• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – June 21, 2023

WordPress Vulnerability Report – June 21, 2023

Written by

Dan Knauss

on

June 21, 2023

Last Updated on June 21, 2023

This week, 79 total vulnerabilities emerged in public disclosure. They may affect over 3 million WordPress sites. There are 55 plugin vulnerabilities that have security patches available, so run those updates!

Additionally, there are 24 plugin vulnerabilities with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WooCommerce Stripe Payment Gateway

Product image for WooCommerce Stripe Payment Gateway.

Plugin Slug
woocommerce-gateway-stripe

Installations
900,000+

Vulnerability
Unauthenticated Broken Access Control

Patched in Version
7.4.1

Severity Score
High

The vulnerability has been patched, so you should update to version 7.4.1.

WooCommerce Stripe Payment Gateway

Product image for WooCommerce Stripe Payment Gateway.

Plugin Slug
woocommerce-gateway-stripe

Installations
900,000+

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
7.4.1

Severity Score
High

The vulnerability has been patched, so you should update to version 7.4.1.

Password Protected

Product image for Password Protected.

Plugin Slug
password-protected

Installations
300,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.3.

Photo Gallery by 10Web

Product image for Photo Gallery by 10Web – Mobile-Friendly Image Gallery.

Plugin Slug
photo-gallery

Installations
200,000+

Vulnerability
Broken Access Control

Patched in Version
1.8.16

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.16.

Unlimited Elements For Elementor

Product image for Unlimited Elements For Elementor (Free Widgets, Addons, Templates).

Plugin Slug
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability
Unrestricted Zip Extraction

Patched in Version
1.5.67

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.5.67.

Download Monitor

Product image for Download Monitor.

Plugin Slug
download-monitor

Installations
100,000+

Vulnerability
Arbitrary File Upload

Patched in Version
4.8.4

Severity Score
Critical

The vulnerability has been patched, so you should update to version 4.8.4.

WooCommerce Square

Product image for WooCommerce Square.

Plugin Slug
woocommerce-square

Installations
100,000+

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
3.8.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.8.2.

Conditional Menus

Plugin Slug
conditional-menus

Installations
70,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.2.1.

Dokan

Product image for Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.

Plugin Slug
dokan-lite

Installations
60,000+

Vulnerability
PHP Object Injection

Patched in Version
3.7.20

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.7.20.

Dynamic Visibility for Elementor

Product image for Dynamic Visibility for Elementor.

Plugin Slug
dynamic-visibility-for-elementor

Installations
40,000+

Vulnerability
Broken Access Control

Patched in Version
5.0.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.0.6.

Super Socializer

Product image for Social Share, Social Login and Social Comments Plugin – Super Socializer.

Plugin Slug
super-socializer

Installations
40,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
7.13.53

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.13.53.

Super Socializer

Product image for Social Share, Social Login and Social Comments Plugin – Super Socializer.

Plugin Slug
super-socializer

Installations
40,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
7.13.52

Severity Score
High

The vulnerability has been patched, so you should update to version 7.13.52.

Gutenverse – Gutenberg Blocks – Page Builder for Site Editor

Product image for Gutenverse – Gutenberg Blocks – Page Builder for Site Editor.

Plugin Slug
gutenverse

Installations
30,000+

Vulnerability
Broken Access Control

Patched in Version
1.8.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.6.

Stock Manager for WooCommerce

Product image for Stock Manager for WooCommerce.

Plugin Slug
woocommerce-stock-manager

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.11.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.11.0.

myCred plugin

Product image for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin.

Plugin Slug
mycred

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.1.

CMS Commander

Product image for CMS Commander – Manage Multiple Sites.

Plugin Slug
cms-commander-client

Installations
10,000+

Vulnerability
Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

Patched in Version
2.288

Severity Score
High

The vulnerability has been patched, so you should update to version 2.288.

Directorist

Product image for Directorist – WordPress Business Directory Plugin with Classified Ads Listings.

Plugin Slug
directorist

Installations
10,000+

Vulnerability
Arbitrary Content Deletion

Patched in Version
7.5.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.5.5.

File Renaming on Upload

Product image for File Renaming on Upload.

Plugin Slug
file-renaming-on-upload

Installations
10,000+

Vulnerability
Admin+ Stored Cross Site Scripting (XSS)

Patched in Version
2.5.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.2.

LWS Tools

Product image for LWS Tools.

Plugin Slug
lws-tools

Installations
10,000+

Vulnerability
Multiple Cross Site Request Forgery (CSRF)

Patched in Version
2.4.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.2.

SupportCandy

Product image for SupportCandy – Helpdesk & Support Ticket System.

Plugin Slug
supportcandy

Installations
10,000+

Vulnerability
Subscriber+ SQL Injection

Patched in Version
3.1.7

Severity Score
High

The vulnerability has been patched, so you should update to version 3.1.7.

SupportCandy

Product image for SupportCandy – Helpdesk & Support Ticket System.

Plugin Slug
supportcandy

Installations
10,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
3.1.7

Severity Score
High

The vulnerability has been patched, so you should update to version 3.1.7.

YaySMTP

Product image for YaySMTP – Simple WP SMTP Mail.

Plugin Slug
yaysmtp

Installations
6,000+

Vulnerability
Unauthenticated Stored Cross Site Scripting (XSS)

Patched in Version
2.4.6

Severity Score
High

The vulnerability has been patched, so you should update to version 2.4.6.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
SQL Injection

Patched in Version
3.9.8

Severity Score
High

The vulnerability has been patched, so you should update to version 3.9.8.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Product Limit Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Order Message Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Order Title Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Order Title Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Order Status Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Firebase Server Key Update

Patched in Version
3.9.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.7.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Missing Authorization

Patched in Version
3.9.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.6.

WP Custom Cursors

Product image for WP Custom Cursors | WordPress Cursor Plugin.

Plugin Slug
wp-custom-cursors

Installations
5,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
3.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.2.

AI ChatBot

Product image for AI ChatBot.

Plugin Slug
chatbot

Installations
4,000+

Vulnerability
Admin+ Stored Cross Site Scripting (XSS)

Patched in Version
4.5.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.5.

AI ChatBot

Product image for AI ChatBot.

Plugin Slug
chatbot

Installations
4,000+

Vulnerability
Admin+ Stored Cross Site Scripting (XSS)

Patched in Version
4.5.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.6.

Integration for Contact Form 7 and Zoho CRM, Bigin

Product image for Integration for Contact Form 7 and Zoho CRM, Bigin.

Plugin Slug
cf7-zoho

Installations
3,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
1.2.4

Severity Score
High

The vulnerability has been patched, so you should update to version 1.2.4.

CHP Ads Block Detector

Product image for CHP Ads Block Detector.

Plugin Slug
chp-ads-block-detector

Installations
3,000+

Vulnerability
Authenticated (Subscriber+) Stored Cross Site Scripting (XSS)

Patched in Version
3.9.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.9.8.

Recipe Maker For Your Food Blog from Zip Recipes

Product image for Recipe Maker For Your Food Blog from Zip Recipes.

Plugin Slug
zip-recipes

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
8.0.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.0.8.

All Bootstrap Blocks

Product image for All Bootstrap Blocks.

Plugin Slug
all-bootstrap-blocks

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.7.

ARMember

Product image for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.

Plugin Slug
armember-membership

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.0.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.3.

Core Web Vitals & PageSpeed Booster

Product image for Core Web Vitals & PageSpeed Booster.

Plugin Slug
core-web-vitals-pagespeed-booster

Installations
2,000+

Vulnerability
Open Redirection

Patched in Version
1.0.13

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.13.

Extra User Details

Product image for Extra User Details.

Plugin Slug
extra-user-details

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
0.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.5.1.

Extra User Details

Product image for Extra User Details.

Plugin Slug
extra-user-details

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
0.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.5.1.

WP Directory Kit

Product image for WP Directory Kit.

Plugin Slug
wpdirectorykit

Installations
2,000+

Vulnerability
Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

Patched in Version
1.2.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.4.

Church Admin

Product image for Church Admin.

Plugin Slug
church-admin

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.7.30

Severity Score
High

The vulnerability has been patched, so you should update to version 3.7.30.

Contact Forms by Cimatti

Product image for WordPress Contact Forms by Cimatti.

Plugin Slug
contact-forms

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
1.5.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.8.

WordPress Contact Forms by Cimatti

Product image for WordPress Contact Forms by Cimatti.

Plugin Slug
contact-forms

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF) via _accua_forms_form_edit_action

Patched in Version
1.5.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.8.

EventPrime

Product image for EventPrime – Modern Events Calendar, Bookings and Tickets.

Plugin Slug
eventprime-event-calendar-management

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.6

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.6.

WP PDF Generator

Product image for WP PDF Generator.

Plugin Slug
wp-pdf-generator

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

Zephyr Project Manager

Product image for Zephyr Project Manager.

Plugin Slug
zephyr-project-manager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.3.94

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.94.

LWS Cleaner

Product image for LWS Cleaner.

Plugin Slug
lws-cleaner

Installations
900+

Vulnerability
Multiple Cross Site Request Forgery (CSRF)

Patched in Version
2.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.1.

WP Sticky Social

Product image for WP Sticky Social.

Plugin Slug
wp-sticky-social

Installations
300+

Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting

Patched in Version
1.0.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.2.

Booking and Rental Manager

Product image for Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress and all Kinds of Equipment.

Plugin Slug
booking-and-rental-manager-for-woocommerce

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.2.

Front User Submit | Front Editor

Product image for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor.

Plugin Slug
front-editor

Installations
200+

Vulnerability
Authenticated (Subscriber+) Stored Cross Site Scripting (XSS)

Patched in Version
3.8.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.0.

Form Maker

Plugin
Contact Form by WD

Plugin Slug
contact-form-maker

Vulnerability
Missing Authorization in check_score

Patched in Version
1.15.17

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.15.17.

WooCommerce Brands

Plugin
WooCommerce Brands

Plugin Slug
woocommerce-brands

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.50

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.50.

WooCommerce Product Vendors

Plugin
WooCommerce Product Vendors

Plugin Slug
woocommerce-product-vendors

Vulnerability
Shop Manager+ SQL Injection

Patched in Version
2.1.79

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.79.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Seed Fonts

Product image for Seed Fonts.

Plugin Slug
seed-fonts

Installations
20,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Flo Forms

Product image for Flo Forms – Easy Drag & Drop Form Builder.

Plugin Slug
flo-forms

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

MasterStudy LMS

Product image for MasterStudy LMS WordPress Plugin – for Online Courses and Education.

Plugin Slug
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

MasterStudy LMS

Product image for MasterStudy LMS WordPress Plugin – for Online Courses and Education.

Plugin Slug
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Form Builder

Product image for Form Builder | Create Responsive Contact Forms.

Plugin Slug
contact-form-add

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Google Map Shortcode

Plugin Slug
google-map-shortcode

Installations
4,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP Matterport Shortcode

Product image for WP Matterport Shortcode.

Plugin Slug
shortcode-gallery-for-matterport-showcase

Installations
4,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Sermon’e – Sermons Online

Product image for Sermon'e – Sermons Online.

Plugin Slug
sermone-online-sermons-management

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Template Debugger

Product image for Template Debugger.

Plugin Slug
quick-edit-template-link

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Recent Posts Slider

Product image for Recent Posts Slider.

Plugin Slug
recent-posts-slider

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Recent Posts Slider

Product image for Recent Posts Slider.

Plugin Slug
recent-posts-slider

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Securimage-WP

Product image for Securimage-WP.

Plugin Slug
securimage-wp

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

breadcrumb simple

Product image for breadcrumb simple.

Plugin Slug
breadcrumb-simple

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Fat Rat Collect

Product image for ????(Fat Rat Collect) ????????????????, ???????????????????????????.

Plugin Slug
fat-rat-collect

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Galleria

Product image for Galleria.

Plugin Slug
galleria

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Who Hit The Page – Hit Counter

Product image for Who Hit The Page – Hit Counter.

Plugin Slug
who-hit-the-page-hit-counter

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress NextGen GalleryView

Plugin Slug
wordpress-nextgen-galleryview

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP Affiliate Links

Plugin Slug
wp-affiliate-links

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP Backup Manager

Product image for WP Backup Manager.

Plugin Slug
wp-backup-manager

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

MojoPlug Slide Panel

Product image for MojoPlug Slide Panel.

Plugin Slug
mojoplug-slide-panel

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Smoothscroller

Product image for Smoothscroller.

Plugin Slug
smoothscroller

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

wpView

Product image for Display Custom Fields – wpView.

Plugin Slug
wpview

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Login Configurator

Plugin
Login Configurator

Plugin Slug
login-configurator

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Upload Resume

Plugin
Upload Resume

Plugin Slug
resume-upload-form

Vulnerability
Captcha Bypass Vulnerability

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

  • No new WordPress theme vulnerabilities were disclosed this week.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
July 10, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter