WordPress Vulnerability Report — March 6, 2024

In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 73 Patched / 48 Unpatched

2.1
Slivery Extender
2.2
IDonate – blood request management system
2.3
Adsmonetizer
2.4
ArtiBot
2.5
Auto Refresh Single Page
2.6
BeePress
2.7
Blue Triad EZAnalytics
2.8
Change Memory Limit
2.9
Under Construction / Maintenance Mode from Acurax
2.10
Under Construction / Maintenance Mode from Acurax
2.11
Configure SMTP
2.12
Build & Control Block Patterns
2.13
Custom fields shortcode
2.14
Download Media
2.15
Duitku Payment Gateway
2.16
Easy!Appointments
2.17
Ebook Store
2.18
Conversios.io
2.19
FeedWordPress
2.20
Fontific | Google Fonts
2.21
Gestpay for WooCommerce
2.22
Maintenance Mode by helderk
2.23
JM Twitter Cards
2.24
Marketing Optimizer
2.25
Master Slider
2.26
Master Slider
2.27
Media Alt Renamer
2.28
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
2.29
Page Builder Sandwich – Front-End Page Builder
2.30
Page Builder Sandwich – Front-End Page Builder
2.31
Page Restrict
2.32
Password Protected Store for WooCommerce
2.33
PayU India
2.34
postMash – custom post order
2.35
Restaurant Solutions – Checklist
2.36
Rolo Slider
2.37
Simple Tweet
2.38
Ultimate Bootstrap Elements for Elementor
2.39
Ultimate Bootstrap Elements for Elementor
2.40
User Shortcodes Plus
2.41
Vimeography: Vimeo Video Gallery WordPress Plugin
2.42
Watermark RELOADED
2.43
WordPress Access Control
2.44
CodeMirror Blocks
2.45
WP eCommerce
2.46
WP eCommerce
2.47
Page Duplicator
2.48
WP Private Content Plus
2.49
LiteSpeed Cache
2.50
LiteSpeed Cache
2.51
Complianz – GDPR/CCPA Cookie Consent
2.52
Premium Addons for Elementor
2.53
WP Shortcodes Plugin — Shortcodes Ultimate
2.54
SiteOrigin Widgets Bundle
2.55
Happy Addons for Elementor
2.56
Nextend Social Login and Register
2.57
GenerateBlocks
2.58
Page Builder: Pagelayer – Drag and Drop website builder
2.59
Orbit Fox by ThemeIsle
2.60
Orbit Fox by ThemeIsle
2.61
Beaver Builder – WordPress Page Builder
2.62
Download Manager
2.63
Download Manager
2.64
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.65
Events Manager – Calendar, Bookings, Tickets, and more!
2.66
WP Show Posts
2.67
Advanced iFrame
2.68
AI Engine
2.69
Booking for Appointments and Events Calendar – Amelia
2.70
Exclusive Addons for Elementor
2.71
Exclusive Addons for Elementor
2.72
Exclusive Addons for Elementor
2.73
Exclusive Addons for Elementor
2.74
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
2.75
Calculated Fields Form
2.76
Custom Field Suite
2.77
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
2.78
WP Dashboard Notes
2.79
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
2.80
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
2.81
Restrict User Access – Ultimate Membership & Content Protection
2.82
Seraphinite Accelerator
2.83
NextMove Lite – Thank You Page for WooCommerce
2.84
Easy PayPal & Stripe Buy Now Button
2.85
Easy PayPal & Stripe Buy Now Button
2.86
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
2.87
Wp Social Login and Register Social Counter
2.88
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
2.89
Contact Form 7 – PayPal & Stripe Add-on
2.90
Contact Form 7 – PayPal & Stripe Add-on
2.91
Envo’s Elementor Templates & Widgets for WooCommerce
2.92
Envo’s Elementor Templates & Widgets for WooCommerce
2.93
Envo’s Elementor Templates & Widgets for WooCommerce
2.94
LifterLMS – WordPress LMS Plugin for eLearning
2.95
SportsPress – Sports Club & League Manager
2.96
Smart Forms – when you need more than just a contact form
2.97
WPvivid Backup for MainWP
2.98
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
2.99
SoundCloud Shortcode
2.100
SMS Alert Order Notifications – WooCommerce
2.101
Thank You Page Customizer for WooCommerce – Increase Your Sales
2.102
Thank You Page Customizer for WooCommerce – Increase Your Sales
2.103
Coming Soon Page & Maintenance Mode
2.104
Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
2.105
Slider Responsive Slideshow – Image slider, Gallery slideshow
2.106
Spiffy Calendar
2.107
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
2.108
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
2.109
Friends
2.110
Oliver POS – A WooCommerce Point of Sale (POS)
2.111
Page Restriction WordPress (WP) – Protect WP Pages/Post
2.112
Image Optimizer, Resizer and CDN – Sirv
2.113
Image Optimizer, Resizer and CDN – Sirv
2.114
Tainacan
2.115
Comments Extra Fields For Post,Pages and CPT
2.116
Comments Extra Fields For Post,Pages and CPT
2.117
Backup
2.118
Elementor Pro
2.119
JobSearch
2.120
JobSearch
2.121
WP Social Widget

3. WordPress Themes — 4 Patched / 1 Unpatched

3.1
Atahualpa
3.2
Yuki
3.3
Yuki
3.4
Avada
3.5
Avada

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

WordPress Plugins — 73 Patched / 48 Unpatched

Plugin Slug:: slivery-extender
Installations: 2,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: idonate
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Adsmonetizer
Plugin Slug:: adsensei-b30
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ArtiBot
Plugin Slug:: artibot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Auto Refresh Single Page
Plugin Slug:: auto-refresh-single-page
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: BeePress
Plugin Slug:: beepress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Blue Triad EZAnalytics
Plugin Slug:: blue-triad-ezanalytics
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Change Memory Limit
Plugin Slug:: change-memory-limit
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Configure SMTP
Plugin Slug:: configure-smtp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Build & Control Block Patterns
Plugin Slug:: control-block-patterns
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Custom fields shortcode
Plugin Slug:: custom-fields-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Download Media
Plugin Slug:: download-media
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Duitku Payment Gateway
Plugin Slug:: duitku-social-payment-gateway
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy!Appointments
Plugin Slug:: easyappointments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Conversios.io
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: FeedWordPress
Plugin Slug:: feedwordpress
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Fontific | Google Fonts
Plugin Slug:: fontific
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Maintenance Mode by helderk
Plugin Slug:: hkdev-maintenance-mode
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: JM Twitter Cards
Plugin Slug:: jm-twitter-cards
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Marketing Optimizer
Plugin Slug:: marketing-optimizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Master Slider
Plugin Slug:: master-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Master Slider
Plugin Slug:: master-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Media Alt Renamer
Plugin Slug:: media-alt-renamer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
Plugin Slug:: myshopkit-popup-smartbar-slidein
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Page Builder Sandwich – Front-End Page Builder
Plugin Slug:: page-builder-sandwich
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Page Builder Sandwich – Front-End Page Builder
Plugin Slug:: page-builder-sandwich
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Page Restrict
Plugin Slug:: pagerestrict
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Password Protected Store for WooCommerce
Plugin Slug:: password-protected-woo-store
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: PayU India
Plugin Slug:: payu-india
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: postMash – custom post order
Plugin Slug:: postmash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: restaurant-solutions-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Rolo Slider
Plugin Slug:: rolo-slider
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Simple Tweet
Plugin Slug:: simple-tweet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: User Shortcodes Plus
Plugin Slug:: user-shortcodes-plus
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Vimeography: Vimeo Video Gallery WordPress Plugin
Plugin Slug:: vimeography
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Watermark RELOADED
Plugin Slug:: watermark-reloaded
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WordPress Access Control
Plugin Slug:: wordpress-access-control
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CodeMirror Blocks
Plugin Slug:: wp-codemirror-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP eCommerce
Plugin Slug:: wp-e-commerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP eCommerce
Plugin Slug:: wp-e-commerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Page Duplicator
Plugin Slug:: wp-page-duplicator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Private Content Plus
Plugin Slug:: wp-private-content-plus
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.0.1
Severity Score:: High

Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.0.1
Severity Score:: High

Plugin Slug:: complianz-gdpr
Installations: 900,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.0.0
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.22
Severity Score:: Medium

Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.4
Severity Score:: Medium

Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.8
Severity Score:: Medium

Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.2
Severity Score:: Medium

Plugin Slug:: nextend-facebook-connect
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.13
Severity Score:: High

Plugin Slug:: generateblocks
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.3
Severity Score:: Medium

Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium

Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.32
Severity Score:: Medium

Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium

Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.3
Severity Score:: Medium

Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.86
Severity Score:: Medium

Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.85
Severity Score:: Medium

Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.2
Severity Score:: Medium

Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.7
Severity Score:: Medium

Plugin Slug:: wp-show-posts
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.5
Severity Score:: Medium

Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.2
Severity Score:: Medium

Plugin Slug:: ai-engine
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: High

Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.99
Severity Score:: High

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium

Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.7.0
Severity Score:: Medium

Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.57
Severity Score:: High

Plugin Slug:: custom-field-suite
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium

Plugin Slug:: notificationx
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.3
Severity Score:: Critical

Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.11
Severity Score:: Medium

Plugin Slug:: mainwp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.0
Severity Score:: Medium

Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.7
Severity Score:: High

Plugin Slug:: restrict-user-access
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium

Plugin Slug:: seraphinite-accelerator
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.21
Severity Score:: Medium

Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.18.1
Severity Score:: Medium

Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9
Severity Score:: Medium

Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9
Severity Score:: Medium

Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.42
Severity Score:: High

Plugin Slug:: wp-social
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium

Plugin Slug:: aweber-web-form-widget
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.3.15
Severity Score:: High

Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium

Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium

Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: Medium

Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.5
Severity Score:: Medium

Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.5
Severity Score:: Medium

Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.2
Severity Score:: Medium

Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.18
Severity Score:: Medium

Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.87
Severity Score:: Medium

Plugin Slug:: wpvivid-backup-mainwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.33
Severity Score:: High

Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.18.0
Severity Score:: Medium

Plugin Slug:: soundcloud-shortcode
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium

Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.0
Severity Score:: Medium

Plugin Slug:: woo-thank-you-page-customizer
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium

Plugin Slug:: woo-thank-you-page-customizer
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium

Plugin Slug:: responsive-coming-soon
Installations: 4,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.2.2
Severity Score:: Medium

Plugin Slug:: chat-bubble
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: Medium

Plugin Slug:: slider-responsive-slideshow
Installations: 3,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.0
Severity Score:: High

Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.9
Severity Score:: Medium

Plugin Slug:: antihacker
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.52
Severity Score:: Medium

Plugin Slug:: antihacker
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.53
Severity Score:: Medium

Plugin Slug:: friends
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.8.6
Severity Score:: Medium

Plugin Slug:: oliver-pos
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.1.9
Severity Score:: Medium

Plugin Slug:: page-and-post-restriction
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.5
Severity Score:: Medium

Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.1
Severity Score:: Medium

Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.2.1
Severity Score:: Medium

Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 0.20.7
Severity Score:: Medium

Plugin Slug:: wp-comment-fields
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1
Severity Score:: Medium

Plugin Slug:: wp-comment-fields
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1
Severity Score:: Medium

Plugin:: Backup
Plugin Slug:: backup2
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.9.9
Severity Score:: High

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.19.3
Severity Score:: Medium

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.3.4
Severity Score:: Critical

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Broken Authentication
Patched in Version:: 2.3.4
Severity Score:: Critical

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium

WordPress Themes — 4 Patched / 1 Unpatched

Theme Slug:: atahualpa
Downloads: 1,333,690
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Theme Slug:: yuki
Downloads: 133,433
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.14
Severity Score:: Medium

Theme Slug:: yuki
Downloads: 133,433
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.15
Severity Score:: Medium

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.11.6
Severity Score:: Medium

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.11.5
Severity Score:: Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

WordPress Vulnerability Report — March 6, 2024

Table of Contents

WordPress Core

WordPress Plugins — 73 Patched / 48 Unpatched

WordPress Themes — 4 Patched / 1 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

VirusWord by Promaps, Inc.

Table of Contents

WordPress Core

WordPress Plugins — 73 Patched / 48 Unpatched

WordPress Themes — 4 Patched / 1 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more