• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – March 1, 2023

WordPress Vulnerability Report – March 1, 2023

Vulnerable plugins and themes are some of the most common vectors for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since last week’s report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.

Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

WordPress Core News

WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

WordPress 6.2 Beta 4

WordPress 6.2 Beta 4 rolled out today for testing after being postponed for a few days to deal with a regression. As of Beta 4, over 400 Trac issues have been raised and closed this cycle. The current target for the final release date is still March 28, 2023.

So far, the 6.2 release cycle has made more than 292 enhancements and 354 bug fixes just for the editor. A running total of 289 tickets have been closed in Trac for the 6.2 milestone, with more to come.

In the final 6.2 release, expect to see tight integration with Openverse in the editor and media library. The Navigation block has been significantly improved. A new Style Book feature displays all blocks in the current global styles, and there’s new custom CSS support for your full site and individual blocks. For more details on new features in 6.2, see the Beta 1 release news.

With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.

Gutenberg 15.2

The latest release of the Gutenberg plugin, version 15.2, is available now if you’d like to get a preview of bleeding-edge features. Please note the 15.2 release offers new features that will be included in the WordPress 6.3 core release but not 6.2. These features include revisions for the full site template editor so you can roll back changes to site templates.

Other new features of note in Gutenberg 15.2 are CSS aspect-ratio controls for the Featured Image block for posts and support for border color, style, and width in the Button block. There’s new typography support for the Latest Comments block, and the Post Excerpt block will have an excerpt length limit control. You’ll find accessibility improvements to labeling, tab, arrow key navigation, and the hierarchy of headings in the editor interface. See the version notes for the full details about many other enhancements and bug fixes.

  • No new WordPress core vulnerabilities were disclosed this week.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WordPress All in One SEO Pack plugin

Product image for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic.

Plugin Slug
all-in-one-seo-pack

Installations
3,000,000+

Vulnerability
Authenticated (Administrator+) Stored Cross-Site Scripting

Patched in Version
4.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.0.

WordPress All in One SEO Pack plugin

Product image for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic.

Plugin Slug
all-in-one-seo-pack

Installations
3,000,000+

Vulnerability
Authenticated (Contributor+) Stored Cross-Site Scripting

Patched in Version
4.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.0.

WordPress Starter Templates plugin

Product image for Starter Templates — Elementor, WordPress & Beaver Builder Templates.

Plugin Slug
astra-sites

Installations
1,000,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.1.21

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.21.

WordPress ProfilePress plugin

Product image for Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.

Plugin Slug
wp-user-avatar

Installations
300,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Advanced Database Cleaner plugin

Product image for Advanced Database Cleaner.

Plugin Slug
advanced-database-cleaner

Installations
100,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.2.

WordPress Strong Testimonials plugin

Product image for Strong Testimonials.

Plugin Slug
strong-testimonials

Installations
100,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.0.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.3.

WordPress VK All in One Expansion Unit plugin

Product image for VK All in One Expansion Unit.

Plugin Slug
vk-all-in-one-expansion-unit

Installations
100,000+

Vulnerability
Reflected Cross-Site Scripting via REQUEST_URI

Patched in Version
9.87.1.0

Severity Score
High

The vulnerability has been patched, so you should update to version 9.87.1.0.

WordPress Contextual Related Posts plugin

Product image for Contextual Related Posts.

Plugin Slug
contextual-related-posts

Installations
70,000+

Vulnerability
Missing Authorization in crp_ajax_clearcache

Patched in Version
3.3.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.2.

WordPress Media Library Assistant plugin

Product image for Media Library Assistant.

Plugin Slug
media-library-assistant

Installations
70,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
3.06

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.06.

WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin

Product image for wpDataTables – WordPress Tables & Table Charts Plugin.

Plugin Slug
wpdatatables

Installations
70,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.1.50

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.50.

WordPress WP Table Builder – WordPress Table Plugin plugin

Product image for WP Table Builder – WordPress Table Plugin.

Plugin Slug
wp-table-builder

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.4.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.7.

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin

Product image for Drag and Drop Multiple File Upload – Contact Form 7.

Plugin Slug
drag-and-drop-multiple-file-upload-contact-form-7

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.6.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.6.6.

WordPress Feed Them Social – for Twitter feed, Youtube and more plugin

Product image for Feed Them Social – Page, Post, Video, and Photo Galleries.

Plugin Slug
feed-them-social

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.0.

WordPress The Post Grid plugin

Product image for The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid.

Plugin Slug
the-post-grid

Installations
40,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
5.0.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.0.5.

WordPress 10Web Booster

Product image for 10Web Booster – Website speed optimization, Cache & Page Speed optimizer.

Plugin Slug
tenweb-speed-optimizer

Installations
30,000+

Vulnerability
Authorization in Settings Import to Stored Cross-Site Scripting

Patched in Version
2.13.45

Severity Score
High

The vulnerability has been patched, so you should update to version 2.13.45.

WordPress Top 10 plugin

Product image for Top 10  – Popular posts plugin for WordPress.

Plugin Slug
top-10

Installations
30,000+

Vulnerability
Insufficient Authorization

Patched in Version
3.2.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.5.

WordPress Top 10 plugin

Product image for Top 10  – Popular posts plugin for WordPress.

Plugin Slug
top-10

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.2.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.5.

WordPress Minify HTML plugin

Product image for Minify HTML.

Plugin Slug
minify-html-markup

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.1.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.8.

WordPress Redirect Redirection plugin

Product image for Redirection.

Plugin Slug
redirect-redirection

Installations
20,000+

Vulnerability
Multiple Missing Authorization

Patched in Version
1.1.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.4.

WordPress Wholesale Suite plugin

Product image for Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.

Plugin Slug
woocommerce-wholesale-prices

Installations
20,000+

Vulnerability
Settings Change

Patched in Version
2.1.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.5.1.

WordPress WP Meta SEO plugin

Product image for WP Meta SEO.

Plugin Slug
wp-meta-seo

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF) via ‘regenerateSitemaps’

Patched in Version
4.5.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.4.

WordPress WP Meta SEO plugin

Product image for WP Meta SEO.

Plugin Slug
wp-meta-seo

Installations
20,000+

Vulnerability
Authenticated (Subscriber+) SQL Injection

Patched in Version
4.5.3

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.3.

WordPress Maspik – Spam blacklist plugin

Product image for Maspik – Spam blacklist.

Plugin Slug
contact-forms-anti-spam

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
0.7.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.7.9.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.

Plugin Slug
gallery-videos

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
1.7.7

Severity Score
High

The vulnerability has been patched, so you should update to version 1.7.7.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.

Plugin Slug
gallery-videos

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.7.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.7.

WordPress Paytm Payment Gateway plugin

Product image for Paytm Payment Gateway.

Plugin Slug
paytm-payments

Installations
10,000+

Vulnerability
SQL Injection

Patched in Version
2.7.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.7.7.

WordPress UsersWP plugin

Product image for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress.

Plugin Slug
userswp

Installations
10,000+

Vulnerability
CSV Injection

Patched in Version
1.2.3.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.10.

WordPress Japanized For WooCommerce plugin

Product image for Japanized For WooCommerce.

Plugin Slug
woocommerce-for-japan

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.5.

WordPress My YouTube Channel plugin

Product image for My YouTube Channel.

Plugin Slug
youtube-channel

Installations
9,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.23.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.23.4.

WordPress WordPress Tooltips plugin

Product image for WordPress Tooltips.

Plugin Slug
wordpress-tooltips

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
8.2.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.2.7.

WordPress Client Portal plugin

Product image for Client Portal – Private user pages and login.

Plugin Slug
client-portal

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.9.

WordPress Etsy Shop plugin

Product image for Etsy Shop.

Plugin Slug
etsy-shop

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.4.

WordPress WPMobile.App — Android and iOS Mobile Application plugin

Product image for WPMobile.App — Android and iOS Mobile Application.

Plugin Slug
wpappninja

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
11.19

Severity Score
Medium

The vulnerability has been patched, so you should update to version 11.19.

WordPress Dashboard Widgets Suite plugin

Product image for Dashboard Widgets Suite.

Plugin Slug
dashboard-widgets-suite

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.2.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.

Plugin Slug
publish-to-schedule

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.5.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.

Plugin Slug
publish-to-schedule

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.5.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.4.

WordPress Read More Excerpt Link plugin

Product image for Read More Excerpt Link.

Plugin Slug
read-more-excerpt-link

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.6.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.1.

WordPress Auto Affiliate Links plugin

Product image for Auto Affiliate Links.

Plugin Slug
wp-auto-affiliate-links

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.3.0.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.3.0.3.

WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin

Product image for Integration for Contact Form 7 and Zoho CRM, Bigin.

Plugin Slug
cf7-zoho

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

WordPress Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin

Product image for Community by PeepSo – Social Network, Membership, Registration, User Profiles.

Plugin Slug
peepso-core

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.0.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.0.3.0.

WordPress Community by PeepSo plugin

Product image for Community by PeepSo – Social Network, Membership, Registration, User Profiles.

Plugin Slug
peepso-core

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.0.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.0.3.0.

WordPress Sp*tify Play Button for WordPress plugin

Product image for Sp*tify Play Button for WordPress.

Plugin Slug
spotify-play-button-for-wordpress

Installations
4,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.06

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.06.

WordPress Drag and Drop Multiple File Upload for WooCommerce plugin

Product image for Drag and Drop Multiple File Upload for WooCommerce.

Plugin Slug
drag-and-drop-multiple-file-upload-for-woocommerce

Installations
3,000+

Vulnerability
Unauth. Non-arbitrary file upload/deletion

Patched in Version
1.0.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.9.

WordPress We’re Open! plugin

Product image for We’re Open!.

Plugin Slug
opening-hours

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.47

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.47.

WordPress Simple YouTube Responsive plugin

Product image for Simple YouTube Responsive.

Plugin Slug
simple-youtube-responsive

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.

WordPress WP Custom Fields Search plugin

Product image for WP Custom Fields Search.

Plugin Slug
wp-custom-fields-search

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.35

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.35.

WordPress BuddyForms plugin

Product image for Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions.

Plugin Slug
buddyforms

Installations
2,000+

Vulnerability
PHP Object Injection

Patched in Version
2.7.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.8.

WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin

Product image for CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce.

Plugin Slug
css-js-manager

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.4.49.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.49.1.

WordPress KB Support – WordPress Help Desk plugin

Product image for KB Support – WordPress Help Desk.

Plugin Slug
kb-support

Installations
2,000+

Vulnerability
CSV Injection

Patched in Version
1.5.85

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.85.

WordPress Multiple Pages Generator by Themeisle plugin

Product image for Multiple Page Generator Plugin – MPG.

Plugin Slug
multiple-pages-generator-by-porthas

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.3.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.10.

WordPress Simple Slug Translate plugin

Product image for Simple Slug Translate.

Plugin Slug
simple-slug-translate

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.7.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.3.

WordPress WordPress Books Gallery plugin

Product image for WordPress Books Gallery.

Plugin Slug
wp-books-gallery

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.4.9.

WordPress Accordions – Multiple Accordions or FAQs Builder plugin

Product image for Accordion – Multiple Accordion or FAQs Builder.

Plugin Slug
accordions-or-faqs

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.1.

WordPress Clio Grow plugin

Plugin Slug
clio-grow-form

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.1.

WordPress Calendar Event Multi View plugin

Product image for Calendar Event Multi View.

Plugin Slug
cp-multi-view-calendar

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
1.4.15

Severity Score
Low

The vulnerability has been patched, so you should update to version 1.4.15.

WordPress Sheets To WP Table Live Sync plugin

Product image for Sheets To WP Table Live Sync.

Plugin Slug
sheets-to-wp-table-live-sync

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.13.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.13.0.

WordPress Broadcast Live Video plugin

Product image for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP.

Plugin Slug
videowhisper-live-streaming-integration

Installations
1,000+

Vulnerability
Remote Code Execution (RCE)

Patched in Version
5.5.16

Severity Score
Critical

The vulnerability has been patched, so you should update to version 5.5.16.

WordPress WP Dynamic Keywords Injector plugin

Product image for WP Dynamic Keywords Injector.

Plugin Slug
wp-dynamic-keywords-injector

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.3.16

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.16.

WordPress WordPress Stripe Donation plugin

Product image for Accept Stripe Donation – AidWP.

Plugin Slug
wp-stripe-donation

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.6.

WordPress CM Answers plugin

Product image for CM Answers.

Plugin Slug
cm-answers

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.0.

WordPress Coupon Zen plugin

Product image for Coupon Zen.

Plugin Slug
coupon-zen

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.6.

WordPress Houzez Login Register plugin

Plugin
Houzez Login Register

Plugin Slug
houzez-login-register

Vulnerability
Privilege Escalation

Patched in Version
2.6.4

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.6.4.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WordPress All In One Favicon plugin

Product image for All In One Favicon.

Plugin Slug
all-in-one-favicon

Installations
100,000+

Vulnerability
Arbitrary File Deletion

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Apollo13 Framework Extensions plugin

Plugin Slug
apollo13-framework-extensions

Installations
40,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Markup plugin

Product image for Markup (JSON-LD) structured in schema.org.

Plugin Slug
wp-structuring-markup

Installations
30,000+

Vulnerability
Contributor+ Stored XSS via Shortcode

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress TypeSquare Webfonts for ConoHa plugin

Product image for TypeSquare Webfonts for ConoHa.

Plugin Slug
ts-webfonts-for-conoha

Installations
20,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress All-in-one search automatic push management plug-in – support Baidu/Google/Bing/IndexNow/Yandex/ headlines plugin

Product image for All-in-one search automatic push management plug-in - support Baidu/Google/Bing/IndexNow/Yandex/headlines.

Plugin Slug
baidu-submit-link

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Login Logout Menu plugin

Product image for Login Logout Menu.

Plugin Slug
baw-login-logout-menu

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Jobs for WordPress plugin

Product image for Jobs for WordPress.

Plugin Slug
job-postings

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress For the visually impaired plugin

Plugin Slug
for-the-visually-impaired

Installations
8,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Admin Block Country plugin

Plugin Slug
admin-block-country

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Hero Banner Ultimate plugin

Product image for Hero Banner Ultimate.

Plugin Slug
hero-banner-ultimate

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Tweaker plugin

Product image for Theme Tweaker.

Plugin Slug
theme-tweaker-lite

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin

Product image for Booking Ultra Pro Appointments Booking Calendar Plugin.

Plugin Slug
booking-ultra-pro

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Easy Google Analytics for WordPress plugin

Plugin Slug
easy-google-analytics-for-wordpress

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress GMAce plugin

Plugin Slug
gmace

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress GMAce plugin

Plugin Slug
gmace

Installations
1,000+

Vulnerability
Arbitrary File Download

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress JS Job Manager plugin

Product image for JS Job Manager.

Plugin Slug
js-jobs

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress phpinfo() WP plugin

Product image for phpinfo() WP.

Plugin Slug
phpinfo-wp

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Google Tag Manager plugin

Product image for WP Google Tag Manager.

Plugin Slug
wp-google-tag-manager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Bing Site Verification plugin using Meta Tag plugin

Plugin Slug
bing-site-verification-using-meta-tag

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WordPress Custom Settings plugin

Product image for WordPress Custom Settings.

Plugin Slug
custom-settings

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Exquisite PayPal Donation plugin

Product image for Exquisite PayPal Donation.

Plugin Slug
exquisite-paypal-donation

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sitemap Index plugin

Plugin Slug
sitemap-index

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sponsors Carousel plugin

Product image for Sponsors Carousel.

Plugin Slug
sponsors-carousel

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Stock market charts from finviz plugin

Product image for Stock market charts from finviz.

Plugin Slug
stock-market-charts-from-finviz

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP-RecentComments plugin

Plugin Slug
wp-recentcomments

Installations
900+

Vulnerability
Sensitive Data Exposure

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP-RecentComments plugin

Plugin Slug
wp-recentcomments

Installations
900+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Circles Gallery plugin

Product image for Circles Gallery.

Plugin Slug
circles-gallery

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Upload Resume plugin

Product image for Upload Resume.

Plugin Slug
resume-upload-form

Installations
600+

Vulnerability
Sensitive Data Exposure

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Educare – Students & Result Management System plugin

Product image for Educare – Students & Result Management System.

Plugin Slug
educare

Installations
300+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Login Page plugin

Plugin Slug
wp-custom-login-page

Installations
100+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress asMember plugin

Plugin Slug
asmember

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Chat Bee plugin

Plugin Slug
chat-bee

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Simple Portfolio Gallery plugin

Plugin Slug
simple-portfolio-gallery

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Conditional Checkout Fields for WooCommerce plugin

Plugin
Conditional Checkout Fields for WooCommerce

Plugin Slug
conditional-checkout-fields-for-woocommerce

Vulnerability
Broken Authentication

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress CPT – Speakers plugin

Plugin
CPT – Speakers

Plugin Slug
cpt-speakers

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress PayGreen plugin

Plugin
PayGreen

Plugin Slug
paygreen-woocommerce

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Social Login WP plugin

Plugin
Social Login WP

Plugin Slug
social-login-wp

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Zendrop – Global Dropshipping plugin

Plugin
Zendrop – Global Dropshipping

Plugin Slug
zendrop-dropshipping-and-fulfillment

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
Critical

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Zendrop – Global Dropshipping plugin

Plugin
Zendrop – Global Dropshipping

Plugin Slug
zendrop-dropshipping-and-fulfillment

Vulnerability
Arbitrary File Upload

Patched in Version
No Fix

Severity Score
Critical

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

WordPress OceanWP theme

Product image for OceanWP.

Theme Slug
oceanwp

Downloads
5,960,838

Vulnerability
Authenticated Local File Inclusion

Patched in Version
3.4.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.4.2.

WordPress darcie theme

Product image for Darcie.

Theme Slug
darcie

Downloads
14,649

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.1.6

Severity Score
High

The vulnerability has been patched, so you should update to version 1.1.6.

WordPress Houzez theme

Theme
Houzez

Theme Slug
houzez

Vulnerability
Privilege Escalation

Patched in Version
2.7.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.7.2.

WordPress Real Estate 7 theme

Theme
Real Estate 7

Theme Slug
realestate-7

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.3.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.2.
iThemes Team

Source link

Written by:
Abdul Wahid
Published on:
March 5, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter