WordPress Vulnerability Report — July 10, 2024

In this report, 182 vulnerabilities have been publicly disclosed. Security patches for 123 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 103 Patched / 56 Unpatched

2.1
Social Media Share Buttons & Social Sharing Icons
2.2
Meks Easy Ads Widget
2.3
WPJAM Basic
2.4
Ultimate WordPress Auction Plugin
2.5
CC & BCC for Woocommerce Order Emails
2.6
nicen-localize-image
2.7
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
2.8
Tooltip for Gravity Forms
2.9
WPFavicon
2.10
Leaky Paywall
2.11
Quiz | Survey | Exam | Questionnaire | Feedback – Best Survey Plugin for WordPress
2.12
Taager
2.13
Weight Tracker
2.14
Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction
2.15
Link To Bible
2.16
Amelia Shortcode Extended
2.17
WS Theme Addons
2.18
Canvas-Nest.js
2.19
Logic Hop – Dynamic Content Personalization for WordPress
2.20
Meal Tracker
2.21
Contact Form by TotalForm – Next-gen Form Builder for WordPress
2.22
WS Contact Form
2.23
Easy Speedup by PageCDN
2.24
WebSitter Pro
2.25
Magic Conversation For Gravity Forms
2.26
Field Day
2.27
Livemesh Addons for Elementor
2.28
Livemesh Addons for Elementor
2.29
ADDRESSYA
2.30
alfred24 Click & Collect
2.31
Alfred Easy Shipping
2.32
CommandBar for WP Admin
2.33
Digital River Global Commerce
2.34
Easy Custom Code (LESS/CSS/JS) – Live editing
2.35
Floating Social Buttons
2.36
Floating Social Media Links
2.37
Responsive Image Gallery, Gallery Album
2.38
Ideaplus
2.39
Image Hover Effects – Caption Hover with Carousel
2.40
Jobs.af
2.41
Login Logo Editor
2.42
Mine Video Player
2.43
Get Better Reviews for WooCommerce
2.44
Save as PDF plugin by Pdfcrowd
2.45
Simple Social Share
2.46
Simply Show Hooks
2.47
sitetweet
2.48
Elementor Addons, Widgets and Enhancements – Stax
2.49
Template Kit – Export
2.50
Testimonials Widget
2.51
UltraAddons Elementor Lite
2.52
Viva Payments
2.53
WordPress Notification Bar
2.54
wp-code-highlightjs
2.55
WP Cookie Law Info
2.56
WP To Do
2.57
Elementor Header & Footer Builder
2.58
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
2.59
Ninja Forms – The Contact Form Builder That Grows With You
2.60
Spectra – WordPress Gutenberg Blocks
2.61
Premium Addons for Elementor
2.62
Premium Addons for Elementor
2.63
The Events Calendar
2.64
Ocean Extra
2.65
Gutenberg
2.66
Beaver Builder – WordPress Page Builder
2.67
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
2.68
Nested Pages
2.69
Featured Image from URL (FIFU)
2.70
LearnPress – WordPress LMS Plugin
2.71
LearnPress – WordPress LMS Plugin
2.72
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.73
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.74
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.75
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.76
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.77
Booking for Appointments and Events Calendar – Amelia
2.78
Media Library Assistant
2.79
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.80
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.81
Ultimate Blocks – WordPress Blocks Plugin
2.82
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
2.83
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.84
WP Lightbox 2
2.85
Apollo13 Framework Extensions
2.86
Void Contact Form 7 Widget For Elementor Page Builder
2.87
Cost Calculator Builder
2.88
Cost Calculator Builder
2.89
Easy Google Maps
2.90
Rife Elementor Extensions & Templates
2.91
weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.92
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
2.93
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
2.94
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
2.95
AI Power: Complete AI Pack – Powered by GPT-4
2.96
LA-Studio Element Kit for Elementor
2.97
Mega Elements – Addons for Elementor
2.98
Simple Newsletter Plugin – Noptin
2.99
NEX-Forms – Ultimate Form Builder – Contact forms and much more
2.100
Swift Performance Lite
2.101
Product Customer List for WooCommerce
2.102
Word Balloon
2.103
Event Manager, Events Calendar, Tickets, Registrations – Eventin
2.104
Motors – Car Dealer, Classifieds & Listing
2.105
Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator
2.106
WordPress Sentry
2.107
YITH WooCommerce Affiliates
2.108
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
2.109
Create by Mediavine
2.110
ProfileGrid – User Profiles, Groups and Communities
2.111
Ultimate Bootstrap Elements for Elementor
2.112
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
2.113
Beaver Builder Addons by WPZOOM
2.114
Snippet Shortcodes
2.115
AWSM Team – Team Showcase Plugin
2.116
bbPress Notify (No-Spam)
2.117
Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox
2.118
Advanced Classifieds & Directory Pro
2.119
FileBird Document Library
2.120
HelloAsso
2.121
IMGspider – ????????
2.122
ShopBuilder – Elementor WooCommerce Builder Addons
2.123
CRM Perks Forms – WordPress Form Builder
2.124
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
2.125
MakeCommerce for WooCommerce
2.126
Online Booking & Scheduling Calendar for WordPress by vcita
2.127
One Click Order Re-Order
2.128
Premium Blocks – Gutenberg Blocks for WordPress
2.129
YAHMAN Add-ons
2.130
Church Admin
2.131
IdeaPush
2.132
Newspack Newsletters
2.133
Post Meta Data Manager
2.134
SuperSaaS – online appointment scheduling
2.135
Zephyr Project Manager
2.136
Comment Reply Email
2.137
ShipAny WooCommerce: Ship, Label, Tracking
2.138
Integration for Luminate and Gravity Forms
2.139
Qualified Electronic Signatures by eID Easy
2.140
BLAZE Retail Widget
2.141
Contact Form 7 Multi-Step Addon
2.142
XPlainer – WooCommerce Product FAQ
2.143
JetThemeCore
2.144
Modern Events Calendar
2.145
Modern Events Calendar Lite
2.146
Newspack Ads
2.147
Newspack Content Converter
2.148
Newspack Campaigns
2.149
PayPlus Payment Gateway
2.150
PayPlus Payment Gateway
2.151
Social Warfare
2.152
Ultimate Addons for Elementor
2.153
Woffice Core
2.154
Woffice Core
2.155
WooCommerce Social Login
2.156
CopySafe Web Protection
2.157
WP Directory Kit
2.158
WPQA – Builder forms Addon
2.159
WPQA – Builder forms Addon

3. WordPress Themes — 20 Patched / 3 Unpatched

3.1
zBench
3.2
Boot Store
3.3
counterpoint
3.4
Ashe
3.5
Bakes And Cakes
3.6
Bard
3.7
Blocksy
3.8
Business One Page
3.9
Construction Landing Page
3.10
Hestia
3.11
Highlight
3.12
Lawyer Landing Page
3.13
Metro Magazine
3.14
Newsmatic
3.15
Posterity
3.16
Rara Business
3.17
Rife Free
3.18
Trendy News
3.19
Basil
3.20
BookYourTravel
3.21
Himer
3.22
Himer
3.23
Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC3 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

WordPress Plugins — 103 Patched / 56 Unpatched

Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: meks-easy-ads-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: wpjam-basic
Installations: 5,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: ultimate-auction
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: cc-bcc-for-woocommerce-order-emails
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: nicen-localize-image
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: stepbyteservice-openstreetmap
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: tooltip-for-gravity-forms
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: wpfavicon
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: leaky-paywall
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: totalsurvey
Installations: 600+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: taager
Installations: 500+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: weight-loss-tracker
Installations: 500+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: totalrating
Installations: 300+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: link-to-bible
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: theidealweb-amelia-shortcode-extended
Installations: 200+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: ws-theme-addons
Installations: 200+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: canvas-nestjs
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: logic-hop
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: meal-tracker
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: totalform
Installations: 70+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: ws-contact-form
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: pagecdn
Installations: 30+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: triagetrak
Installations: 30+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: magic-conversation-for-gravity-forms
Installations: 10+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: activityhub
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Livemesh Addons for Elementor
Plugin Slug:: addons-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Livemesh Addons for Elementor
Plugin Slug:: addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: addressya-for-woocommerce
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: alfred24 Click & Collect
Plugin Slug:: alfred-click-collect
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Alfred Easy Shipping
Plugin Slug:: alfred-easy-shipping
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CommandBar for WP Admin
Plugin Slug:: commandbar-for-wp-admin
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Digital River Global Commerce
Plugin Slug:: digital-river-global-commerce
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy Custom Code (LESS/CSS/JS) – Live editing
Plugin Slug:: easy-custom-code
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Floating Social Buttons
Plugin Slug:: floating-social-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Floating Social Media Links
Plugin Slug:: floating-social-media-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: ideaplus
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Jobs.af
Plugin Slug:: jobs-af
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Login Logo Editor
Plugin Slug:: login-logo-editor-by-oizuled
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Mine Video Player
Plugin Slug:: mine-video
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Get Better Reviews for WooCommerce
Plugin Slug:: more-better-reviews-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Save as PDF plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simple Social Share
Plugin Slug:: simple-social-share
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simply Show Hooks
Plugin Slug:: simply-show-hooks
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: sitetweet-tweets-user-behaviors-on-your-site-on-twitter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Elementor Addons, Widgets and Enhancements – Stax
Plugin Slug:: stax-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Template Kit – Export
Plugin Slug:: template-kit-export
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: UltraAddons Elementor Lite
Plugin Slug:: ultraaddons-elementor-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Viva Payments
Plugin Slug:: viva-payments-simple-checkout
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WordPress Notification Bar
Plugin Slug:: wordpress-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: wp-code-highlightjs
Plugin Slug:: wp-code-highlightjs
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Cookie Law Info
Plugin Slug:: wp-cookie-law-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP To Do
Plugin Slug:: wp-todo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.36
Severity Score:: Medium

Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.219
Severity Score:: Medium

Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.5
Severity Score:: Medium

Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.8
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 4.10.36
Severity Score:: Low

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.36
Severity Score:: Medium

Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.1.5
Severity Score:: Medium

Plugin Slug:: ocean-extra
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium

Plugin Slug:: gutenberg
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 18.6.1
Severity Score:: Medium

Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium

Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.2
Severity Score:: Medium

Plugin Slug:: wp-nested-pages
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.8
Severity Score:: High

Plugin Slug:: featured-image-from-url
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.3
Severity Score:: Medium

Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium

Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.6
Severity Score:: High

Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium

Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium

Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium

Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium

Plugin Slug:: ameliabooking
Installations: 70,000+
Vulnerability:: Backdoor
Patched in Version:: 1.1.9
Severity Score:: Medium

Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.18
Severity Score:: High

Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.26
Severity Score:: Medium

Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.6
Severity Score:: Medium

Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium

Plugin Slug:: woocommerce-google-adwords-conversion-tracking-tag
Installations: 50,000+
Vulnerability:: Backdoor
Patched in Version:: 1.43.4
Severity Score:: Medium

Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.2
Severity Score:: Medium

Plugin Slug:: wp-lightbox-2
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6.7
Severity Score:: Medium

Plugin Slug:: apollo13-framework-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium

Plugin Slug:: cf7-widget-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium

Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium

Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.13
Severity Score:: Medium

Plugin Slug:: google-maps-easy
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.16
Severity Score:: Medium

Plugin Slug:: rife-elementor-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium

Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 1.6.24
Severity Score:: Medium

Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 4.0.8
Severity Score:: Medium

Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.1.8
Severity Score:: Medium

Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.1.8
Severity Score:: Medium

Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.67
Severity Score:: Medium

Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High

Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium

Plugin Slug:: newsletter-optin-box
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium

Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.6.1
Severity Score:: Medium

Plugin Slug:: swift-performance-lite
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.6.21
Severity Score:: Medium

Plugin Slug:: wc-product-customer-list
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 3.1.7
Severity Score:: Medium

Plugin Slug:: word-balloon
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 4.22.2
Severity Score:: Medium

Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium

Plugin Slug:: motors-car-dealership-classified-listings
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium

Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.34
Severity Score:: Medium

Plugin Slug:: wp-sentry-integration
Installations: 9,000+
Vulnerability:: Backdoor
Patched in Version:: 7.9.0
Severity Score:: Medium

Plugin Slug:: yith-woocommerce-affiliates
Installations: 8,000+
Vulnerability:: Backdoor
Patched in Version:: 3.8.1
Severity Score:: Medium

Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.6
Severity Score:: High

Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.8
Severity Score:: Medium

Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.3
Severity Score:: High

Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.28
Severity Score:: High

Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6
Severity Score:: Medium

Plugin Slug:: shortcode-variables
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.5
Severity Score:: Medium

Plugin Slug:: awsm-team
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.2
Severity Score:: Medium

Plugin Slug:: bbpress-notify-nospam
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.18.4
Severity Score:: High

Plugin Slug:: firebox
Installations: 4,000+
Vulnerability:: Backdoor
Patched in Version:: 2.1.16
Severity Score:: Medium

Plugin Slug:: advanced-classifieds-and-directory-pro
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.2.1
Severity Score:: High

Plugin Slug:: filebird-document-library
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.8.1
Severity Score:: Medium

Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.10
Severity Score:: Medium

Plugin Slug:: imgspider
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.3.11
Severity Score:: Critical

Plugin Slug:: shopbuilder
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.13
Severity Score:: Medium

Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium

Plugin Slug:: eazydocs
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium

Plugin Slug:: makecommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.2
Severity Score:: High

Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.4.3
Severity Score:: Medium

Plugin Slug:: one-click-order-reorder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.10
Severity Score:: Medium

Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.28
Severity Score:: Medium

Plugin Slug:: yahman-add-ons
Installations: 2,000+
Vulnerability:: Backdoor
Patched in Version:: 0.9.29
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.4.7
Severity Score:: Critical

Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.66
Severity Score:: High

Plugin Slug:: newspack-newsletters
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.3
Severity Score:: Medium

Plugin Slug:: post-meta-data-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium

Plugin Slug:: supersaas-appointment-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium

Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.99
Severity Score:: High

Plugin Slug:: comment-reply-email
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: High

Plugin Slug:: shipany
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: 1.1.53
Severity Score:: Medium

Plugin Slug:: integration-for-luminate-and-gravity-forms
Installations: 70+
Vulnerability:: Backdoor
Patched in Version:: 1.3.4
Severity Score:: Medium

Plugin Slug:: eid-easy-qualified-electonic-signature
Installations: 20+
Vulnerability:: Backdoor
Patched in Version:: 3.3.1
Severity Score:: Medium

Plugin:: BLAZE Retail Widget
Plugin Slug:: blaze-widget
Vulnerability:: Backdoor
Patched in Version:: 2.5.4
Severity Score:: Medium

Plugin:: Contact Form 7 Multi-Step Addon
Plugin Slug:: contact-form-7-multi-step-addon
Vulnerability:: Backdoor
Patched in Version:: 1.0.7
Severity Score:: Medium

Plugin:: XPlainer – WooCommerce Product FAQ
Plugin Slug:: faq-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium

Plugin:: JetThemeCore
Plugin Slug:: jet-theme-core
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.2.1
Severity Score:: High

Plugin:: Modern Events Calendar
Plugin Slug:: modern-events-calendar
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High

Plugin:: Newspack Ads
Plugin Slug:: newspack-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.47.2
Severity Score:: Medium

Plugin:: Newspack Content Converter
Plugin Slug:: newspack-content-converter
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.0
Severity Score:: Medium

Plugin:: Newspack Campaigns
Plugin Slug:: newspack-popups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.2
Severity Score:: Medium

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Vulnerability:: SQL Injection
Patched in Version:: 6.6.9
Severity Score:: Critical

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.9
Severity Score:: High

Plugin:: Social Warfare
Plugin Slug:: social-warfare
Vulnerability:: Backdoor
Patched in Version:: 4.4.7.3
Severity Score:: Medium

Plugin:: Ultimate Addons for Elementor
Plugin Slug:: ultimate-elementor
Vulnerability:: Privilege Escalation
Patched in Version:: 1.36.32
Severity Score:: High

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.9
Severity Score:: High

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.0
Severity Score:: Medium

Plugin:: CopySafe Web Protection
Plugin Slug:: wp-copysafe-web
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.15
Severity Score:: Medium

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: High

Plugin:: WPQA – Builder forms Addon
Plugin Slug:: wpqa
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.1
Severity Score:: Medium

Plugin:: WPQA – Builder forms Addon
Plugin Slug:: wpqa
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.1
Severity Score:: Medium

WordPress Themes — 20 Patched / 3 Unpatched

Theme Slug:: zbench
Downloads: 588,387
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Boot Store
Theme Slug:: boot-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: counterpoint
Theme Slug:: counterpoint
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme Slug:: ashe
Downloads: 1,959,473
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.234
Severity Score:: Medium

Theme Slug:: bakes-and-cakes
Downloads: 154,588
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium

Theme Slug:: bard
Downloads: 912,192
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.211
Severity Score:: Medium

Theme Slug:: blocksy
Downloads: 3,364,636
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium

Theme Slug:: business-one-page
Downloads: 211,071
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium

Theme Slug:: construction-landing-page
Downloads: 284,784
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.6
Severity Score:: Medium

Theme Slug:: hestia
Downloads: 4,067,479
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.3
Severity Score:: Medium

Theme Slug:: highlight
Downloads: 435,892
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.30
Severity Score:: Medium

Theme Slug:: lawyer-landing-page
Downloads: 128,839
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.5
Severity Score:: Medium

Theme Slug:: metro-magazine
Downloads: 260,020
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.8
Severity Score:: Medium

Theme Slug:: newsmatic
Downloads: 217,113
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium

Theme Slug:: posterity
Downloads: 95,124
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4
Severity Score:: Medium

Theme Slug:: rara-business
Downloads: 201,763
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium

Theme Slug:: rife-free
Downloads: 696,099
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.19
Severity Score:: Medium

Theme Slug:: trendy-news
Downloads: 24,718
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium

Theme:: Basil
Theme Slug:: basil
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium

Theme:: BookYourTravel
Theme Slug:: bookyourtravel
Vulnerability:: Privilege Escalation
Patched in Version:: 8.18.19
Severity Score:: High

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

WordPress Vulnerability Report — July 10, 2024

Table of Contents

WordPress Core

WordPress Plugins — 103 Patched / 56 Unpatched

WordPress Themes — 20 Patched / 3 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

VirusWord by Promaps, Inc.

Table of Contents

WordPress Core

WordPress Plugins — 103 Patched / 56 Unpatched

WordPress Themes — 20 Patched / 3 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more