• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – June 7, 2023

WordPress Vulnerability Report – June 7, 2023

Written by

Dan Knauss

on

June 7, 2023

Last Updated on June 7, 2023

This week, 101 total vulnerabilities emerged in public disclosure. They may affect over 6 million WordPress sites. Additionally, there are 64 plugin vulnerabilities with no patch available yet, but no new theme vulnerabilities surfaced. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Jetpack

Product image for Jetpack – WP Security, Backup, Speed, & Growth.

Plugin Slug
jetpack

Installations
5,000,000+

Vulnerability
Arbitrary File Overwrite

Patched in Version
12.1.1

Severity Score
Critical

The vulnerability has been patched, so you should update to version 12.1.1.

Formidable Forms

Product image for Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder.

Plugin Slug
formidable

Installations
300,000+

Vulnerability
Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation

Patched in Version
6.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.3.1.

Social Media Share Buttons & Social Sharing Icons

Product image for Social Media Share Buttons & Social Sharing Icons.

Plugin Slug
ultimate-social-media-icons

Installations
200,000+

Vulnerability
Broken Access Control + CSRF

Patched in Version
2.8.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.8.2.

Download Manager

Product image for Download Manager.

Plugin Slug
download-manager

Installations
100,000+

Vulnerability
Broken Access Control

Patched in Version
3.2.71

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.71.

Download Monitor

Product image for Download Monitor.

Plugin Slug
download-monitor

Installations
100,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
4.8.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.8.2.

Brizy Page Builder

Product image for Brizy – Page Builder.

Plugin Slug
brizy

Installations
90,000+

Vulnerability
IP Address Spoofing to Protection Mechanism Bypass

Patched in Version
2.4.19

Severity Score
Low

The vulnerability has been patched, so you should update to version 2.4.19.

Nested Pages

Product image for Nested Pages.

Plugin Slug
wp-nested-pages

Installations
90,000+

Vulnerability
Missing Authorization to Authenticated (Editor+) Plugin Settings Reset

Patched in Version
3.2.4

Severity Score
Low

The vulnerability has been patched, so you should update to version 3.2.4.

Tutor LMS

Product image for Tutor LMS – eLearning and online course solution.

Plugin Slug
tutor

Installations
70,000+

Vulnerability
Unauthenticated SQL Injection

Patched in Version
2.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.0.

Tutor LMS

Product image for Tutor LMS – eLearning and online course solution.

Plugin Slug
tutor

Installations
70,000+

Vulnerability
Multiple Student+ SQL Injection

Patched in Version
2.2.1

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.1.

Tutor LMS

Product image for Tutor LMS – eLearning and online course solution.

Plugin Slug
tutor

Installations
70,000+

Vulnerability
Multiple Tutor Instructor+ SQL Injection

Patched in Version
2.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.0.

VK Blocks

Product image for VK Blocks.

Plugin Slug
vk-blocks

Installations
70,000+

Vulnerability
Auth. Settings Update

Patched in Version
1.57.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.57.1.2.

Uncanny Toolkit for LearnDash

Product image for Uncanny Toolkit for LearnDash.

Plugin Slug
uncanny-learndash-toolkit

Installations
30,000+

Vulnerability
Open Redirection

Patched in Version
3.6.4.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.4.4.

Uncanny Toolkit for LearnDash

Product image for Uncanny Toolkit for LearnDash.

Plugin Slug
uncanny-learndash-toolkit

Installations
30,000+

Vulnerability
Broken Access Control

Patched in Version
3.6.4.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.4.4.

Draw Attention

Product image for Interactive Image Map Plugin – Draw Attention.

Plugin Slug
draw-attention

Installations
20,000+

Vulnerability
Missing Authorization to Arbitrary Post Featured Image Modification

Patched in Version
2.0.12

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.12.

Favorites

Product image for Favorites.

Plugin Slug
favorites

Installations
20,000+

Vulnerability
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Patched in Version
2.3.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.3.

ReviewX

Product image for ReviewX – Multi-criteria Rating & Reviews for WooCommerce.

Plugin Slug
reviewx

Installations
10,000+

Vulnerability
Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

Patched in Version
1.6.14

Severity Score
High

The vulnerability has been patched, so you should update to version 1.6.14.

WP ERP

Product image for WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.

Plugin Slug
erp

Installations
9,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.12.4

Severity Score
High

The vulnerability has been patched, so you should update to version 1.12.4.

bbp style pack

Product image for bbp style pack.

Plugin Slug
bbp-style-pack

Installations
8,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
5.5.6

Severity Score
High

The vulnerability has been patched, so you should update to version 5.5.6.

Drop Shadow Boxes

Product image for Drop Shadow Boxes.

Plugin Slug
drop-shadow-boxes

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.7.11

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.11.

WOLF

Product image for WOLF – WordPress Posts Bulk Editor and Manager Professional.

Plugin Slug
bulk-editor

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.7.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.7.1.

CRM Perks Forms

Product image for CRM Perks Forms – WordPress Form Builder.

Plugin Slug
crm-perks-forms

Installations
2,000+

Vulnerability
Authenticated (Admin+) Stored Cross-Site Scripting

Patched in Version
1.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.2.

Donation Platform for WooCommerce: Fundraising & Donation Management

Product image for Donation Platform for WooCommerce: Fundraising & Donation Management.

Plugin Slug
wc-donation-platform

Installations
2,000+

Vulnerability
Cross-Site Request Forgery to Survey Submission

Patched in Version
1.2.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.10.

WP Inventory Manager

Product image for WP Inventory Manager.

Plugin Slug
wp-inventory-manager

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.1.0.14

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.14.

WP Directory Kit

Product image for WP Directory Kit.

Plugin Slug
wpdirectorykit

Installations
2,000+

Vulnerability
Reflected Cross-Site Scripting via ‘search’

Patched in Version
1.2.4

Severity Score
High

The vulnerability has been patched, so you should update to version 1.2.4.

Advanced Flat rate shipping Woocommerce

Product image for Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping.

Plugin Slug
advanced-free-flat-shipping-woocommerce

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.4.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.4.6.

GDPR Cookie Consent Notice Box

Product image for GDPR Cookie Consent Notice Box.

Plugin Slug
cookie-consent-box

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.1.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.7.

JS Jobs Manager

Product image for JS Job Manager.

Plugin Slug
js-jobs

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.1.

Kanban Boards for WordPress

Product image for Kanban Boards for WordPress.

Plugin Slug
kanban

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.5.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.21.

Telegram Bot & Channel

Product image for Telegram Bot & Channel.

Plugin Slug
telegram-bot

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.3.

Quick/Bulk Order Form for WooCommerce

Product image for Quick/Bulk Order Form for WooCommerce.

Plugin Slug
woocommerce-bulk-order-form

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.6.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.0.

WP User Switch

Product image for WP User Switch.

Plugin Slug
wp-user-switch

Installations
1,000+

Vulnerability
Authentication Bypass via Cookie

Patched in Version
1.0.3

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.3.

Front End Users

Product image for Front End Users.

Plugin Slug
front-end-only-users

Installations
900+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.2.25

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.25.

Call Now Accessibility Button

Product image for Call Now Accessibility Button.

Plugin Slug
accessibility-help-button

Installations
50+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.

B2BKing

Plugin
B2BKing Premium

Plugin Slug
b2bking

Vulnerability
Authenticated Product Price Change

Patched in Version
4.6.20

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.6.20.

Premium Addons PRO

Plugin
Premium Addons PRO

Plugin Slug
premium-addons-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.8.25

Severity Score
High

The vulnerability has been patched, so you should update to version 2.8.25.

WooCommerce Box Office

Plugin
WooCommerce Box Office

Plugin Slug
woocommerce-box-office

Vulnerability
Unauthenticated Save Ticket Barcode

Patched in Version
1.1.52

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.52.

WooCommerce Box Office

Plugin
WooCommerce Box Office

Plugin Slug
woocommerce-box-office

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
1.1.51

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.51.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

VK Blocks

Product image for VK Blocks.

Plugin Slug
vk-blocks

Installations
70,000+

Vulnerability
Auth. Settings Update

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WPC Smart Wishlist for WooCommerce

Product image for WPC Smart Wishlist for WooCommerce.

Plugin Slug
woo-smart-wishlist

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Constant Contact Forms

Product image for Constant Contact Forms.

Plugin Slug
constant-contact-forms

Installations
40,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

TS Webfonts

Product image for TS Webfonts for ???????????.

Plugin Slug
ts-webfonts-for-sakura

Installations
30,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Social Login

Product image for WordPress Social Login.

Plugin Slug
wordpress-social-login

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Social Login

Product image for WordPress Social Login.

Plugin Slug
wordpress-social-login

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

`OSM – OpenStreetMap

Product image for OSM – OpenStreetMap.

Plugin Slug
osm

Installations
20,000+

Vulnerability
Contributor+ Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Yandex Metrica Counter

Product image for Yandex Metrica Counter.

Plugin Slug
counter-yandex-metrica

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

LWS Hide Login

Product image for LWS Hide Login.

Plugin Slug
lws-hide-login

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Unite Gallery Lite

Product image for Unite Gallery Lite.

Plugin Slug
unite-gallery-lite

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Hide Post

Plugin Slug
wp-hide-post

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF) Leading To Post Status Change

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Disable WordPress Update Notifications

Product image for Disable WordPress Update Notifications and auto-update Email Notifications.

Plugin Slug
disable-update-notifications

Installations
8,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Call Now Icon Animate

Product image for Call Now Icon Animate.

Plugin Slug
call-now-icon-animate

Installations
7,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Change WooCommerce Add To Cart Button Text

Plugin Slug
change-woocommerce-add-to-cart-button-text

Installations
3,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Google Fonts For WordPress

Plugin Slug
free-google-fonts

Installations
3,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Ajax Pagination and Infinite Scroll

Product image for Ajax Pagination and Infinite Scroll.

Plugin Slug
malinky-ajax-pagination

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Online Booking & Scheduling Calendar for WordPress by vcita

Product image for Online Booking & Scheduling Calendar for WordPress by vcita.

Plugin Slug
meeting-scheduler-by-vcita

Installations
3,000+

Vulnerability
Unauth. Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Online Booking & Scheduling Calendar for WordPress by vcita

Product image for Online Booking & Scheduling Calendar for WordPress by vcita.

Plugin Slug
meeting-scheduler-by-vcita

Installations
3,000+

Vulnerability
Missing Authorization to Account Logout

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Online Booking & Scheduling Calendar for WordPress by vcita

Product image for Online Booking & Scheduling Calendar for WordPress by vcita.

Plugin Slug
meeting-scheduler-by-vcita

Installations
3,000+

Vulnerability
Missing Authorization on REST-API

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Online Booking & Scheduling Calendar for WordPress by vcita

Product image for Online Booking & Scheduling Calendar for WordPress by vcita.

Plugin Slug
meeting-scheduler-by-vcita

Installations
3,000+

Vulnerability
Missing Authorization to Settings Update and Media Upload

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

BBS e-Popup

Product image for BBS e-Popup.

Plugin Slug
bbs-e-popup

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form Builder by vcita

Product image for Contact Form Builder by vcita.

Plugin Slug
contact-form-with-a-meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form Builder by vcita

Product image for Contact Form Builder by vcita.

Plugin Slug
contact-form-with-a-meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.

Plugin Slug
groundhogg

Installations
2,000+

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.

Plugin Slug
groundhogg

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SpamReferrerBlock

Plugin Slug
spamreferrerblock

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SpamReferrerBlock

Plugin Slug
spamreferrerblock

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Tables

Product image for WordPress Tables.

Plugin Slug
wptables

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

bbPress Toolkit

Plugin Slug
bbp-toolkit

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

bbPress Toolkit

Plugin Slug
bbp-toolkit

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Chilexpress woo oficial

Plugin Slug
chilexpress-oficial

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Dynamic QR Code Generator

Product image for Dynamic QR Code Generator.

Plugin Slug
dynamic-qr-code-generator

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Extended Post Status

Product image for Extended Post Status.

Plugin Slug
extended-post-status

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Floating Action Button

Product image for Floating Action Button.

Plugin Slug
floating-action-button

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Headless CMS

Product image for Headless CMS.

Plugin Slug
headless-cms

Installations
1,000+

Vulnerability
Broken Authentication

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Order address Print

Product image for Woocommerce Order address Print.

Plugin Slug
woocommerce-order-address-print

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress NextGen GalleryView

Plugin Slug
wordpress-nextgen-galleryview

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP-Cache.com

Plugin Slug
wp-cachecom

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP-Cirrus

Plugin Slug
wp-cirrus

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Full Auto Tags Manager

Product image for WP Full Auto Tags Manager.

Plugin Slug
wp-full-auto-tags-manager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Report Post

Plugin Slug
wp-report-post

Installations
1,000+

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP Report Post

Plugin Slug
wp-report-post

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Worthy – VG WORT Integration für WordPress

Plugin Slug
wp-worthy

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form and Calls To Action by vcita

Product image for Contact Form and Calls To Action by vcita.

Plugin Slug
lead-capturing-call-to-actions-by-vcita

Installations
400+

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form and Calls To Action by vcita

Product image for Contact Form and Calls To Action by vcita.

Plugin Slug
lead-capturing-call-to-actions-by-vcita

Installations
400+

Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

CRM and Lead Management by vcita

Product image for CRM and Lead Management by vcita.

Plugin Slug
crm-customer-relationship-management-by-vcita

Installations
200+

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

CRM and Lead Management by vcita

Product image for CRM and Lead Management by vcita.

Plugin Slug
crm-customer-relationship-management-by-vcita

Installations
200+

Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

LH Password Changer

Product image for LH Password Changer.

Plugin Slug
lh-password-changer

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

TPG Redirect

Product image for TPG Redirect.

Plugin Slug
tpg-redirect

Installations
20+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Blog-in-Blog

Plugin
Blog-in-Blog

Plugin Slug
blog-in-blog

Vulnerability
Authenticated (Editor+) Local File Inclusion via Shortcode

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Blog-in-Blog

Plugin
Blog-in-Blog

Plugin Slug
blog-in-blog

Vulnerability
Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Cart2Cart: Magento to WooCommerce Migration

Plugin
Cart2Cart: Magento to WooCommerce Migration

Plugin Slug
cart2cart-magento-to-woocommerce-migration

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Display post meta, term meta, comment meta, and user meta

Plugin
Display post meta, term meta, comment meta, and user meta

Plugin Slug
display-metadata

Vulnerability
Authenticated(Contributor+) Stored Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Feather Login Page

Plugin
Feather Login Page

Plugin Slug
feather-login-page

Vulnerability
Missing Authorization to Authentication Bypass and Privilege Escalation

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Feather Login Page

Plugin
Feather Login Page

Plugin Slug
feather-login-page

Vulnerability
Missing Authorization to Non-Arbitrary User Deletion

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Feather Login Page

Plugin
Feather Login Page

Plugin Slug
feather-login-page

Vulnerability
Cross Site Request Forgery (CSRF) to Privilege Escalation

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Kebo Twitter Feed

Plugin
Kebo Twitter Feed

Plugin Slug
kebo-twitter-feed

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Login Configurator

Plugin
Login Configurator

Plugin Slug
login-configurator

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Page Builder by AZEXO

Plugin
Page Builder with Image Map by AZEXO

Plugin Slug
page-builder-by-azexo

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Page Builder by AZEXO

Plugin
Page Builder with Image Map by AZEXO

Plugin Slug
page-builder-by-azexo

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Page Builder by AZEXO

Plugin
Page Builder with Image Map by AZEXO

Plugin Slug
page-builder-by-azexo

Vulnerability
Missing Authorization to Post Creation

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Page Builder by AZEXO

Plugin
Page Builder with Image Map by AZEXO

Plugin Slug
page-builder-by-azexo

Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Web Directory Free

Plugin
Web Directory Free

Plugin Slug
web-directory-free

Vulnerability
Authenticated (Contributor+) SQL Injection via post_id

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Wordapp

Plugin
Wordapp

Plugin Slug
wordapp

Vulnerability
Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

Patched in Version
No Fix

Severity Score
Critical

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

  • No new WordPress theme vulnerabilities were disclosed this week.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
June 8, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter