In this report, 223 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 41 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
WordPress 6.6 RC2 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions over the next few weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.
- Vulnerability:
- Path Traversal
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
WordPress Plugins — 153 Patched / 32 Unpatched
- Plugin Slug:
- seo-simple-pack
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- social-networks-auto-poster-facebook-twitter-g
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- ari-fancy-lightbox
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- bsk-pdf-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- pdf-viewer
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- logo-manager-for-enamad
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- wpdirectorykit
- Installations
- 3,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Low
- Plugin Slug:
- pagerank-tools
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- animated-al-list
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- simple-al-slider
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- widget4call
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
All In One Redirection
- Plugin Slug:
- all-in-one-redirection
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Auto Featured Image
- Plugin Slug:
- auto-featured-image
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Bible Text
- Plugin Slug:
- bible-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Bookster
- Plugin Slug:
- bookster
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Floating Social Buttons
- Plugin Slug:
- floating-social-buttons
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Frontend Checklist
- Plugin Slug:
- frontend-checklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Gallery Slideshow
- Plugin Slug:
- gallery-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
jQuery T(-) Countdown Widget
- Plugin Slug:
- jquery-t-countdown-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Mime Types Extended
- Plugin Slug:
- mime-types-extended
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Muslim Prayer Time BD
- Plugin Slug:
- muslim-prayer-time-bd
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ninja Beaver Add-ons for Beaver Builder
- Plugin Slug:
- ninja-beaver-lite-addons-for-beaver-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
PDF Viewer for Elementor
- Plugin Slug:
- pdf-viewer-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Simple Photoswipe
- Plugin Slug:
- simple-photoswipe
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Simple Photoswipe
- Plugin Slug:
- simple-photoswipe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Simply Show Hooks
- Plugin Slug:
- simply-show-hooks
- Vulnerability:
- Backdoor
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Spotify Play Button
- Plugin Slug:
- spotify-play-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Video Widget
- Plugin Slug:
- video-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WebP & SVG Support
- Plugin Slug:
- webp-svg-support
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- contact-form-7
- Installations
- 10,000,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 5.9.5
- Severity Score:
- Medium
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.22.2
- Severity Score:
- Medium
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 9.0.0
- Severity Score:
- Low
- Plugin Slug:
- header-footer-elementor
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.36
- Severity Score:
- Medium
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.2.8
- Severity Score:
- Medium
- Plugin Slug:
- easy-table-of-contents
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.66
- Severity Score:
- Medium
- Plugin Slug:
- siteguard
- Installations
- 500,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.2
- Severity Score:
- Medium
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.46
- Severity Score:
- Medium
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.43
- Severity Score:
- Medium
- Plugin Slug:
- pixelyoursite
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.6.2
- Severity Score:
- Medium
- Plugin Slug:
- pdf-embedder
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.0
- Severity Score:
- Medium
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.6
- Severity Score:
- Medium
- Plugin Slug:
- file-manager-advanced
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.2.5
- Severity Score:
- Medium
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 3.2.2
- Severity Score:
- Critical
- Plugin Slug:
- stackable-ultimate-gutenberg-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.2
- Severity Score:
- Medium
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-whatsapp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.5
- Severity Score:
- Medium
- Plugin Slug:
- defender-security
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.3
- Severity Score:
- Medium
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.26
- Severity Score:
- Critical
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.9
- Severity Score:
- High
- Plugin Slug:
- featured-image-from-url
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.8.2
- Severity Score:
- Medium
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.6.8.2
- Severity Score:
- Medium
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.6.8.2
- Severity Score:
- Medium
- Plugin Slug:
- mobile-menu
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.4.4
- Severity Score:
- Medium
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- Plugin Slug:
- permalink-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3.4
- Severity Score:
- High
- Plugin Slug:
- the-post-grid
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.7.2
- Severity Score:
- Medium
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.7.2
- Severity Score:
- High
- Plugin Slug:
- wp-google-map-plugin
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.6.2
- Severity Score:
- High
- Plugin Slug:
- interactive-3d-flipbook-powered-physics-engine
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.6
- Severity Score:
- Medium
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18
- Severity Score:
- High
- Plugin Slug:
- page-or-post-clone
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.1
- Severity Score:
- Low
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.9
- Severity Score:
- Medium
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.26
- Severity Score:
- Medium
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.6
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- Plugin Slug:
- h5p
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.8
- Severity Score:
- Medium
- Plugin Slug:
- powerpress
- Installations
- 40,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 11.9.5
- Severity Score:
- Critical
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.2
- Severity Score:
- Medium
- Plugin Slug:
- cf7-widget-elementor
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- Plugin Slug:
- google-maps-easy
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.16
- Severity Score:
- Medium
- Plugin Slug:
- pdf-poster
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.22
- Severity Score:
- Medium
- Plugin Slug:
- portfolio-filter-gallery
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.5
- Severity Score:
- Medium
- Plugin Slug:
- rife-elementor-extensions
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- Plugin Slug:
- simply-gallery-block
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- Plugin Slug:
- twenty20
- Installations
- 30,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.6.4
- Severity Score:
- Critical
- Plugin Slug:
- ad-invalid-click-protector
- Installations
- 20,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.2.10
- Severity Score:
- Critical
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.18
- Severity Score:
- Medium
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.1
- Severity Score:
- High
- Plugin Slug:
- funnel-builder
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- Plugin Slug:
- pdfjs-viewer-shortcode
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- Plugin Slug:
- quiz-maker
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.5.8.4
- Severity Score:
- Critical
- Plugin Slug:
- ultimate-post-kit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.8
- Severity Score:
- Medium
- Plugin Slug:
- userswp
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.11
- Severity Score:
- Critical
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.23.00
- Severity Score:
- Medium
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.25.01
- Severity Score:
- Medium
- Plugin Slug:
- easy-affiliate-links
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.0
- Severity Score:
- High
- Plugin Slug:
- gpt3-ai-content-generator
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.67
- Severity Score:
- Medium
- Plugin Slug:
- html5-audio-player
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.24
- Severity Score:
- Medium
- Plugin Slug:
- mailster
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.10
- Severity Score:
- High
- Plugin Slug:
- mega-elements-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- Plugin Slug:
- newsletter-optin-box
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- Plugin Slug:
- widgetkit-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.1
- Severity Score:
- Medium
- Plugin Slug:
- wonderplugin-pdf-embed
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8
- Severity Score:
- Medium
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.8.00.003
- Severity Score:
- High
- Plugin Slug:
- wp-server-stats
- Installations
- 10,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.7.7
- Severity Score:
- Critical
- Plugin Slug:
- motors-car-dealership-classified-listings
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.11
- Severity Score:
- Medium
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.0.4
- Severity Score:
- Medium
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0.5
- Severity Score:
- Medium
- Plugin Slug:
- mediavine-create
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.8
- Severity Score:
- Medium
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.8
- Severity Score:
- Medium
- Plugin Slug:
- print-my-blog
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.27.1
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- Plugin Slug:
- wp-cafe
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.26
- Severity Score:
- Medium
- Plugin Slug:
- wpzoom-addons-for-beaver-builder
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- Plugin Slug:
- easy-image-collage
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.13.6
- Severity Score:
- Medium
- Plugin Slug:
- awsm-team
- Installations
- 4,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- Plugin Slug:
- patreon-connect
- Installations
- 4,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- Plugin Slug:
- social-rocket
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.4
- Severity Score:
- High
- Plugin Slug:
- stock-ticker
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.24.6
- Severity Score:
- Medium
- Plugin Slug:
- atarim-visual-collaboration
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.32
- Severity Score:
- Medium
- Plugin Slug:
- bb-bootstrap-cards
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- Plugin Slug:
- chained-quiz
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2.9
- Severity Score:
- Medium
- Plugin Slug:
- cowidgets-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- Plugin Slug:
- crm-perks-forms
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- Plugin Slug:
- groundhogg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.3
- Severity Score:
- High
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- High
- Plugin Slug:
- wp-secure-maintainance
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.5
- Severity Score:
- Medium
- Plugin Slug:
- enteraddons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- Plugin Slug:
- extensions-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.31
- Severity Score:
- Medium
- Plugin Slug:
- gallery-photo-gallery
- Installations
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 5.7.1
- Severity Score:
- Low
- Plugin Slug:
- ideapush
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.66
- Severity Score:
- High
- Plugin Slug:
- ideapush
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.61
- Severity Score:
- Medium
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.36
- Severity Score:
- Medium
- Plugin Slug:
- newspack-newsletters
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.13.3
- Severity Score:
- Medium
- Plugin Slug:
- payplus-payment-gateway
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.6.9
- Severity Score:
- Critical
- Plugin Slug:
- payplus-payment-gateway
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.9
- Severity Score:
- High
- Plugin Slug:
- post-meta-data-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- Plugin Slug:
- supersaas-appointment-scheduling
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.10
- Severity Score:
- Medium
- Plugin Slug:
- tainacan
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.21.6
- Severity Score:
- Medium
- Plugin Slug:
- timetics
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.22
- Severity Score:
- Medium
- Plugin Slug:
- wp-lister-for-amazon
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.17
- Severity Score:
- High
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- High
- Plugin Slug:
- zita-site-library
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.6.2
- Severity Score:
- Critical
- Plugin Slug:
- zita-site-library
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- Plugin Slug:
- progress-planner
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.3
- Severity Score:
- Medium
- Plugin Slug:
- progress-planner
- Installations
- 30+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.9.2
- Severity Score:
- Medium
- Plugin:
-
Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- Plugin:
-
Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- Plugin:
-
Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- Plugin:
-
ARMember Premium
- Plugin Slug:
- armember
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.7.1
- Severity Score:
- Medium
- Plugin:
-
BLAZE Retail Widget
- Plugin Slug:
- blaze-widget
- Vulnerability:
- Backdoor
- Patched in Version:
- 2.5.4
- Severity Score:
- Critical
- Plugin:
-
Bricks Builder (Premium)
- Plugin Slug:
- bricksbuilder
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- Plugin:
-
Contact Form 7 Multi-Step Addon
- Plugin Slug:
- contact-form-7-multi-step-addon
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.0.7
- Severity Score:
- Critical
- Plugin:
-
Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.21.3
- Severity Score:
- High
- Plugin Slug:
- kadence-blocks-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- Plugin:
-
Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.2.3
- Severity Score:
- Critical
- Plugin:
-
Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.3
- Severity Score:
- High
- Plugin:
-
Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- Plugin:
-
Newspack Ads
- Plugin Slug:
- newspack-ads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.47.2
- Severity Score:
- Medium
- Plugin:
-
Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- Plugin:
-
Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.0.9
- Severity Score:
- Critical
- Plugin:
-
Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- Plugin:
-
Newspack Content Converter
- Plugin Slug:
- newspack-content-converter
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.0
- Severity Score:
- Medium
- Plugin:
-
Newspack Campaigns
- Plugin Slug:
- newspack-popups
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.31.2
- Severity Score:
- Medium
- Plugin:
-
Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.14
- Severity Score:
- Medium
- Plugin:
-
Seo Optimized Images
- Plugin Slug:
- seo-optimized-images
- Vulnerability:
- Backdoor
- Patched in Version:
- 2.1.4
- Severity Score:
- Critical
- Plugin:
-
Social Warfare
- Plugin Slug:
- social-warfare
- Vulnerability:
- Backdoor
- Patched in Version:
- 4.4.7.3
- Severity Score:
- Critical
- Plugin:
-
Uber Menu
- Plugin Slug:
- ubermenu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- Plugin:
-
Ultimate Addons for Elementor
- Plugin Slug:
- ultimate-elementor
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.36.32
- Severity Score:
- High
- Plugin:
-
Uncanny Automator Pro
- Plugin Slug:
- uncanny-automator-pro
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.3.0.1
- Severity Score:
- Medium
- Plugin:
-
Uncanny Automator Pro
- Plugin Slug:
- uncanny-automator-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.0.1
- Severity Score:
- Medium
- Plugin:
-
Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 4.1.4.1
- Severity Score:
- Medium
- Plugin:
-
Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.4.1
- Severity Score:
- Medium
- Plugin:
-
Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.4.1
- Severity Score:
- High
- Plugin:
-
TrustedLogin Vendor
- Plugin Slug:
- vendor
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- Plugin:
-
Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- Plugin:
-
Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- Plugin:
-
WP Job Manager – Resume Manager
- Plugin Slug:
- wp-job-manager-resumes
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- Plugin:
-
Wrapper Link Elementor
- Plugin Slug:
- wrapper-link-elementor
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.0.5
- Severity Score:
- Critical
WordPress Themes — 26 Patched / 9 Unpatched
- Theme Slug:
- anima
- Downloads
- 168,999
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme Slug:
- infinite-photography
- Downloads
- 107,414
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Boot Store
- Theme Slug:
- boot-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Grey Opaque
- Theme Slug:
- grey-opaque
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Mosaic
- Theme Slug:
- mosaic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Schema Lite
- Theme Slug:
- schema-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Scylla lite
- Theme Slug:
- scylla-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Silesia
- Theme Slug:
- silesia
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Theron Lite
- Theme Slug:
- theron-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme Slug:
- ashe
- Downloads
- 1,957,104
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.234
- Severity Score:
- Medium
- Theme Slug:
- benevolent
- Downloads
- 160,655
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- Theme Slug:
- blocksy
- Downloads
- 3,336,053
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.23
- Severity Score:
- Medium
- Theme Slug:
- blossom-shop
- Downloads
- 150,907
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.8
- Severity Score:
- Medium
- Theme Slug:
- coachify
- Downloads
- 28,532
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- Theme Slug:
- elegant-pink
- Downloads
- 196,614
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- Theme Slug:
- esteem
- Downloads
- 354,167
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- Theme Slug:
- hestia
- Downloads
- 4,062,876
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- Theme Slug:
- highlight
- Downloads
- 435,589
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.30
- Severity Score:
- Medium
- Theme Slug:
- jobscout
- Downloads
- 91,924
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- Theme Slug:
- mesmerize
- Downloads
- 1,557,420
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.124
- Severity Score:
- Medium
- Theme Slug:
- newsmash
- Downloads
- 64,856
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.35
- Severity Score:
- Medium
- Theme Slug:
- newsmatic
- Downloads
- 213,444
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- Theme Slug:
- onepress
- Downloads
- 2,262,614
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.7
- Severity Score:
- Medium
- Theme Slug:
- perfect-portfolio
- Downloads
- 251,932
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- Theme Slug:
- preschool-and-kindergarten
- Downloads
- 120,182
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- Theme Slug:
- travel-agency
- Downloads
- 289,086
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- Theme Slug:
- travel-monster
- Downloads
- 28,852
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- Theme Slug:
- trendy-news
- Downloads
- 24,678
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.16
- Severity Score:
- Medium
- Theme:
-
Basil
- Theme Slug:
- basil
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- Theme:
-
The7
- Theme Slug:
- dt-the7
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.14.0
- Severity Score:
- Medium
- Theme:
-
Foxiz
- Theme Slug:
- foxiz
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.3.6
- Severity Score:
- High
- Theme:
-
Goya
- Theme Slug:
- goya
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8.8
- Severity Score:
- High
- Theme:
-
Striking
- Theme Slug:
- striking-r
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.5
- Severity Score:
- High
- Theme:
-
Striking
- Theme Slug:
- striking-r
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.5
- Severity Score:
- High
- Theme:
-
Woffice
- Theme Slug:
- woffice
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.9
- Severity Score:
- High
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!