WordPress Vulnerability Report — July 3, 2024

In this report, 223 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 41 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core

1.1
WordPress Core
1.2
WordPress Core
1.3
WordPress Core

2. WordPress Plugins — 153 Patched / 32 Unpatched

2.1
SEO SIMPLE PACK
2.2
NextScripts: Social Networks Auto-Poster
2.3
ARI Fancy Lightbox – WordPress Popup
2.4
BSK PDF Manager
2.5
PDF Viewer
2.6
Logo Manager For Enamad
2.7
WP Directory Kit
2.8
Pagerank tools
2.9
Animated AL List
2.10
Simple AL Slider
2.11
Widget4Call
2.12
All In One Redirection
2.13
Auto Featured Image
2.14
Bible Text
2.15
Bookster
2.16
ContentLock
2.17
ContentLock
2.18
ContentLock
2.19
Floating Social Buttons
2.20
Frontend Checklist
2.21
Gallery Slideshow
2.22
jQuery T(-) Countdown Widget
2.23
Mime Types Extended
2.24
Muslim Prayer Time BD
2.25
Ninja Beaver Add-ons for Beaver Builder
2.26
PDF Viewer for Elementor
2.27
Simple Photoswipe
2.28
Simple Photoswipe
2.29
Simply Show Hooks
2.30
Spotify Play Button
2.31
Video Widget
2.32
WebP & SVG Support
2.33
Contact Form 7
2.34
Elementor Website Builder – More than Just a Page Builder
2.35
WooCommerce
2.36
Elementor Header & Footer Builder
2.37
ElementsKit Elementor addons
2.38
File Manager
2.39
Easy Table of Contents
2.40
SiteGuard WP Plugin
2.41
Happy Addons for Elementor
2.42
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.43
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.44
PixelYourSite – Your smart PIXEL (TAG) & API Manager
2.45
PDF Embedder
2.46
SEOPress – On-site SEO
2.47
SEOPress – On-site SEO
2.48
Elementor Addon Elements
2.49
Advanced File Manager
2.50
HT Mega – Absolute Addons For Elementor
2.51
Pods – Custom Content Types and Fields
2.52
Stackable – Page Builder Gutenberg Blocks
2.53
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
2.54
WP Chat App
2.55
Defender Security – Malware Scanner, Login Security & Firewall
2.56
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.57
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.58
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.59
Events Manager – Calendar, Bookings, Tickets, and more!
2.60
Featured Image from URL (FIFU)
2.61
LearnPress – WordPress LMS Plugin
2.62
LearnPress – WordPress LMS Plugin
2.63
WP Mobile Menu – The Mobile-Friendly Responsive Menu
2.64
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.65
Permalink Manager Lite
2.66
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.67
Tutor LMS – eLearning and online course solution
2.68
Tutor LMS – eLearning and online course solution
2.69
WP Maps – Display Google Maps Perfectly with Ease
2.70
3D FlipBook – PDF Flipbook WordPress
2.71
Media Library Assistant
2.72
Page and Post Clone
2.73
Exclusive Addons for Elementor
2.74
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.75
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.76
Ultimate Blocks – WordPress Blocks Plugin
2.77
DethemeKit For Elementor
2.78
Interactive Content – H5P
2.79
PowerPress Podcasting plugin by Blubrry
2.80
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.81
Void Contact Form 7 Widget For Elementor Page Builder
2.82
Cost Calculator Builder
2.83
Cost Calculator Builder
2.84
Easy Google Maps
2.85
PDF Poster – PDF Embedder Plugin
2.86
Portfolio Gallery – Image Gallery Plugin
2.87
Rife Elementor Extensions & Templates
2.88
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
2.89
Twenty20 Image Before-After
2.90
Ad Invalid Click Protector (AICP)
2.91
Branda – White Label WordPress, Custom Login Page Customizer
2.92
Conversios – Google Analytics 4 (GA4), Google Ads, Meta Pixel & more for WooCommerce
2.93
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells
2.94
PDF.js Viewer
2.95
Quiz Maker
2.96
Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)
2.97
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
2.98
E2Pdf – Export To Pdf Tool for WordPress
2.99
E2Pdf – Export To Pdf Tool for WordPress
2.100
Easy Affiliate Links
2.101
Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)
2.102
AI Power: Complete AI Pack – Powered by GPT-4
2.103
HTML5 Audio Player- Audio Player Plugin
2.104
Mailster WordPress Newsletter Plugin
2.105
Mega Elements – Addons for Elementor
2.106
Simple Newsletter Plugin – Noptin
2.107
All-in-One Addons for Elementor – WidgetKit
2.108
Wonder PDF Embed
2.109
WP Photo Album Plus
2.110
WP Server Health Stats
2.111
Motors – Car Dealer, Classifieds & Listing
2.112
PowerPack Lite for Beaver Builder
2.113
PowerPack Lite for Beaver Builder
2.114
Create by Mediavine
2.115
ProfileGrid – User Profiles, Groups and Communities
2.116
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
2.117
Ultimate Bootstrap Elements for Elementor
2.118
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
2.119
Beaver Builder Addons by WPZOOM
2.120
Easy Image Collage
2.121
AWSM Team – Team Showcase Plugin
2.122
Patreon WordPress
2.123
Social Rocket – Social Sharing Plugin
2.124
Stock Ticker
2.125
Visual Website Collaboration, Feedback & Project Management – Atarim
2.126
Cards for Beaver Builder
2.127
Chained Quiz
2.128
Cowidgets – Elementor Addons
2.129
CRM Perks Forms – WordPress Form Builder
2.130
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
2.131
Online Booking & Scheduling Calendar for WordPress by vcita
2.132
WP Secure Maintenance
2.133
Church Admin
2.134
Enter Addons – Ultimate Template Builder for Elementor
2.135
Extensions for Elementor
2.136
Photo Gallery by Ays – Responsive Image Gallery
2.137
IdeaPush
2.138
IdeaPush
2.139
Login with phone number
2.140
Newspack Newsletters
2.141
PayPlus Payment Gateway
2.142
PayPlus Payment Gateway
2.143
Post Meta Data Manager
2.144
SuperSaaS – online appointment scheduling
2.145
Tainacan
2.146
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
2.147
WP-Lister Lite for Amazon
2.148
The Ultimate WordPress Toolkit – WP Extended
2.149
Zita Elementor Site Library
2.150
Zita Elementor Site Library
2.151
Progress Planner
2.152
Progress Planner
2.153
Advanced Custom Fields PRO
2.154
Advanced Custom Fields PRO
2.155
Advanced Custom Fields PRO
2.156
ARMember Premium
2.157
BLAZE Retail Widget
2.158
Bricks Builder (Premium)
2.159
Contact Form 7 Multi-Step Addon
2.160
Elementor Pro
2.161
Blocks Pro
2.162
Masterstudy Elementor Widgets
2.163
Masterstudy Elementor Widgets
2.164
Masterstudy Elementor Widgets
2.165
Newspack Ads
2.166
Newspack Blocks
2.167
Newspack Blocks
2.168
Newspack Blocks
2.169
Newspack Content Converter
2.170
Newspack Campaigns
2.171
Slider Revolution
2.172
Seo Optimized Images
2.173
Social Warfare
2.174
Uber Menu
2.175
Ultimate Addons for Elementor
2.176
Uncanny Automator Pro
2.177
Uncanny Automator Pro
2.178
Uncanny Toolkit Pro for LearnDash
2.179
Uncanny Toolkit Pro for LearnDash
2.180
Uncanny Toolkit Pro for LearnDash
2.181
TrustedLogin Vendor
2.182
Woffice Core
2.183
Woffice Core
2.184
WP Job Manager – Resume Manager
2.185
Wrapper Link Elementor

3. WordPress Themes — 26 Patched / 9 Unpatched

3.1
Anima
3.2
Infinite Photography
3.3
Boot Store
3.4
Grey Opaque
3.5
Mosaic
3.6
Schema Lite
3.7
Scylla lite
3.8
Silesia
3.9
Theron Lite
3.10
Ashe
3.11
Benevolent
3.12
Blocksy
3.13
Blossom Shop
3.14
Coachify
3.15
Elegant Pink
3.16
Esteem
3.17
Hestia
3.18
Highlight
3.19
JobScout
3.20
Mesmerize
3.21
NewsMash
3.22
Newsmatic
3.23
OnePress
3.24
Perfect Portfolio
3.25
Preschool and Kindergarten
3.26
Travel Agency
3.27
Travel Monster
3.28
Trendy News
3.29
Basil
3.30
The7
3.31
Foxiz
3.32
Goya
3.33
Striking
3.34
Striking
3.35
Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC2 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions over the next few weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

Vulnerability:: Path Traversal
Patched in Version:: 6.5.5
Severity Score:: Medium

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.5
Severity Score:: Medium

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.5
Severity Score:: Medium

WordPress Plugins — 153 Patched / 32 Unpatched

Plugin Slug:: seo-simple-pack
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: ari-fancy-lightbox
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: bsk-pdf-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: pdf-viewer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: logo-manager-for-enamad
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Low

Plugin Slug:: pagerank-tools
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: animated-al-list
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: simple-al-slider
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: widget4call
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: All In One Redirection
Plugin Slug:: all-in-one-redirection
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Auto Featured Image
Plugin Slug:: auto-featured-image
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Bible Text
Plugin Slug:: bible-text
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Bookster
Plugin Slug:: bookster
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Floating Social Buttons
Plugin Slug:: floating-social-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Frontend Checklist
Plugin Slug:: frontend-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Gallery Slideshow
Plugin Slug:: gallery-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: jQuery T(-) Countdown Widget
Plugin Slug:: jquery-t-countdown-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Mime Types Extended
Plugin Slug:: mime-types-extended
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Muslim Prayer Time BD
Plugin Slug:: muslim-prayer-time-bd
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ninja Beaver Add-ons for Beaver Builder
Plugin Slug:: ninja-beaver-lite-addons-for-beaver-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: PDF Viewer for Elementor
Plugin Slug:: pdf-viewer-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simple Photoswipe
Plugin Slug:: simple-photoswipe
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simple Photoswipe
Plugin Slug:: simple-photoswipe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Simply Show Hooks
Plugin Slug:: simply-show-hooks
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Spotify Play Button
Plugin Slug:: spotify-play-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Video Widget
Plugin Slug:: video-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WebP & SVG Support
Plugin Slug:: webp-svg-support
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: contact-form-7
Installations: 10,000,000+
Vulnerability:: Open Redirection
Patched in Version:: 5.9.5
Severity Score:: Medium

Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.22.2
Severity Score:: Medium

Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Content Injection
Patched in Version:: 9.0.0
Severity Score:: Low

Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.36
Severity Score:: Medium

Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium

Plugin Slug:: wp-file-manager
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.8
Severity Score:: Medium

Plugin Slug:: easy-table-of-contents
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.66
Severity Score:: Medium

Plugin Slug:: siteguard
Installations: 500,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.7.7
Severity Score:: Medium

Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.2
Severity Score:: Medium

Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.46
Severity Score:: Medium

Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.43
Severity Score:: Medium

Plugin Slug:: pixelyoursite
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.2
Severity Score:: Medium

Plugin Slug:: pdf-embedder
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.0
Severity Score:: Medium

Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Open Redirection
Patched in Version:: 7.8
Severity Score:: Medium

Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium

Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium

Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.2.5
Severity Score:: Medium

Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium

Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Backdoor
Patched in Version:: 3.2.2
Severity Score:: Critical

Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.2
Severity Score:: Medium

Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium

Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: Medium

Plugin Slug:: defender-security
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.7.3
Severity Score:: Medium

Plugin Slug:: depicter
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium

Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.26
Severity Score:: Critical

Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.9
Severity Score:: High

Plugin Slug:: featured-image-from-url
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.2
Severity Score:: Medium

Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium

Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium

Plugin Slug:: mobile-menu
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.4.4
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.0.5
Severity Score:: High

Plugin Slug:: permalink-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.4
Severity Score:: High

Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium

Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.7.2
Severity Score:: Medium

Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.2
Severity Score:: High

Plugin Slug:: wp-google-map-plugin
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.2
Severity Score:: High

Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.6
Severity Score:: Medium

Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.18
Severity Score:: High

Plugin Slug:: page-or-post-clone
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.1
Severity Score:: Low

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.9
Severity Score:: Medium

Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.26
Severity Score:: Medium

Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.6
Severity Score:: Medium

Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium

Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium

Plugin Slug:: h5p
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.8
Severity Score:: Medium

Plugin Slug:: powerpress
Installations: 40,000+
Vulnerability:: Backdoor
Patched in Version:: 11.9.5
Severity Score:: Critical

Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.2
Severity Score:: Medium

Plugin Slug:: cf7-widget-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium

Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium

Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.13
Severity Score:: Medium

Plugin Slug:: google-maps-easy
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.16
Severity Score:: Medium

Plugin Slug:: pdf-poster
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22
Severity Score:: Medium

Plugin Slug:: portfolio-filter-gallery
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.5
Severity Score:: Medium

Plugin Slug:: rife-elementor-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium

Plugin Slug:: simply-gallery-block
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium

Plugin Slug:: twenty20
Installations: 30,000+
Vulnerability:: Backdoor
Patched in Version:: 1.6.4
Severity Score:: Critical

Plugin Slug:: ad-invalid-click-protector
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 1.2.10
Severity Score:: Critical

Plugin Slug:: branda-white-labeling
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.18
Severity Score:: Medium

Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.1
Severity Score:: High

Plugin Slug:: funnel-builder
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium

Plugin Slug:: pdfjs-viewer-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: Medium

Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.5.8.4
Severity Score:: Critical

Plugin Slug:: ultimate-post-kit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.8
Severity Score:: Medium

Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.11
Severity Score:: Critical

Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.23.00
Severity Score:: Medium

Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.25.01
Severity Score:: Medium

Plugin Slug:: easy-affiliate-links
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium

Plugin Slug:: gdpr-cookie-consent
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: High

Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.67
Severity Score:: Medium

Plugin Slug:: html5-audio-player
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.24
Severity Score:: Medium

Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.10
Severity Score:: High

Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium

Plugin Slug:: newsletter-optin-box
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium

Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium

Plugin Slug:: wonderplugin-pdf-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8
Severity Score:: Medium

Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.8.00.003
Severity Score:: High

Plugin Slug:: wp-server-stats
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 1.7.7
Severity Score:: Critical

Plugin Slug:: motors-car-dealership-classified-listings
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium

Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.0.4
Severity Score:: Medium

Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0.5
Severity Score:: Medium

Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.8
Severity Score:: Medium

Plugin Slug:: print-my-blog
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.27.1
Severity Score:: Medium

Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.3
Severity Score:: High

Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.26
Severity Score:: Medium

Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6
Severity Score:: Medium

Plugin Slug:: easy-image-collage
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.13.6
Severity Score:: Medium

Plugin Slug:: awsm-team
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.2
Severity Score:: Medium

Plugin Slug:: patreon-connect
Installations: 4,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.1
Severity Score:: Medium

Plugin Slug:: social-rocket
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: High

Plugin Slug:: stock-ticker
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.24.6
Severity Score:: Medium

Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.32
Severity Score:: Medium

Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium

Plugin Slug:: chained-quiz
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2.9
Severity Score:: Medium

Plugin Slug:: cowidgets-elementor-addons
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.0
Severity Score:: High

Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium

Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High

Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.3
Severity Score:: High

Plugin Slug:: wp-secure-maintainance
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.5
Severity Score:: Medium

Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium

Plugin Slug:: extensions-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.31
Severity Score:: Medium

Plugin Slug:: gallery-photo-gallery
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 5.7.1
Severity Score:: Low

Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.66
Severity Score:: High

Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.61
Severity Score:: Medium

Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.36
Severity Score:: Medium

Plugin Slug:: newspack-newsletters
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.3
Severity Score:: Medium

Plugin Slug:: payplus-payment-gateway
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.6.9
Severity Score:: Critical

Plugin Slug:: payplus-payment-gateway
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.9
Severity Score:: High

Plugin Slug:: post-meta-data-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium

Plugin Slug:: supersaas-appointment-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium

Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.21.6
Severity Score:: Medium

Plugin Slug:: timetics
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.22
Severity Score:: Medium

Plugin Slug:: wp-lister-for-amazon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.17
Severity Score:: High

Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: High

Plugin Slug:: zita-site-library
Installations: 1,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.6.2
Severity Score:: Critical

Plugin Slug:: zita-site-library
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3
Severity Score:: Medium

Plugin Slug:: progress-planner
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.3
Severity Score:: Medium

Plugin Slug:: progress-planner
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.2
Severity Score:: Medium

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.2
Severity Score:: Medium

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.2
Severity Score:: Medium

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.2
Severity Score:: Medium

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium

Plugin:: BLAZE Retail Widget
Plugin Slug:: blaze-widget
Vulnerability:: Backdoor
Patched in Version:: 2.5.4
Severity Score:: Critical

Plugin:: Bricks Builder (Premium)
Plugin Slug:: bricksbuilder
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.9.9
Severity Score:: Medium

Plugin:: Contact Form 7 Multi-Step Addon
Plugin Slug:: contact-form-7-multi-step-addon
Vulnerability:: Backdoor
Patched in Version:: 1.0.7
Severity Score:: Critical

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.21.3
Severity Score:: High

Plugin Slug:: kadence-blocks-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.8
Severity Score:: Medium

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.2.3
Severity Score:: Critical

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: SQL Injection
Patched in Version:: 1.2.3
Severity Score:: High

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium

Plugin:: Newspack Ads
Plugin Slug:: newspack-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.47.2
Severity Score:: Medium

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.9
Severity Score:: Medium

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.0.9
Severity Score:: Critical

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.0.9
Severity Score:: High

Plugin:: Newspack Content Converter
Plugin Slug:: newspack-content-converter
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.0
Severity Score:: Medium

Plugin:: Newspack Campaigns
Plugin Slug:: newspack-popups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.2
Severity Score:: Medium

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.14
Severity Score:: Medium

Plugin:: Seo Optimized Images
Plugin Slug:: seo-optimized-images
Vulnerability:: Backdoor
Patched in Version:: 2.1.4
Severity Score:: Critical

Plugin:: Social Warfare
Plugin Slug:: social-warfare
Vulnerability:: Backdoor
Patched in Version:: 4.4.7.3
Severity Score:: Critical

Plugin:: Uber Menu
Plugin Slug:: ubermenu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium

Plugin:: Ultimate Addons for Elementor
Plugin Slug:: ultimate-elementor
Vulnerability:: Privilege Escalation
Patched in Version:: 1.36.32
Severity Score:: High

Plugin:: Uncanny Automator Pro
Plugin Slug:: uncanny-automator-pro
Vulnerability:: Settings Change
Patched in Version:: 5.3.0.1
Severity Score:: Medium

Plugin:: Uncanny Automator Pro
Plugin Slug:: uncanny-automator-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.0.1
Severity Score:: Medium

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Other Vulnerability Type
Patched in Version:: 4.1.4.1
Severity Score:: Medium

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.4.1
Severity Score:: Medium

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.4.1
Severity Score:: High

Plugin:: TrustedLogin Vendor
Plugin Slug:: vendor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.1
Severity Score:: Medium

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.9
Severity Score:: High

Plugin:: WP Job Manager – Resume Manager
Plugin Slug:: wp-job-manager-resumes
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium

Plugin:: Wrapper Link Elementor
Plugin Slug:: wrapper-link-elementor
Vulnerability:: Backdoor
Patched in Version:: 1.0.5
Severity Score:: Critical

WordPress Themes — 26 Patched / 9 Unpatched

Theme Slug:: anima
Downloads: 168,999
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: infinite-photography
Downloads: 107,414
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Boot Store
Theme Slug:: boot-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Grey Opaque
Theme Slug:: grey-opaque
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Mosaic
Theme Slug:: mosaic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Schema Lite
Theme Slug:: schema-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Scylla lite
Theme Slug:: scylla-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Silesia
Theme Slug:: silesia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Theron Lite
Theme Slug:: theron-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: ashe
Downloads: 1,957,104
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.234
Severity Score:: Medium

Theme Slug:: benevolent
Downloads: 160,655
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.5
Severity Score:: Medium

Theme Slug:: blocksy
Downloads: 3,336,053
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium

Theme Slug:: blossom-shop
Downloads: 150,907
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.8
Severity Score:: Medium

Theme Slug:: coachify
Downloads: 28,532
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8
Severity Score:: Medium

Theme Slug:: elegant-pink
Downloads: 196,614
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.1
Severity Score:: Medium

Theme Slug:: esteem
Downloads: 354,167
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium

Theme Slug:: hestia
Downloads: 4,062,876
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.3
Severity Score:: Medium

Theme Slug:: highlight
Downloads: 435,589
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.30
Severity Score:: Medium

Theme Slug:: jobscout
Downloads: 91,924
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.5
Severity Score:: Medium

Theme Slug:: mesmerize
Downloads: 1,557,420
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.124
Severity Score:: Medium

Theme Slug:: newsmash
Downloads: 64,856
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.35
Severity Score:: Medium

Theme Slug:: newsmatic
Downloads: 213,444
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium

Theme Slug:: onepress
Downloads: 2,262,614
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.7
Severity Score:: Medium

Theme Slug:: perfect-portfolio
Downloads: 251,932
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium

Theme Slug:: preschool-and-kindergarten
Downloads: 120,182
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.2
Severity Score:: Medium

Theme Slug:: travel-agency
Downloads: 289,086
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.0
Severity Score:: Medium

Theme Slug:: travel-monster
Downloads: 28,852
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium

Theme Slug:: trendy-news
Downloads: 24,678
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium

Theme:: Basil
Theme Slug:: basil
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium

Theme:: The7
Theme Slug:: dt-the7
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.14.0
Severity Score:: Medium

Theme:: Foxiz
Theme Slug:: foxiz
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.3.6
Severity Score:: High

Theme:: Goya
Theme Slug:: goya
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.8
Severity Score:: High

Theme:: Striking
Theme Slug:: striking-r
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.5
Severity Score:: High

Theme:: Striking
Theme Slug:: striking-r
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: High

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

Table of Contents

WordPress Core

WordPress Plugins — 153 Patched / 32 Unpatched

WordPress Themes — 26 Patched / 9 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more