
- Severity Score:
- Medium
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- Plugin Slug:
- ai-assistant-by-10web
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.19
- Severity Score:
- Medium
- Plugin Slug:
- wp-dashboard-notes
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.11
- Severity Score:
- Medium
- Plugin Slug:
- meks-smart-social-widget
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.4
- Severity Score:
- Medium
- Plugin Slug:
- pdf-poster
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.18
- Severity Score:
- High
- Plugin Slug:
- wordpress-simple-paypal-shopping-cart
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.2
- Severity Score:
- Medium
- Plugin Slug:
- cryptocurrency-price-ticker-widget
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.6
- Severity Score:
- Critical
- Plugin Slug:
- customer-area
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.2.3
- Severity Score:
- High
- Plugin Slug:
- fluentforms-pdf
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.8
- Severity Score:
- Medium
- Plugin Slug:
- woo-product-category-discount
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.12
- Severity Score:
- Medium
- Plugin Slug:
- woo-product-category-discount
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.13
- Severity Score:
- Medium
- Plugin Slug:
- sticky-buttons
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- Plugin Slug:
- dragfy-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.2
- Severity Score:
- Medium
- Plugin Slug:
- instawp-connect
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.1.0.10
- Severity Score:
- High
- Plugin Slug:
- instawp-connect
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 0.1.0.10
- Severity Score:
- High
- Plugin Slug:
- views-for-wpforms-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- Plugin Slug:
- allow-svg
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- Plugin Slug:
- coreactivity
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- Plugin:
-
MaxButtons
- Plugin Slug:
- maxbutton
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.7.7
- Severity Score:
- Medium
- Plugin:
-
File Manager Pro
- Plugin Slug:
- wp-file-manager-pro
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.3.5
- Severity Score:
- High
- Plugin:
-
WPForms Pro
- Plugin Slug:
- wpforms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.5.4
- Severity Score:
- High
WordPress Themes — 1 Patched / 0 Unpatched
- Theme Slug:
- colormag
- Downloads
- 3,799,423
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!