WordPress Vulnerability Report – July 12, 2023

Written by

Dan Knauss
on

July 12, 2023

Last Updated on July 12, 2023

This week, 82 total vulnerabilities emerged in public disclosure. They may affect over 4 million WordPress sites. There are 46 plugin vulnerabilities and one theme vulnerability that has security patches available, so run those updates!

Additionally, there are 34 plugin vulnerabilities and one theme vulnerability with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WP-Optimize

Plugin Slug: wp-optimize
Installations: 1,000,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 3.2.13
Severity Score: High

The vulnerability has been patched, so you should update to version 3.2.13.

Ninja Forms

Plugin Slug: ninja-forms
Installations: 900,000+
Vulnerability: Denial of Service Attack
Patched in Version: 3.6.26
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.6.26.

Forminator

Plugin Slug: forminator
Installations: 400,000+
Vulnerability: Unauth. Race Condition
Patched in Version: 1.24.1
Severity Score: Low

The vulnerability has been patched, so you should update to version 1.24.1.

POST SMTP Mailer

Plugin Slug: post-smtp
Installations: 300,000+
Vulnerability: Account Takeover via Cross Site Request Forgery (CSRF)
Patched in Version: 2.5.7
Severity Score: High

The vulnerability has been patched, so you should update to version 2.5.7.

POST SMTP Mailer

Plugin Slug: post-smtp
Installations: 300,000+
Vulnerability: Arbitrary Log Deletion via Cross Site Request Forgery (CSRF)
Patched in Version: 2.5.7
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.5.7.

ShopLentor

Plugin Slug: woolentor-addons
Installations: 100,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.6.3
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.6.3.

WP Content Copy Protection & No Right Click

Plugin Slug: wp-content-copy-protector
Installations: 100,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.5.6
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.5.6.

LearnPress

Plugin Slug: learnpress
Installations: 90,000+
Vulnerability: Authenticated Broken Access Control
Patched in Version: 4.2.3.1
Severity Score: High

The vulnerability has been patched, so you should update to version 4.2.3.1.

LearnPress

Plugin Slug: learnpress
Installations: 90,000+
Vulnerability: Unauthenticated Broken Access Control
Patched in Version: 4.2.3.1
Severity Score: High

The vulnerability has been patched, so you should update to version 4.2.3.1.

HTTP Headers

Plugin Slug: http-headers
Installations: 40,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.19.0
Severity Score: Medium

The vulnerability has been patched, so you should update to version 1.19.0.

HTTP Headers

Plugin Slug: http-headers
Installations: 40,000+
Vulnerability: Admin+ Remote Code Execution (RCE)
Patched in Version: 1.18.11
Severity Score: High

The vulnerability has been patched, so you should update to version 1.18.11.

All-in-one Floating Contact Form

Plugin Slug: mystickyelements
Installations: 40,000+
Vulnerability: Admin+ Stored Cross Site Scripting (XSS)
Patched in Version: 2.1.2
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.1.2.

JetFormBuilder

Plugin Slug: jetformbuilder
Installations: 30,000+
Vulnerability: Authenticated Privilege Escalation
Patched in Version: 3.0.9
Severity Score: High

The vulnerability has been patched, so you should update to version 3.0.9.

Visibility Logic for Elementor

Plugin Slug: visibility-logic-elementor
Installations: 30,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.3.5
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.3.5.

IP2Location Country Blocker

Plugin Slug: ip2location-country-blocker
Installations: 20,000+
Vulnerability: IP Bypass Vulnerability
Patched in Version: 2.29.2
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.29.2.

ND Shortcodes

Plugin Slug: nd-shortcodes
Installations: 20,000+
Vulnerability: Auth. Cross Site Scripting (XSS)
Patched in Version: 7.0
Severity Score: Medium

The vulnerability has been patched, so you should update to version 7.0.

wpForo Forum

Plugin Slug: wpforo
Installations: 20,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 2.1.9
Severity Score: High

The vulnerability has been patched, so you should update to version 2.1.9.

Yasr – Yet Another Stars Rating

Plugin Slug: yet-another-stars-rating
Installations: 20,000+
Vulnerability: Race Condition
Patched in Version: 3.3.9
Severity Score: Low

The vulnerability has been patched, so you should update to version 3.3.9.

Booking Package SAASPROJECT

Plugin Slug: booking-package
Installations: 10,000+
Vulnerability: Unauthenticated Privilege Escalation
Patched in Version: 1.5.99
Severity Score: High

The vulnerability has been patched, so you should update to version 1.5.99.

Cryptocurrency Widgets – Price Ticker & Coins List

Plugin Slug: cryptocurrency-price-ticker-widget
Installations: 10,000+
Vulnerability: Broken Access Control
Patched in Version: 2.6.3
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.6.3.

Image Regenerate & Select Crop

Plugin Slug: image-regenerate-select-crop
Installations: 10,000+
Vulnerability: Broken Access Control
Patched in Version: 7.2.0
Severity Score: Medium

The vulnerability has been patched, so you should update to version 7.2.0.

WP Mail Log

Plugin Slug: wp-mail-log
Installations: 10,000+
Vulnerability: Unauthenticated Stored Cross Site Scripting (XSS) via Email
Patched in Version: 1.1.2
Severity Score: High

The vulnerability has been patched, so you should update to version 1.1.2.

Companion Sitemap Generator

Plugin Slug: companion-sitemap-generator
Installations: 9,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 4.5.3
Severity Score: High

The vulnerability has been patched, so you should update to version 4.5.3.

Buy Me a Coffee – Button and Widget Plugin

Plugin Slug: buymeacoffee
Installations: 6,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.8
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.8.

Buy Me a Coffee – Button and Widget Plugin

Plugin Slug: buymeacoffee
Installations: 6,000+
Vulnerability: Missing Authorization
Patched in Version: 3.8
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.8.

Buy Me a Coffee

Plugin Slug: buymeacoffee
Installations: 6,000+
Vulnerability: Broken Access Control
Patched in Version: 3.8
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.8.

WP Dummy Content Generator

Plugin Slug: wp-dummy-content-generator
Installations: 4,000+
Vulnerability: Broken Access Control
Patched in Version: 3.0.0
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.0.0.

WP Dummy Content Generator

Plugin Slug: wp-dummy-content-generator
Installations: 4,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.0.0
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.0.0.

WebwinkelKeu

Plugin Slug: webwinkelkeur
Installations: 3,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.25
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.25.

ARMember

Plugin Slug: armember-membership
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 4.0.6
Severity Score: Medium

The vulnerability has been patched, so you should update to version 4.0.6.

Gift Cards

Plugin Slug: gift-voucher
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF) in new_voucher_template.php
Patched in Version: 4.3.6
Severity Score: Medium

The vulnerability has been patched, so you should update to version 4.3.6.

Masteriyo – LMS

Plugin Slug: learning-management-system
Installations: 2,000+
Vulnerability: Sensitive Data Exposure
Patched in Version: 1.6.8
Severity Score: Medium

The vulnerability has been patched, so you should update to version 1.6.8.

BuddyBuilder BuddyPress Builder for Elementor

Plugin Slug: stax-buddy-builder
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.7.4
Severity Score: Medium

The vulnerability has been patched, so you should update to version 1.7.4.

Terms descriptions

Plugin Slug: terms-descriptions
Installations: 2,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 3.4.5
Severity Score: High

The vulnerability has been patched, so you should update to version 3.4.5.

Sublanguage

Plugin Slug: sublanguage
Installations: 1,000+
Vulnerability: Broken Access Control
Patched in Version: 2.10
Severity Score: Medium

The vulnerability has been patched, so you should update to version 2.10.

WP Reroute Email

Plugin Slug: wp-reroute-email
Installations: 1,000+
Vulnerability: Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject
Patched in Version: 1.5.0
Severity Score: High

The vulnerability has been patched, so you should update to version 1.5.0.

WPFactory Helper

Plugin Slug: wpcodefactory-helper
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 1.5.3
Severity Score: High

The vulnerability has been patched, so you should update to version 1.5.3.

RSVPMaker

Plugin Slug: rsvpmaker
Installations: 400+
Vulnerability: SQL Injection
Patched in Version: 10.5.5
Severity Score: High

The vulnerability has been patched, so you should update to version 10.5.5.

Getnet Argentina para Woocommerce

Plugin Slug: integrar-getnet-con-woo
Installations: 200+
Vulnerability: Authorization Bypass via webhook
Patched in Version: 0.0.5
Severity Score: High

The vulnerability has been patched, so you should update to version 0.0.5.

My Content Management

Plugin Slug: my-content-management
Installations: 200+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.7.7
Severity Score: Medium

The vulnerability has been patched, so you should update to version 1.7.7.

Auto Location for WP Job Manager via Google

Plugin Slug: auto-location-for-wp-job-manager
Installations: 100+
Vulnerability: Admin+ Cross Site Scripting (XSS)
Patched in Version: 1.1
Severity Score: Medium

The vulnerability has been patched, so you should update to version 1.1.

tagDiv Cloud Library

Plugin: tagDiv Cloud Library
Plugin Slug: td-cloud-library
Vulnerability: Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
Patched in Version: 2.7
Severity Score: Critical

The vulnerability has been patched, so you should update to version 2.7.

WooCommerce GoCardless Gateway

Plugin: WooCommerce GoCardless Gateway
Plugin Slug: woocommerce-gateway-gocardless
Vulnerability: Unauth. Insecure Direct Object References (IDOR)
Patched in Version: 2.5.7
Severity Score: High

The vulnerability has been patched, so you should update to version 2.5.7.

WooCommerce Ship to Multiple Addresses

Plugin: WooCommerce Ship to Multiple Addresses
Plugin Slug: woocommerce-shipping-multiple-addresses
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 3.8.6
Severity Score: High

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Ship to Multiple Addresses

Plugin: WooCommerce Ship to Multiple Addresses
Plugin Slug: woocommerce-shipping-multiple-addresses
Vulnerability: Broken Access Control
Patched in Version: 3.8.6
Severity Score: Medium

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Warranty Requests

Plugin: WooCommerce Warranty Requests
Plugin Slug: woocommerce-warranty
Vulnerability: Broken Access Control
Patched in Version: 2.2.0
Severity Score: High

The vulnerability has been patched, so you should update to version 2.2.0.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

oAuth Twitter Feed for Developers

Plugin Slug: oauth-twitter-feed-for-developers
Installations: 60,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

Plugin Slug: yotuwp-easy-youtube-embed
Installations: 30,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Media Library Helper by Codexin

Plugin Slug: media-library-helper
Installations: 10,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Secondary Title

Plugin Slug: secondary-title
Installations: 10,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Classified Listing

Plugin Slug: classified-listing
Installations: 9,000+
Vulnerability: Cross Site Request Forgery (CSRF) Leading To Thumbnail Removal
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Mobile Call Now & Map Buttons

Plugin Slug: mobile-call-now-map-buttons
Installations: 9,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Share Boost

Plugin Slug: social-share-boost
Installations: 6,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Simple Light Weight Social Share (Tweet, Like, Share and Linkedin)

Plugin Slug: only-tweet-like-share-and-google-1
Installations: 5,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPFunnels

Plugin Slug: wpfunnels
Installations: 5,000+
Vulnerability: Insecure Direct Object References (IDOR)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Animated Number Counters

Plugin Slug: animated-number-counters
Installations: 3,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Media Icons Widget

Plugin Slug: spoontalk-social-media-icons-widget
Installations: 3,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Kingkong Board

Plugin Slug: kingkong-board
Installations: 2,000+
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Menubar

Plugin Slug: menubar
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Product Category Tree

Plugin Slug: product-category-tree
Installations: 2,000+
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP RSS Images

Plugin Slug: wp-rss-images
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Image Social Feed Plugin

Plugin Slug: add-instagram
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Simple Giveaways

Plugin Slug: giveasap
Installations: 1,000+
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Coming Soon Page

Plugin Slug: responsive-coming-soon-page
Installations: 1,000+
Vulnerability: SQL Injection
Patched in Version: No Fix
Severity Score: High

The vulnerability has not been patched. You should deactivate the plugin.

Simple Site Verify

Plugin Slug: simple-site-verify
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP-Cirrus

Plugin Slug: wp-cirrus
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Full Stripe Free

Plugin Slug: wp-full-stripe-free
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Baidu Tongji generator

Plugin Slug: baidu-tongji-generator
Installations: 100+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Querlo Chatbot

Plugin Slug: querlo-chatbots
Installations: 10+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

BadgeOS

Plugin: BadgeOS
Plugin Slug: badgeos
Vulnerability: Authenticated (Subscriber+) Insecure Direct Object References (IDOR) to Arbitrary Post Title Overwrite
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

BadgeOS

Plugin: BadgeOS
Plugin Slug: badgeos
Vulnerability: Authenticated (Subscriber+) Insecure Direct Object References (IDOR) to Arbitrary Post Deletion
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

BadgeOS

Plugin: BadgeOS
Plugin Slug: badgeos
Vulnerability: Authenticated (Contributor+) Stored Cross Site Scripting (XSS) via Shortcode
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Livestream Notice

Plugin Slug: livestream-notice
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Mail Control

Plugin: Mail Control
Plugin Slug: mail-control
Vulnerability: Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject
Patched in Version: No Fix
Severity Score: High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Premium Addons PRO

Plugin: Premium Addons PRO
Plugin Slug: premium-addons-pro
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Premium Addons PRO

Plugin: Premium Addons PRO
Plugin Slug: premium-addons-pro
Vulnerability: Sensitive Data Exposure
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

Reservation.Studio Widget

Plugin Slug: reservation-studio-widget
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

SMTP Mail

Plugin: SMTP Mail
Plugin Slug: smtp-mail
Vulnerability: Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject
Patched in Version: No Fix
Severity Score: High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Mobile Pack

Plugin: WordPress Mobile Pack
Plugin Slug: wordpress-mobile-pack
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Default Feature Image

Plugin Slug: wp-default-feature-image
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Consulting

Product image for Consulting.

Theme Slug: consulting
Downloads: 382,480
Vulnerability: Local File Inclusion
Patched in Version: No Fix
Severity Score: High

The vulnerability has not been patched. You should switch themes.

WPLMS

Theme: WPLMS
Theme Slug: wplms
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 4.900
Severity Score: High

The vulnerability has been patched, so you should update to version 4.900.

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

WordPress Core Vulnerabilities — Patched

Explore more