• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – July 19, 2023

WordPress Vulnerability Report – July 19, 2023

Written by

Dan Knauss

on

July 19, 2023

Last Updated on July 19, 2023

Since last week, 80 total vulnerabilities emerged in public disclosure. They may affect over 5 million WordPress sites. There are 55 plugin vulnerabilities with security patches available, so run those updates!

Additionally, there are 23 plugin vulnerabilities and two theme vulnerabilities with no patch available yet. If you discover you are using an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

Solid Security: The Next Chapter in WordPress Protection

As you know, we’re rebranding publicly, and iThemes is becoming SolidWP. This transition includes new and enhanced features plus a complete interface redesign for our products. In this webinar, our lead developer, Timothy Jacobs, demonstrates the new features coming to Solid Security — formerly known as iThemes Security.

In the video, you’ll get a tour of:

  • the improved dashboard
  • passkeys and the passwordless login experience
  • the all-new firewall
  • virtual patches that protect you when you need them most

Nathan Ingram hosted this sneak preview of the all-new Solid Security. He fielded many terrific questions from the live audience for Timothy and Matt Cromwell, our Senior Director of Customer Experience at StellarWP, so check out that discussion in the last 30 minutes.

News From WordPress

WordPress 6.3 RC1 is ready for download and testing. Because this version is under development, do not install, run, or test this version on production or mission-critical websites. Instead, evaluate RC1 on a test server and site.

WordPress Core Vulnerabilities — Patched

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Rank Math SEO

Product image for Rank Math SEO.

Plugin Slug
seo-by-rank-math

Installations
2,000,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.119.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.119.1.

All In One WP Security

Product image for All-In-One Security (AIOS) – Security and Firewall.

Plugin Slug
all-in-one-wp-security-and-firewall

Installations
1,000,000+

Vulnerability
Sensitive Data Exposure of Plaintext Credentials

Patched in Version
5.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.2.0.

Spectra

Product image for Spectra – WordPress Gutenberg Blocks.

Plugin Slug
ultimate-addons-for-gutenberg

Installations
500,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
2.6.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.6.7.

Spectra

Product image for Spectra – WordPress Gutenberg Blocks.

Plugin Slug
ultimate-addons-for-gutenberg

Installations
500,000+

Vulnerability
Broken Access Control

Patched in Version
2.6.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.7.

FluentForm

Product image for Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms.

Plugin Slug
fluentform

Installations
300,000+

Vulnerability
SQL Injection

Patched in Version
5.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.0.0.

Post SMTP

Product image for POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress.

Plugin Slug
post-smtp

Installations
300,000+

Vulnerability
Unauthenticated Stored Cross-Site Scripting via Email

Patched in Version
2.5.8

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.8.

HT Mega Absolute Addons for Elementor

Product image for HT Mega – Absolute Addons For Elementor.

Plugin Slug
ht-mega-for-elementor

Installations
100,000+

Vulnerability
Unauthenticated Privilege Escalation

Patched in Version
2.2.1

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.2.1.

ARPP – Yet Another Related Posts Plugin

Product image for YARPP – Yet Another Related Posts Plugin.

Plugin Slug
yet-another-related-posts-plugin

Installations
100,000+

Vulnerability
Authenticated (Contributor+) Stored Cross Site Scripting (XSS)

Patched in Version
5.30.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.30.4.

kk Star Ratings

Product image for kk Star Ratings.

Plugin Slug
kk-star-ratings

Installations
90,000+

Vulnerability
Rate Manipulation due to IP Spoofing

Patched in Version
5.4.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.4.

Media Library Assistant

Product image for Media Library Assistant.

Plugin Slug
media-library-assistant

Installations
70,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.8.

Advanced AJAX Product Filters

Product image for Advanced AJAX Product Filters.

Plugin Slug
woocommerce-ajax-filters

Installations
60,000+

Vulnerability
Broken Access Control

Patched in Version
1.6.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.3.4.

HTTP Headers

Product image for HTTP Headers.

Plugin Slug
http-headers

Installations
40,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
1.19.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.19.0.

HTTP Headers

Product image for HTTP Headers.

Plugin Slug
http-headers

Installations
40,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.19.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.19.0.

Quiz And Survey Master

Product image for Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress.

Plugin Slug
quiz-master-next

Installations
40,000+

Vulnerability
Broken Access Control

Patched in Version
8.1.11

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.1.11.

Super Socializer

Product image for Social Share, Social Login and Social Comments Plugin – Super Socializer.

Plugin Slug
super-socializer

Installations
40,000+

Vulnerability
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Patched in Version
7.13.54

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.13.54.

JetFormBuilder

Product image for JetFormBuilder — Dynamic Blocks Form Builder.

Plugin Slug
jetformbuilder

Installations
30,000+

Vulnerability
Authenticated Privilege Escalation

Patched in Version
3.0.9

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.9.

IP2Location Country Blocker

Product image for IP2Location Country Blocker.

Plugin Slug
ip2location-country-blocker

Installations
20,000+

Vulnerability
IP Bypass Vulnerability

Patched in Version
2.29.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.29.2.

Yasr – Yet Another Stars Rating

Product image for Yasr – Yet Another Stars Rating.

Plugin Slug
yet-another-stars-rating

Installations
20,000+

Vulnerability
Race Condition

Patched in Version
3.3.9

Severity Score
Low

The vulnerability has been patched, so you should update to version 3.3.9.

Booking Package SAASPROJECT

Product image for Booking Package.

Plugin Slug
booking-package

Installations
10,000+

Vulnerability
Unathenticated Privilege Escalation

Patched in Version
1.5.99

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.99.

User Activity Log

Product image for User Activity Log.

Plugin Slug
user-activity-log

Installations
10,000+

Vulnerability
SQL Injection

Patched in Version
1.6.3

Severity Score
High

The vulnerability has been patched, so you should update to version 1.6.3.

Variation Swatches for WooCommerce

Product image for Variation Swatches for WooCommerce.

Plugin Slug
woo-product-variation-swatches

Installations
10,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.3.8

Severity Score
High

The vulnerability has been patched, so you should update to version 2.3.8.

Zippy

Product image for Zippy.

Plugin Slug
zippy

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
1.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.3.

Restaurant Menu and Food Ordering by Five Star

Product image for Restaurant Menu and Food Ordering by Five Star Plugins.

Plugin Slug
food-and-drink-menu

Installations
8,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.4.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.7.

Variation Images Gallery for WooCommerce

Product image for Variation Images Gallery for WooCommerce.

Plugin Slug
woo-product-variation-gallery

Installations
8,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.3.4

Severity Score
High

The vulnerability has been patched, so you should update to version 2.3.4.

BookingPress

Product image for BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.

Plugin Slug
bookingpress-appointment-booking

Installations
7,000+

Vulnerability
Unauth. Server Information Disclosure

Patched in Version
1.0.65

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.65.

Buy Me a Coffee – Button and Widget Plugin

Product image for Buy Me a Coffee – Button and Widget Plugin.

Plugin Slug
buymeacoffee

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.

Buy Me a Coffee – Button and Widget Plugin

Product image for Buy Me a Coffee – Button and Widget Plugin.

Plugin Slug
buymeacoffee

Installations
6,000+

Vulnerability
Broken Access Control

Patched in Version
3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.

WooCommerce Product Stock Alert

Product image for WooCommerce Product Stock Alert.

Plugin Slug
woocommerce-product-stock-alert

Installations
6,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
2.0.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.2.

WooCommerce Product Stock Alert

Product image for WooCommerce Product Stock Alert.

Plugin Slug
woocommerce-product-stock-alert

Installations
6,000+

Vulnerability
Settings Change

Patched in Version
2.0.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.2.

AnsPress – Question and answer

Product image for AnsPress – Question and answer.

Plugin Slug
anspress-question-answer

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.3.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.2.

WPFunnels

Product image for Drag & Drop Sales Funnel Builder for WordPress – WPFunnels.

Plugin Slug
wpfunnels

Installations
5,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.7.17

Severity Score
High

The vulnerability has been patched, so you should update to version 2.7.17.

WPFunnels

Product image for Drag & Drop Sales Funnel Builder for WordPress – WPFunnels.

Plugin Slug
wpfunnels

Installations
5,000+

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
2.7.16

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.16.

Integrate Google Drive

Product image for Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.

Plugin Slug
integrate-google-drive

Installations
3,000+

Vulnerability
Unauthenticated Broken Access Control

Patched in Version
1.2.0

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.2.0.

ARMember

Product image for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.

Plugin Slug
armember-membership

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.0.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.6.

Authors List

Product image for Authors List.

Plugin Slug
authors-list

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.0.3

Severity Score
High

The vulnerability has been patched, so you should update to version 2.0.3.

Integration for Contact Form 7 and Salesforce

Product image for Integration for Contact Form 7 and Salesforce.

Plugin Slug
cf7-salesforce

Installations
2,000+

Vulnerability
Open Redirection

Patched in Version
1.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.4.

Gift Cards

Product image for Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported).

Plugin Slug
gift-voucher

Installations
2,000+

Vulnerability
Cross-Site Request Forgery in new_voucher_template.php

Patched in Version
4.3.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.6.

KB Support – WordPress Help Desk

Product image for KB Support – WordPress Help Desk.

Plugin Slug
kb-support

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
1.5.89

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.89.

Short URL

Product image for Short URL.

Plugin Slug
shorten-url

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.6.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.5.

BuddyBuilder BuddyPress Builder for Elementor

Product image for BuddyPress Builder for Elementor – BuddyBuilder.

Plugin Slug
stax-buddy-builder

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.7.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.4.

Checkout with Zelle on Woocommerce

Product image for Checkout with Zelle on Woocommerce.

Plugin Slug
wc-zelle

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
3.1.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.1.

Custom Field For WP Job Manager

Product image for Custom Field For WP Job Manager.

Plugin Slug
custom-field-for-wp-job-manager

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.

DirectoryPress

Product image for DirectoryPress – Business Directory And Classified Ad Listing.

Plugin Slug
directorypress

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
3.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.3.

Falang multilanguage

Product image for Falang multilanguage for WordPress.

Plugin Slug
falang

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.40

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.40.

MF Gig Calendar

Plugin Slug
mf-gig-calendar

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.1.

WP Social AutoConnect

Plugin Slug
wp-fb-autoconnect

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.6.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.6.2.

MailArchiver

Plugin Slug
mailarchiver

Installations
100+

Vulnerability
Unauthenticated Stored Cross-Site Scripting via Email Subject

Patched in Version
2.11.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.11.0.

CartFlows Pro

Plugin
CartFlows Pro

Plugin Slug
cartflows-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.11.12

Severity Score
High

The vulnerability has been patched, so you should update to version 1.11.12.

Grid Kit Premium

Plugin
Grid Kit Premium

Plugin Slug
grid-kit-premium

Vulnerability
Multiple Reflected Cross Site Scripting (XSS)

Patched in Version
2.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.0.

Premium Addons PRO

Plugin
Premium Addons PRO

Plugin Slug
premium-addons-pro

Vulnerability
Broken Access Control

Patched in Version
2.9.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.1.

Premium Addons PRO

Plugin
Premium Addons PRO

Plugin Slug
premium-addons-pro

Vulnerability
Sensitive Data Exposure

Patched in Version
2.9.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.9.1.

WooCommerce GoCardless Gateway

Plugin
WooCommerce GoCardless Gateway

Plugin Slug
woocommerce-gateway-gocardless

Vulnerability
Unauth. Insecure Direct Object References (IDOR)

Patched in Version
2.5.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.7.

WooCommerce Ship to Multiple Addresses

Plugin
WooCommerce Ship to Multiple Addresses

Plugin Slug
woocommerce-shipping-multiple-addresses

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.8.6

Severity Score
High

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Ship to Multiple Addresses

Plugin
WooCommerce Ship to Multiple Addresses

Plugin Slug
woocommerce-shipping-multiple-addresses

Vulnerability
Broken Access Control

Patched in Version
3.8.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.6.

WooCommerce Warranty Requests

Plugin
WooCommerce Warranty Requests

Plugin Slug
woocommerce-warranty

Vulnerability
Broken Access Control

Patched in Version
2.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.0.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Chat Button

Product image for Chat Button by GetButton.io.

Plugin Slug
whatshelp-chat-button

Installations
50,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Coming Soon Chop Chop

Product image for Coming Soon Chop Chop.

Plugin Slug
cc-coming-soon

Installations
4,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Slider a SlidersPack

Product image for Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider.

Plugin Slug
sliderspack-all-in-one-image-sliders

Installations
4,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Exit Popups & Onsite Retargeting by OptiMonk

Product image for OptiMonk: Popups, Personalization & A/B Testing.

Plugin Slug
exit-intent-popups-by-optimonk

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Social Media Icons Widget

Plugin Slug
spoontalk-social-media-icons-widget

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easyship WooCommerce Shipping Rates

Product image for Easyship WooCommerce Shipping Rates.

Plugin Slug
easyship-woocommerce-shipping-rates

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPSchoolPress

Product image for School Management System – WPSchoolPress.

Plugin Slug
wpschoolpress

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPAdmin AWS CDN

Product image for WPAdmin AWS CDN.

Plugin Slug
aws-cdn-by-wpadmin

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form Generator

Product image for Contact Form Generator : Creative form builder for WordPress.

Plugin Slug
contact-form-generator

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form to Any API

Product image for Contact Form to Any API.

Plugin Slug
contact-form-to-any-api

Installations
1,000+

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Shortcode IMDB

Product image for Shortcode IMDB.

Plugin Slug
shortcode-imdb

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Radio Forge Muses Player with Skins

Product image for Radio Forge Muses Player with Skins.

Plugin Slug
radio-forge

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Replace Word

Product image for Replace Word.

Plugin Slug
replace-word

Installations
900+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Art Direction

Plugin Slug
art-direction

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPBulky

Product image for WPBulky – WordPress Bulk Edit Post Types.

Plugin Slug
wpbulky-wp-bulk-edit-post-types

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

ShopConstruct

Product image for ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store.

Plugin Slug
shopconstruct

Installations
60+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Dovetail

Plugin Slug
dovetail

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

YourMembership Single Sign On

Plugin Slug
login-with-yourmembership

Installations
10+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

YourMembership Single Sign On

Plugin Slug
login-with-yourmembership

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Twittee Text Tweet

Product image for Twittee Text Tweet.

Plugin Slug
twittee-text-tweet

Installations
10+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Mail Control

Plugin
Mail Control

Plugin Slug
mail-control

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS) via Email Subject

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

PDQ CSV

Product image for PDQ CSV.

Plugin Slug
pdq-csv

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Default Feature Image

Product image for WP Default Feature Image.

Plugin Slug
wp-default-feature-image

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

RealHomes

Theme
RealHomes

Theme Slug
realhomes

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

RealHomes

Theme
RealHomes

Theme Slug
realhomes

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
July 20, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter