• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – July 12, 2023

WordPress Vulnerability Report – July 12, 2023

Written by

Dan Knauss

on

July 12, 2023

Last Updated on July 12, 2023

This week, 82 total vulnerabilities emerged in public disclosure. They may affect over 4 million WordPress sites. There are 46 plugin vulnerabilities and one theme vulnerability that has security patches available, so run those updates!

Additionally, there are 34 plugin vulnerabilities and one theme vulnerability with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WP-Optimize

Product image for WP-Optimize – Cache, Clean, Compress..

Plugin Slug
wp-optimize

Installations
1,000,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.2.13

Severity Score
High

The vulnerability has been patched, so you should update to version 3.2.13.

Ninja Forms

Product image for Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress.

Plugin Slug
ninja-forms

Installations
900,000+

Vulnerability
Denial of Service Attack

Patched in Version
3.6.26

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.26.

Forminator

Product image for Forminator – Contact Form, Payment Form & Custom Form Builder.

Plugin Slug
forminator

Installations
400,000+

Vulnerability
Unauth. Race Condition

Patched in Version
1.24.1

Severity Score
Low

The vulnerability has been patched, so you should update to version 1.24.1.

POST SMTP Mailer

Product image for POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress.

Plugin Slug
post-smtp

Installations
300,000+

Vulnerability
Account Takeover via Cross Site Request Forgery (CSRF)

Patched in Version
2.5.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.7.

POST SMTP Mailer

Product image for POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress.

Plugin Slug
post-smtp

Installations
300,000+

Vulnerability
Arbitrary Log Deletion via Cross Site Request Forgery (CSRF)

Patched in Version
2.5.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.7.

ShopLentor

Product image for ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor).

Plugin Slug
woolentor-addons

Installations
100,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.3.

WP Content Copy Protection & No Right Click

Product image for WP Content Copy Protection & No Right Click.

Plugin Slug
wp-content-copy-protector

Installations
100,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.5.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.5.6.

LearnPress

Product image for LearnPress – WordPress LMS Plugin.

Plugin Slug
learnpress

Installations
90,000+

Vulnerability
Authenticated Broken Access Control

Patched in Version
4.2.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.2.3.1.

LearnPress

Product image for LearnPress – WordPress LMS Plugin.

Plugin Slug
learnpress

Installations
90,000+

Vulnerability
Unauthenticated Broken Access Control

Patched in Version
4.2.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.2.3.1.

HTTP Headers

Product image for HTTP Headers.

Plugin Slug
http-headers

Installations
40,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.19.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.19.0.

HTTP Headers

Product image for HTTP Headers.

Plugin Slug
http-headers

Installations
40,000+

Vulnerability
Admin+ Remote Code Execution (RCE)

Patched in Version
1.18.11

Severity Score
High

The vulnerability has been patched, so you should update to version 1.18.11.

All-in-one Floating Contact Form

Product image for All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs  – My Sticky Elements.

Plugin Slug
mystickyelements

Installations
40,000+

Vulnerability
Admin+ Stored Cross Site Scripting (XSS)

Patched in Version
2.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.2.

JetFormBuilder

Product image for JetFormBuilder — Dynamic Blocks Form Builder.

Plugin Slug
jetformbuilder

Installations
30,000+

Vulnerability
Authenticated Privilege Escalation

Patched in Version
3.0.9

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.9.

Visibility Logic for Elementor

Product image for Visibility Logic for Elementor.

Plugin Slug
visibility-logic-elementor

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.3.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.5.

IP2Location Country Blocker

Product image for IP2Location Country Blocker.

Plugin Slug
ip2location-country-blocker

Installations
20,000+

Vulnerability
IP Bypass Vulnerability

Patched in Version
2.29.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.29.2.

ND Shortcodes

Product image for ND Shortcodes.

Plugin Slug
nd-shortcodes

Installations
20,000+

Vulnerability
Auth. Cross Site Scripting (XSS)

Patched in Version
7.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.0.

wpForo Forum

Product image for wpForo Forum.

Plugin Slug
wpforo

Installations
20,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.1.9

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.9.

Yasr – Yet Another Stars Rating

Product image for Yasr – Yet Another Stars Rating.

Plugin Slug
yet-another-stars-rating

Installations
20,000+

Vulnerability
Race Condition

Patched in Version
3.3.9

Severity Score
Low

The vulnerability has been patched, so you should update to version 3.3.9.

Booking Package SAASPROJECT

Product image for Booking Package.

Plugin Slug
booking-package

Installations
10,000+

Vulnerability
Unauthenticated Privilege Escalation

Patched in Version
1.5.99

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.99.

Cryptocurrency Widgets – Price Ticker & Coins List

Product image for Cryptocurrency Widgets – Price Ticker & Coins List.

Plugin Slug
cryptocurrency-price-ticker-widget

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
2.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.3.

Image Regenerate & Select Crop

Product image for Image Regenerate & Select Crop.

Plugin Slug
image-regenerate-select-crop

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
7.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.2.0.

WP Mail Log

Product image for WP Mail Log.

Plugin Slug
wp-mail-log

Installations
10,000+

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS) via Email

Patched in Version
1.1.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.1.2.

Companion Sitemap Generator

Product image for Companion Sitemap Generator – HTML & XML.

Plugin Slug
companion-sitemap-generator

Installations
9,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
4.5.3

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.3.

Buy Me a Coffee – Button and Widget Plugin

Product image for Buy Me a Coffee – Button and Widget Plugin.

Plugin Slug
buymeacoffee

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.

Buy Me a Coffee – Button and Widget Plugin

Product image for Buy Me a Coffee – Button and Widget Plugin.

Plugin Slug
buymeacoffee

Installations
6,000+

Vulnerability
Missing Authorization

Patched in Version
3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.

Buy Me a Coffee

Product image for Buy Me a Coffee – Button and Widget Plugin.

Plugin Slug
buymeacoffee

Installations
6,000+

Vulnerability
Broken Access Control

Patched in Version
3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.

WP Dummy Content Generator

Product image for WP Dummy Content Generator.

Plugin Slug
wp-dummy-content-generator

Installations
4,000+

Vulnerability
Broken Access Control

Patched in Version
3.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.0.

WP Dummy Content Generator

Product image for WP Dummy Content Generator.

Plugin Slug
wp-dummy-content-generator

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.0.

WebwinkelKeu

Plugin Slug
webwinkelkeur

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.25

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.25.

ARMember

Product image for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.

Plugin Slug
armember-membership

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.0.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.6.

Gift Cards

Product image for Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported).

Plugin Slug
gift-voucher

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF) in new_voucher_template.php

Patched in Version
4.3.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.6.

Masteriyo – LMS

Product image for LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course Builder.

Plugin Slug
learning-management-system

Installations
2,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
1.6.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.8.

BuddyBuilder BuddyPress Builder for Elementor

Product image for BuddyPress Builder for Elementor – BuddyBuilder.

Plugin Slug
stax-buddy-builder

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.7.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.4.

Terms descriptions

Product image for Terms descriptions.

Plugin Slug
terms-descriptions

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.4.5

Severity Score
High

The vulnerability has been patched, so you should update to version 3.4.5.

Sublanguage

Product image for Sublanguage.

Plugin Slug
sublanguage

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
2.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.10.

WP Reroute Email

Product image for WP Reroute Email.

Plugin Slug
wp-reroute-email

Installations
1,000+

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject

Patched in Version
1.5.0

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.0.

WPFactory Helper

Product image for WPFactory Helper.

Plugin Slug
wpcodefactory-helper

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.5.3

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.3.

RSVPMaker

Product image for RSVPMaker.

Plugin Slug
rsvpmaker

Installations
400+

Vulnerability
SQL Injection

Patched in Version
10.5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 10.5.5.

Getnet Argentina para Woocommerce

Product image for Getnet Argentina para Woocommerce.

Plugin Slug
integrar-getnet-con-woo

Installations
200+

Vulnerability
Authorization Bypass via webhook

Patched in Version
0.0.5

Severity Score
High

The vulnerability has been patched, so you should update to version 0.0.5.

My Content Management

Product image for My Content Management.

Plugin Slug
my-content-management

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.7.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.7.

Auto Location for WP Job Manager via Google

Plugin Slug
auto-location-for-wp-job-manager

Installations
100+

Vulnerability
Admin+ Cross Site Scripting (XSS)

Patched in Version
1.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.

tagDiv Cloud Library

Plugin
tagDiv Cloud Library

Plugin Slug
td-cloud-library

Vulnerability
Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

Patched in Version
2.7

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.7.

WooCommerce GoCardless Gateway

Plugin
WooCommerce GoCardless Gateway

Plugin Slug
woocommerce-gateway-gocardless

Vulnerability
Unauth. Insecure Direct Object References (IDOR)

Patched in Version
2.5.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.7.

WooCommerce Ship to Multiple Addresses

Plugin
WooCommerce Ship to Multiple Addresses

Plugin Slug
woocommerce-shipping-multiple-addresses

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.8.6

Severity Score
High

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Ship to Multiple Addresses

Plugin
WooCommerce Ship to Multiple Addresses

Plugin Slug
woocommerce-shipping-multiple-addresses

Vulnerability
Broken Access Control

Patched in Version
3.8.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Warranty Requests

Plugin
WooCommerce Warranty Requests

Plugin Slug
woocommerce-warranty

Vulnerability
Broken Access Control

Patched in Version
2.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.0.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

oAuth Twitter Feed for Developers

Plugin Slug
oauth-twitter-feed-for-developers

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP

Product image for Video Gallery – YouTube Playlist, Channel Gallery by YotuWP.

Plugin Slug
yotuwp-easy-youtube-embed

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Media Library Helper by Codexin

Product image for Bulk edit image alt tag, caption & description  – WordPress Media Library Helper by Codexin.

Plugin Slug
media-library-helper

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Secondary Title

Product image for Secondary Title.

Plugin Slug
secondary-title

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Classified Listing

Product image for Classified Listing – Classified ads & Business Directory Plugin.

Plugin Slug
classified-listing

Installations
9,000+

Vulnerability
Cross Site Request Forgery (CSRF) Leading To Thumbnail Removal

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Mobile Call Now & Map Buttons

Product image for Mobile Call Now & Map Buttons.

Plugin Slug
mobile-call-now-map-buttons

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Share Boost

Plugin Slug
social-share-boost

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Simple Light Weight Social Share (Tweet, Like, Share and Linkedin)

Product image for Simple Light Weight Social Share (Tweet, Like, Share and Linkedin).

Plugin Slug
only-tweet-like-share-and-google-1

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPFunnels

Product image for Drag & Drop Sales Funnel Builder for WordPress – WPFunnels.

Plugin Slug
wpfunnels

Installations
5,000+

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Animated Number Counters

Product image for Animated Number Counters.

Plugin Slug
animated-number-counters

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Media Icons Widget

Plugin Slug
spoontalk-social-media-icons-widget

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Kingkong Board

Product image for Kingkong Board.

Plugin Slug
kingkong-board

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Menubar

Plugin Slug
menubar

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Product Category Tree

Product image for Product Category Tree.

Plugin Slug
product-category-tree

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP RSS Images

Plugin Slug
wp-rss-images

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Image Social Feed Plugin

Product image for Image Social Feed Plugin.

Plugin Slug
add-instagram

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Simple Giveaways

Product image for Simple Giveaways – Grow your business, email lists and traffic with contests.

Plugin Slug
giveasap

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Coming Soon Page

Product image for Coming Soon Page – Responsive Coming Soon & Maintenance Mode.

Plugin Slug
responsive-coming-soon-page

Installations
1,000+

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Simple Site Verify

Product image for Simple Site Verify.

Plugin Slug
simple-site-verify

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP-Cirrus

Plugin Slug
wp-cirrus

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Full Stripe Free

Product image for WP Full Stripe Free.

Plugin Slug
wp-full-stripe-free

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Baidu Tongji generator

Plugin Slug
baidu-tongji-generator

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Querlo Chatbot

Plugin Slug
querlo-chatbots

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

BadgeOS

Plugin
BadgeOS

Plugin Slug
badgeos

Vulnerability
Authenticated (Subscriber+) Insecure Direct Object References (IDOR) to Arbitrary Post Title Overwrite

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

BadgeOS

Plugin
BadgeOS

Plugin Slug
badgeos

Vulnerability
Authenticated (Subscriber+) Insecure Direct Object References (IDOR) to Arbitrary Post Deletion

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

BadgeOS

Plugin
BadgeOS

Plugin Slug
badgeos

Vulnerability
Authenticated (Contributor+) Stored Cross Site Scripting (XSS) via Shortcode

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Livestream Notice

Product image for Livestream Notice.

Plugin Slug
livestream-notice

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Mail Control

Plugin
Mail Control

Plugin Slug
mail-control

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Premium Addons PRO

Plugin
Premium Addons PRO

Plugin Slug
premium-addons-pro

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Premium Addons PRO

Plugin
Premium Addons PRO

Plugin Slug
premium-addons-pro

Vulnerability
Sensitive Data Exposure

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Reservation.Studio Widget

Product image for Reservation.Studio widget.

Plugin Slug
reservation-studio-widget

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SMTP Mail

Plugin
SMTP Mail

Plugin Slug
smtp-mail

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Mobile Pack

Plugin
WordPress Mobile Pack

Plugin Slug
wordpress-mobile-pack

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Default Feature Image

Product image for WP Default Feature Image.

Plugin Slug
wp-default-feature-image

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Consulting

Product image for Consulting.

Theme Slug
consulting

Downloads
382,480

Vulnerability
Local File Inclusion

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should switch themes.

WPLMS

Theme
WPLMS

Theme Slug
wplms

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.900

Severity Score
High

The vulnerability has been patched, so you should update to version 4.900.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
July 18, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter