• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – March 29, 2023

WordPress Vulnerability Report – March 29, 2023

This week, the total patched and unpatched vulnerabilities may impact well over 8 million WordPress sites. There are 58 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 25 plugin vulnerabilities and 1 theme vulnerability with no patch available yet. If you use any of these unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or a vulnerable plugin or theme has been “closed” (dropped from the WordPress.org repository), you should consider deactivating it in favor of alternative solutions.

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.

Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

WordPress Core News

WordPress 6.1.1 is the current (short-cycle maintenance) release of WordPress core. It is a minor release issued on November 15, 2022. It features 29 bug fixes in Core and 21 bug fixes for the Gutenberg block editor. You can review a summary of the key updates in this release at WordPress.org.

If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.1.1 automatically. You can download WordPress 6.1.1 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.1.1 HelpHub documentation page.

WordPress 6.2 is the next major WordPress release, and it’s on track for a March 29, 2023 debut today after a brief, one-day delay. As of this writing, it has not been released yet. You can learn more about what’s coming in the WordPress 6.2 RC1 release announcement and the WordPress 6.2 Field Guide, as well as our post on the upcoming features for WordPress 6.2.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WordPress LiteSpeed Cache

Product image for LiteSpeed Cache.

Plugin Slug
litespeed-cache

Installations
4,000,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
5.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.3.1.

WordPress IThemes Security

Product image for iThemes Security.

Plugin Slug
better-wp-security

Installations
1,000,000+

Vulnerability
Open Redirection via Host header

Patched in Version
8.1.5

Severity Score
Low

The vulnerability has been patched, so you should update to version 8.1.5.

WordPress Save SVG

Product image for Safe SVG.

Plugin Slug
safe-svg

Installations
800,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.

WordPress WP Statistics

Product image for WP Statistics.

Plugin Slug
wp-statistics

Installations
600,000+

Vulnerability
SQL Injection

Patched in Version
13.2.11

Severity Score
High

The vulnerability has been patched, so you should update to version 13.2.11.

WordPress WooCommerce Payments

Product image for WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo.

Plugin Slug
woocommerce-payments

Installations
500,000+

Vulnerability
Unauthenticated Privilege Escalation

Patched in Version
5.6.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 5.6.2.

WordPress Newsletter plugin

Product image for Newsletter – Send awesome emails from WordPress.

Plugin Slug
newsletter

Installations
300,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
7.6.9

Severity Score
High

The vulnerability has been patched, so you should update to version 7.6.9.

WordPress FileBird

Product image for FileBird – WordPress Media Library Folders & File Manager.

Plugin Slug
filebird

Installations
100,000+

Vulnerability
Broken Access Control

Patched in Version
5.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.1.5.

WordPress GiveWP

Product image for GiveWP – Donation Plugin and Fundraising Platform.

Plugin Slug
give

Installations
100,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.25.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.25.3.

WordPress OoohBoi Steroids for Elementor

Product image for OoohBoi Steroids for Elementor.

Plugin Slug
ooohboi-steroids-for-elementor

Installations
60,000+

Vulnerability
Subscriber+ Attachment Deletion

Patched in Version
2.1.5

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.5.

WordPress Simple Author Box

Product image for Simple Author Box.

Plugin Slug
simple-author-box

Installations
60,000+

Vulnerability
Cross-Site Request Forgery via save_user_profile

Patched in Version
2.51

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.51.

WordPress Advanced Shipment Tracking for WooCommerce

Product image for Advanced Shipment Tracking for WooCommerce.

Plugin Slug
woo-advanced-shipment-tracking

Installations
60,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.5.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.5.3.

WordPress Maps Widget for Google Maps

Product image for Maps Widget for Google Maps.

Plugin Slug
google-maps-widget

Installations
50,000+

Vulnerability
Cross-Site Request Forgery via dismiss_notice

Patched in Version
4.24

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.24.

WordPress Popup Anything

Product image for Popup Anything – A Marketing Popup and Lead Generation Conversions.

Plugin Slug
popup-anything-on-click

Installations
50,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.2.

WordPress Visibility Logic for Elementor

Product image for Visibility Logic for Elementor.

Plugin Slug
visibility-logic-elementor

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.4.

WordPress Gallery by BestWebSoft

Product image for Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress.

Plugin Slug
gallery-plugin

Installations
20,000+

Vulnerability
Authenticated (Administrator+) Stored Cross Site Scripting (XSS)

Patched in Version
4.7.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.7.0.

WordPress HT Contact Form 7

Product image for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks.

Plugin Slug
ht-contactform

Installations
10,000+

Vulnerability
Arbitrary Plugin Activation via CSRF

Patched in Version
1.1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.6.

WordPress Advanced Page Visit Counter

Product image for Advanced Page Visit Counter – Advanced WordPress Visit Counter.

Plugin Slug
advanced-page-visit-counter

Installations
10,000+

Vulnerability
SQL Injection

Patched in Version
6.4.2.1

Severity Score
High

The vulnerability has been patched, so you should update to version 6.4.2.1.

WordPress NEX-Forms

Product image for NEX-Forms – Ultimate Form Builder – Contact forms and much more.

Plugin Slug
nex-forms-express-wp-form-builder

Installations
10,000+

Vulnerability
Contributor+ Stored XSS

Patched in Version
8.3.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.3.3.

WordPress TH Advance Product Search

Product image for Advance WordPress Search Plugin.

Plugin Slug
th-advance-product-search

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
1.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.5.

WordPress WP Dark Mode

Product image for WP Dark Mode – Best Dark Mode & Social Sharing Plugin for WordPress.

Plugin Slug
wp-dark-mode

Installations
10,000+

Vulnerability
Subscriber+ Local File Inclusion

Patched in Version
4.0.8

Severity Score
High

The vulnerability has been patched, so you should update to version 4.0.8.

WordPress TH Side Cart and Menu Cart for Woocommerce

Product image for Floating Cart and Menu Cart for Woocommerce.

Plugin Slug
th-all-in-one-woo-cart

Installations
9,000+

Vulnerability
Broken Access Control

Patched in Version
1.1.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.2.

WordPress Pagination by BestWebSoft

Product image for Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin.

Plugin Slug
pagination

Installations
7,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

WordPress TH Variation Swatches

Product image for Variation Swatches for WooCommerce.

Plugin Slug
th-variation-swatches

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.8.

WordPress Advanced Local Pickup for WooCommerce

Product image for Advanced Local Pickup for WooCommerce.

Plugin Slug
advanced-local-pickup-for-woocommerce

Installations
4,000+

Vulnerability
Other Vulnerability Type

Patched in Version
1.5.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.3.

WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales

Product image for Thank You Page Customizer for WooCommerce – Increase Your Sales.

Plugin Slug
woo-thank-you-page-customizer

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.14

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.14.

WordPress GS Pins for Pinterest

Product image for WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout.

Plugin Slug
gs-pinterest-portfolio

Installations
3,000+

Vulnerability
Stored (Contributor+) Cross-Site Scripting via Shortcode

Patched in Version
1.6.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.2.

WordPress Quick Paypal Payments

Plugin Slug
quick-paypal-payments

Installations
3,000+

Vulnerability
Authenticated (Administrator+) Stored Cross-Site Scripting

Patched in Version
5.7.26.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.7.26.4.

WordPress ARMember

Product image for ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.

Plugin Slug
armember-membership

Installations
2,000+

Vulnerability
SQL Injection

Patched in Version
4.0

Severity Score
High

The vulnerability has been patched, so you should update to version 4.0.

WordPress Continuous Image Carousel With Lightbox

Product image for Continuous Image Carousel With Lightbox.

Plugin Slug
continuous-image-carousel-with-lightbox

Installations
2,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
1.0.16

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.16.

WordPress Continuous Image Carousel With Lightbox

Product image for Continuous Image Carousel With Lightbox.

Plugin Slug
continuous-image-carousel-with-lightbox

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.0.16

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.16.

WordPress Albo Pretorio On line

Product image for Albo Pretorio On line.

Plugin Slug
albo-pretorio-on-line

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.6.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.6.1.

WordPress CBX Currency Converter

Product image for CBX Currency Converter.

Plugin Slug
cbcurrencyconverter

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.4.

WordPress Contact Forms by Cimatti

Product image for WordPress Contact Forms by Cimatti.

Plugin Slug
contact-forms

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
1.5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.5.

WordPress Contact Forms by Cimatti

Product image for WordPress Contact Forms by Cimatti.

Plugin Slug
contact-forms

Installations
1,000+

Vulnerability
Unauth. Stored Cross Site Scripting (XSS)

Patched in Version
1.5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.5.

WordPress Contest Gallery

Product image for Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.

Plugin Slug
contest-gallery

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
21.1.2.1

Severity Score
High

The vulnerability has been patched, so you should update to version 21.1.2.1.

WordPress Stock Sync for WooCommerce

Product image for Stock Sync for WooCommerce.

Plugin Slug
stock-sync-for-woocommerce

Installations
1,000+

Vulnerability
Broken Access Control + CSRF

Patched in Version
2.4.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.0.

WordPress HT Politic

Product image for HT Politic – For Political WordPress Themes / Website.

Plugin Slug
wp-politic

Installations
600+

Vulnerability
Arbitrary Plugin Activation via CSRF

Patched in Version
2.3.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.8.

WordPress Free WooCommerce Theme 99fy Extension

Product image for Free WooCommerce Theme 99fy Extension.

Plugin Slug
99fy-core

Installations
500+

Vulnerability
Arbitrary Plugin Activation via CSRF

Patched in Version
1.2.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.8.

WordPress WP Film Studio

Product image for WP Film Studio – WordPress Movie Maker/Production Plugin.

Plugin Slug
wp-film-studio

Installations
500+

Vulnerability
Arbitrary Plugin Activation via CSRF

Patched in Version
1.3.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.5.

WordPress WP News

Product image for WP News – WordPress News / Magazine Plugin.

Plugin Slug
wp-news-magazine

Installations
500+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.0.

WordPress QuickSwish

Product image for QuickSwish – WooCommerce Product Quick View.

Plugin Slug
quickswish

Installations
200+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.0.

WordPress WP Education

Product image for WP Education – Education WordPress Plugin for Elementor.

Plugin Slug
wp-education

Installations
200+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.7.

WordPress HT Event

Product image for HT Event – WordPress Event Manager Plugin for Elementor.

Plugin Slug
ht-event

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.4.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.6.

WordPress WP Insurance

Product image for WP Insurance – WordPress Insurance Service Plugin.

Plugin Slug
wp-insurance

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.1.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.4.

WordPress Complianz – GDPR/CCPA Cookie Consent

Plugin
Complianz Premium

Plugin Slug
complianz-gdpr-premium

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
6.4.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.4.2.

WordPress directory-pro

Plugin
directory-pro

Plugin Slug
directory-pro

Vulnerability
Privilege Escalation

Patched in Version
1.9.5

Severity Score
High

The vulnerability has been patched, so you should update to version 1.9.5.

WordPress doctor-listing

Plugin
doctor-listing

Plugin Slug
doctor-listing

Vulnerability
Privilege Escalation

Patched in Version
1.3.6

Severity Score
High

The vulnerability has been patched, so you should update to version 1.3.6.

WordPress Elementor Pro

Plugin
Elementor Pro

Plugin Slug
elementor-pro

Vulnerability
Broken Access Control

Patched in Version
3.11.7

Severity Score
High

The vulnerability has been patched, so you should update to version 3.11.7.

WordPress final-user-wp-frontend-user-profiles

Plugin
final-user-wp-frontend-user-profiles

Plugin Slug
final-user-wp-frontend-user-profiles

Vulnerability
Privilege Escalation

Patched in Version
1.2.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.2.2.

WordPress fitness-trainer

Plugin
fitness-trainer

Plugin Slug
fitness-trainer

Vulnerability
Privilege Escalation

Patched in Version
1.4.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.4.1.

WordPress hotel-listing

Plugin
Hotel Listing

Plugin Slug
hotel-listing

Vulnerability
Privilege Escalation

Patched in Version
1.3.7

Severity Score
High

The vulnerability has been patched, so you should update to version 1.3.7.

WordPress institutions-directory

Plugin
institutions-directory

Plugin Slug
institutions-directory

Vulnerability
Privilege Escalation

Patched in Version
1.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.3.1.

WordPress lawyer-directory

Plugin
lawyer-directory

Plugin Slug
lawyer-directory

Vulnerability
Privilege Escalation

Patched in Version
1.2.9

Severity Score
High

The vulnerability has been patched, so you should update to version 1.2.9.

WordPress OAuth Single Sign On – SSO (OAuth Client) Premium plugin

Plugin
OAuth Single Sign On – SSO (OAuth Client) Premium

Plugin Slug
miniorange-oauth-oidc-single-sign-on

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
48.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 48.4.9.

WordPress Slider, Gallery, and Carousel by MetaSlider

Plugin
Meta Slider

Plugin Slug
ml-slider1

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.29.1

Severity Score
High

The vulnerability has been patched, so you should update to version 3.29.1.

WordPress photographer-directory

Plugin
photographer-directory

Plugin Slug
photographer-directory

Vulnerability
Privilege Escalation

Patched in Version
1.0.9

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.9.

WordPress real-estate-pro

Plugin
real-estate-pro

Plugin Slug
real-estate-pro

Vulnerability
Privilege Escalation

Patched in Version
1.7.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.7.1.

WordPress WC Fields Factory

Plugin
WC Fields Factory

Plugin Slug
wc-fields-factory

Vulnerability
SQL Injection

Patched in Version
4.1.6

Severity Score
High

The vulnerability has been patched, so you should update to version 4.1.6.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WordPress Product Feed PRO for WooCommerce

Product image for Product Feed PRO for WooCommerce.

Plugin Slug
woo-product-feed-pro

Installations
100,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress If Menu – Visibility control for Menus

Product image for If Menu – Visibility control for Menus.

Plugin Slug
if-menu

Installations
80,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Increase Maximum Upload File Size | Increase Execution Time

Product image for Increase Maximum Upload File Size | Increase Execution Time.

Plugin Slug
wp-maximum-upload-file-size

Installations
40,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Shamsi

Product image for WP Shamsi – ?????? ????? ???? ? ????? ??? ??????.

Plugin Slug
wp-shamsi

Installations
40,000+

Vulnerability
Subscriber+ Attachment Deletion

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Fuse Social Floating Sidebar

Product image for Fuse Social Floating Sidebar.

Plugin Slug
fuse-social-floating-sidebar

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress eRoom plugin

Product image for eRoom – Zoom Meetings & Webinars.

Plugin Slug
eroom-zoom-meetings-webinar

Installations
10,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Product Carousel Slider & Grid Ultimate for WooCommerce

Product image for Product Carousel Slider & Grid Ultimate for WooCommerce.

Plugin Slug
woo-product-carousel-slider-and-grid-ultimate

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress I Recommend This

Product image for I Recommend This.

Plugin Slug
i-recommend-this

Installations
9,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Worth The Read

Product image for Worth The Read.

Plugin Slug
worth-the-read

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Content Pilot – Autoblogging & Affiliate Marketing Plugin

Product image for WP Content Pilot – Autoblogging & Affiliate Marketing Plugin.

Plugin Slug
wp-content-pilot

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Owl Carousel

Product image for Owl Carousel.

Plugin Slug
owl-carousel

Installations
4,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Easy Media Replace

Product image for Easy Media Replace.

Plugin Slug
easy-media-replace

Installations
3,000+

Vulnerability
Arbitrary File Deletion

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Full Width Banner Slider Wp

Product image for Full Width Banner Slider Wp.

Plugin Slug
full-width-responsive-slider-wp

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress GS Pins for Pinterest

Product image for WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout.

Plugin Slug
gs-pinterest-portfolio

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress amr users

Product image for amr users.

Plugin Slug
amr-users

Installations
2,000+

Vulnerability
CSV Injection

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Wbcom Designs – BuddyPress Activity Social Share

Product image for Wbcom Designs – BuddyPress Activity Social Share.

Plugin Slug
bp-activity-social-share

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress LionScripts: IP Blocker Lite

Product image for LionScripts: IP Blocker Lite.

Plugin Slug
ip-address-blocker

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WooCommerce JazzCash Gateway Plugin

Plugin Slug
jazzcash-woocommerce-gateway

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Review Stream

Plugin Slug
review-stream

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Onepage Builder – Easiest Landing Page Builder For WordPress

Product image for Onepage Builder – Easiest Landing Page Builder For WordPress.

Plugin Slug
tx-onepager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Schedulicity

Product image for Schedulicity – Easy Online Scheduling.

Plugin Slug
schedulicity-online-appointment-booking

Installations
500+

Vulnerability
Contributor+ Stored XSS

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Image Carousel

Product image for WP Image Carousel.

Plugin Slug
wp-image-carousel

Installations
500+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Woocommerce Custom Checkout Fields Editor With Drag & Drop

Product image for Woocommerce Custom Checkout Fields Editor With Drag & Drop.

Plugin Slug
woo-custom-checkout-fields

Installations
400+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Export Users Data Distinct

Product image for Export Users Data Distinct.

Plugin Slug
export-users-data-distinct

Installations
10+

Vulnerability
CSV Injection

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Product Specifications for WooCommerce

Plugin
Product Specifications for Woocommerce

Plugin Slug
product-specifications

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

WordPress Resoto

Product image for Resoto.

Theme Slug
resoto

Downloads
18,877

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.
iThemes Team

Source link

Written by:
Abdul Wahid
Published on:
April 2, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter