In this report, 194 vulnerabilities have been publicly disclosed. Security patches for 100 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 94 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
WordPress Plugins — 85 Patched / 91 Unpatched
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- academy
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Low
- Plugin Slug:
- custom-add-to-cart-button-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- event-monster
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- my-favorites
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- optinly
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- zoho-marketinghub
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Accordions
- Plugin Slug:
- accordions-or-faqs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Bible Text
- Plugin Slug:
- bible-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Blogmentor – Blog Layouts for Elementor
- Plugin Slug:
- blogmentor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Blogmentor – Blog Layouts for Elementor
- Plugin Slug:
- blogmentor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Scheduling Plugin – Online Booking for WordPress
- Plugin Slug:
- calendar-booking
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
CB (legacy)
- Plugin Slug:
- commons-booking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
CB (legacy)
- Plugin Slug:
- commons-booking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
CSSable Countdown
- Plugin Slug:
- cssable-countdown
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Custom Product List Table
- Plugin Slug:
- custom-product-list-table
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Demo Awesome
- Plugin Slug:
- demo-awesome
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Demo Awesome
- Plugin Slug:
- demo-awesome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
DImage 360
- Plugin Slug:
- dimage-360
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
DOP Shortcodes
- Plugin Slug:
- dop-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Elegant Themes Icons
- Plugin Slug:
- elegant-themes-icons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
EmbedSocial
- Plugin Slug:
- embedalbum-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Empty Cart Button for WooCommerce
- Plugin Slug:
- empty-cart-button-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Export WP Page to Static HTML/CSS
- Plugin Slug:
- export-wp-page-to-static-html
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
FS Poster
- Plugin Slug:
- fs-poster
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Universal Slider
- Plugin Slug:
- fusion-slider
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Kanban Boards for WordPress
- Plugin Slug:
- kanban
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Kimili Flash Embed
- Plugin Slug:
- kimili-flash-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Laybuy Payment Extension for WooCommerce
- Plugin Slug:
- laybuy-gateway-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
License Manager for WooCommerce
- Plugin Slug:
- license-manager-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Lifeline Donation
- Plugin Slug:
- lifeline-donation
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
MIMO Woocommerce Order Tracking
- Plugin Slug:
- mimo-woocommerce-order-tracking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Restaurant Reservations
- Plugin Slug:
- nd-restaurant-reservations
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WordPress Picture / Portfolio / Media Gallery
- Plugin Slug:
- nimble-portfolio
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
OSM Map Widget for Elementor
- Plugin Slug:
- osm-map-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
- Plugin Slug:
- paypal-pay-buy-donation-and-cart-buttons-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
PDF Viewer for Elementor
- Plugin Slug:
- pdf-viewer-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Photo Video Gallery Master
- Plugin Slug:
- photo-video-gallery-master
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
phpinfo() WP
- Plugin Slug:
- phpinfo-wp
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Play.ht
- Plugin Slug:
- play-ht
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Promolayer
- Plugin Slug:
- promolayer-popup-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Replace Image
- Plugin Slug:
- replace-image
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Shortcode Addons
- Plugin Slug:
- shortcode-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Sketchfab Embed
- Plugin Slug:
- sketchfab-oembed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Slideshow SE
- Plugin Slug:
- slideshow-se
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Slideshow SE
- Plugin Slug:
- slideshow-se
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Directory Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Transition Slider – Responsive Image Slider and Gallery
- Plugin Slug:
- transition-slider-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
User Rights Access Manager
- Plugin Slug:
- user-rights-access-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Tabs
- Plugin Slug:
- vc-tabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Wheel of Life
- Plugin Slug:
- wheel-of-life
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Woocommerce Customers Order History
- Plugin Slug:
- woo-customers-order-history
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Word Balloon
- Plugin Slug:
- word-balloon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WP Blog Post Layouts
- Plugin Slug:
- wp-blog-post-layouts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WP Hotel Booking
- Plugin Slug:
- wp-hotel-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
WP Logs Book
- Plugin Slug:
- wp-logs-book
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WP Logs Book
- Plugin Slug:
- wp-logs-book
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Pexels: Free Stock Photos
- Plugin Slug:
- wp-pexels-free-stock-photos
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WP Scraper
- Plugin Slug:
- wp-scraper
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- loco-translate
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.10
- Severity Score:
- Medium
- Plugin Slug:
- wp-smushit
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.16.5
- Severity Score:
- Medium
- Plugin Slug:
- better-wp-security
- Installations
- 900,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 9.3.2
- Severity Score:
- Low
- Plugin Slug:
- siteguard
- Installations
- 500,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.9.1
- Severity Score:
- Medium
- Plugin Slug:
- cartflows
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.35
- Severity Score:
- Medium
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.8
- Severity Score:
- Medium
- Plugin Slug:
- defender-security
- Installations
- 90,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.3.3
- Severity Score:
- Medium
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.24
- Severity Score:
- Critical
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.17
- Severity Score:
- High
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- Plugin Slug:
- metronet-profile-picture
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- Plugin Slug:
- wp-2fa
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- Plugin Slug:
- convertkit
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.9.1
- Severity Score:
- Medium
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.20
- Severity Score:
- Medium
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.20
- Severity Score:
- Medium
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.5
- Severity Score:
- Medium
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-maintenance
- Installations
- 50,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 6.1.9.3
- Severity Score:
- Medium
- Plugin Slug:
- ays-popup-box
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- Plugin Slug:
- blossomthemes-email-newsletter
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.9.4
- Severity Score:
- Medium
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.0
- Severity Score:
- Critical
- Plugin Slug:
- wp-hide-backed-notices
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-svg-images
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3
- Severity Score:
- Medium
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.18
- Severity Score:
- Medium
- Plugin Slug:
- cryout-serious-slider
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.5
- Severity Score:
- Medium
- Plugin Slug:
- table-addons-for-elementor
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.39
- Severity Score:
- Medium
- Plugin Slug:
- business-directory-plugin
- Installations
- 10,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- 6.4.4
- Severity Score:
- Medium
- Plugin Slug:
- jetwidgets-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.18
- Severity Score:
- Medium
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.13
- Severity Score:
- High
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- Plugin Slug:
- sparkle-demo-importer
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.8
- Severity Score:
- Medium
- Plugin Slug:
- wp-child-theme-generator
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.8
- Severity Score:
- Medium
- Plugin Slug:
- vimeography
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- Plugin Slug:
- wp-magazine-modules-lite
- Installations
- 7,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- Plugin Slug:
- wpadverts
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- Plugin Slug:
- salon-booking-system
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 10.0
- Severity Score:
- High
- Plugin Slug:
- salon-booking-system
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 10.3
- Severity Score:
- Critical
- Plugin Slug:
- wp-job-portal
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- Plugin Slug:
- wp-job-portal
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- Plugin Slug:
- instawp-connect
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.1.0.39
- Severity Score:
- Critical
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.2.9
- Severity Score:
- Medium
- Plugin Slug:
- maxgalleria
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.5
- Severity Score:
- Medium
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.8
- Severity Score:
- Medium
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.10
- Severity Score:
- Medium
- Plugin Slug:
- wp-lister-for-ebay
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.9
- Severity Score:
- High
- Plugin Slug:
- affiliate-toolkit-starter
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.4.5
- Severity Score:
- Medium
- Plugin Slug:
- groundhogg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- High
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-secure-maintainance
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.5
- Severity Score:
- Medium
- Plugin Slug:
- easy-age-verify
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.52
- Severity Score:
- Medium
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.35
- Severity Score:
- High
- Plugin Slug:
- newspack-newsletters
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.13.3
- Severity Score:
- Medium
- Plugin Slug:
- shariff-sharing
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.6.14
- Severity Score:
- Critical
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.2.7
- Severity Score:
- Critical
- Plugin Slug:
- typing-text
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- Plugin Slug:
- wppizza
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18.14
- Severity Score:
- High
- Plugin Slug:
- responsive-video-embed
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.1
- Severity Score:
- Medium
- Plugin Slug:
- squeeze
- Installations
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.4.1
- Severity Score:
- Critical
- Plugin:
-
Bricks Builder (Premium)
- Plugin Slug:
- bricksbuilder
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- Plugin:
-
Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- Plugin:
-
Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- Plugin:
-
Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- Plugin:
-
Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- Plugin:
-
Cost Calculator Builder Pro
- Plugin Slug:
- cost-calculator-builder-pro
- Vulnerability:
- Content Spoofing
- Patched in Version:
- 3.1.76
- Severity Score:
- Medium
- Plugin:
-
Hercules Core
- Plugin Slug:
- hercules-core
- Vulnerability:
- Settings Change
- Patched in Version:
- 6.7
- Severity Score:
- High
- Plugin:
-
Ibtana
- Plugin Slug:
- ibtana-visual-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3.4
- Severity Score:
- Medium
- Plugin:
-
Ibtana
- Plugin Slug:
- ibtana-visual-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3.4
- Severity Score:
- Medium
- Plugin:
-
Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- Plugin:
-
The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.6.0
- Severity Score:
- High
- Plugin:
-
The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.0
- Severity Score:
- High
- Plugin:
-
Uber Menu
- Plugin Slug:
- ubermenu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- Plugin:
-
Shortcodes by United Themes
- Plugin Slug:
- ut-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.5
- Severity Score:
- High
- Plugin:
-
WP Job Manager – Resume Manager
- Plugin Slug:
- wp-job-manager-resumes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
WordPress Themes — 15 Patched / 3 Unpatched
- Theme Slug:
- sinatra
- Downloads
- 1,639,897
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Grey Opaque
- Theme Slug:
- grey-opaque
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme:
-
Mosaic
- Theme Slug:
- mosaic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme Slug:
- book-landing-page
- Downloads
- 128,701
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- Theme Slug:
- chic-lite
- Downloads
- 216,515
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- Theme Slug:
- customizr
- Downloads
- 4,188,035
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4.22
- Severity Score:
- Medium
- Theme Slug:
- digital-newspaper
- Downloads
- 47,141
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- Theme Slug:
- education-zone
- Downloads
- 444,963
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- Theme Slug:
- excellent
- Downloads
- 116,583
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- Theme Slug:
- hueman
- Downloads
- 3,005,399
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.25
- Severity Score:
- Medium
- Theme Slug:
- interface
- Downloads
- 429,855
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- Theme Slug:
- materialis
- Downloads
- 255,867
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.30
- Severity Score:
- Medium
- Theme Slug:
- vandana-lite
- Downloads
- 117,403
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- Theme Slug:
- vilva
- Downloads
- 441,200
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- Theme:
-
Divi
- Theme Slug:
- divi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.25.2
- Severity Score:
- Medium
- Theme:
-
Enfold
- Theme Slug:
- enfold
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.10
- Severity Score:
- High
- Theme:
-
Flatsome
- Theme Slug:
- flatsome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.0
- Severity Score:
- Medium
- Theme:
-
Flatsome
- Theme Slug:
- flatsome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.0
- Severity Score:
- Medium
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!