In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
WordPress Plugins — 73 Patched / 48 Unpatched
- Plugin Slug:
- slivery-extender
- Installations
- 2,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- idonate
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Adsmonetizer
- Plugin Slug:
- adsensei-b30
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
ArtiBot
- Plugin Slug:
- artibot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Auto Refresh Single Page
- Plugin Slug:
- auto-refresh-single-page
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
BeePress
- Plugin Slug:
- beepress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Blue Triad EZAnalytics
- Plugin Slug:
- blue-triad-ezanalytics
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Change Memory Limit
- Plugin Slug:
- change-memory-limit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Under Construction / Maintenance Mode from Acurax
- Plugin Slug:
- coming-soon-maintenance-mode-from-acurax
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Under Construction / Maintenance Mode from Acurax
- Plugin Slug:
- coming-soon-maintenance-mode-from-acurax
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Configure SMTP
- Plugin Slug:
- configure-smtp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Build & Control Block Patterns
- Plugin Slug:
- control-block-patterns
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Custom fields shortcode
- Plugin Slug:
- custom-fields-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Download Media
- Plugin Slug:
- download-media
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Duitku Payment Gateway
- Plugin Slug:
- duitku-social-payment-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Easy!Appointments
- Plugin Slug:
- easyappointments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ebook Store
- Plugin Slug:
- ebook-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Conversios.io
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
FeedWordPress
- Plugin Slug:
- feedwordpress
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Fontific | Google Fonts
- Plugin Slug:
- fontific
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Gestpay for WooCommerce
- Plugin Slug:
- gestpay-for-woocommerce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Maintenance Mode by helderk
- Plugin Slug:
- hkdev-maintenance-mode
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
JM Twitter Cards
- Plugin Slug:
- jm-twitter-cards
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Marketing Optimizer
- Plugin Slug:
- marketing-optimizer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Media Alt Renamer
- Plugin Slug:
- media-alt-renamer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
- Plugin Slug:
- myshopkit-popup-smartbar-slidein
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Page Restrict
- Plugin Slug:
- pagerestrict
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Password Protected Store for WooCommerce
- Plugin Slug:
- password-protected-woo-store
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
PayU India
- Plugin Slug:
- payu-india
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
postMash – custom post order
- Plugin Slug:
- postmash
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin Slug:
- restaurant-solutions-checklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Rolo Slider
- Plugin Slug:
- rolo-slider
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Simple Tweet
- Plugin Slug:
- simple-tweet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
User Shortcodes Plus
- Plugin Slug:
- user-shortcodes-plus
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
Vimeography: Vimeo Video Gallery WordPress Plugin
- Plugin Slug:
- vimeography
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
Watermark RELOADED
- Plugin Slug:
- watermark-reloaded
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- Plugin:
-
WordPress Access Control
- Plugin Slug:
- wordpress-access-control
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
CodeMirror Blocks
- Plugin Slug:
- wp-codemirror-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WP eCommerce
- Plugin Slug:
- wp-e-commerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WP eCommerce
- Plugin Slug:
- wp-e-commerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- Plugin:
-
Page Duplicator
- Plugin Slug:
- wp-page-duplicator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin:
-
WP Private Content Plus
- Plugin Slug:
- wp-private-content-plus
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Plugin Slug:
- litespeed-cache
- Installations
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.0.1
- Severity Score:
- High
- Plugin Slug:
- litespeed-cache
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.0.1
- Severity Score:
- High
- Plugin Slug:
- complianz-gdpr
- Installations
- 900,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.22
- Severity Score:
- Medium
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.4
- Severity Score:
- Medium
- Plugin Slug:
- so-widgets-bundle
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.58.8
- Severity Score:
- Medium
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.2
- Severity Score:
- Medium
- Plugin Slug:
- nextend-facebook-connect
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.13
- Severity Score:
- High
- Plugin Slug:
- generateblocks
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- Plugin Slug:
- pagelayer
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.32
- Severity Score:
- Medium
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.31
- Severity Score:
- Medium
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4.3
- Severity Score:
- Medium
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.86
- Severity Score:
- Medium
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.85
- Severity Score:
- Medium
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.7
- Severity Score:
- Medium
- Plugin Slug:
- wp-show-posts
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- Plugin Slug:
- advanced-iframe
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2024.2
- Severity Score:
- Medium
- Plugin Slug:
- ai-engine
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- High
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.99
- Severity Score:
- High
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- Plugin Slug:
- visualcomposer
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.7.0
- Severity Score:
- Medium
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.57
- Severity Score:
- High
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.5
- Severity Score:
- Medium
- Plugin Slug:
- notificationx
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.3
- Severity Score:
- Critical
- Plugin Slug:
- wp-dashboard-notes
- Installations
- 30,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.0.11
- Severity Score:
- Medium
- Plugin Slug:
- mainwp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.0
- Severity Score:
- Medium
- Plugin Slug:
- rafflepress
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.7
- Severity Score:
- High
- Plugin Slug:
- restrict-user-access
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6
- Severity Score:
- Medium
- Plugin Slug:
- seraphinite-accelerator
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.21
- Severity Score:
- Medium
- Plugin Slug:
- woo-thank-you-page-nextmove-lite
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.18.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-ecommerce-paypal
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- Plugin Slug:
- wp-ecommerce-paypal
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- Plugin Slug:
- wp-event-manager
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.42
- Severity Score:
- High
- Plugin Slug:
- wp-social
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- Plugin Slug:
- aweber-web-form-widget
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.3.15
- Severity Score:
- High
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.5.2
- Severity Score:
- Medium
- Plugin Slug:
- sportspress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.18
- Severity Score:
- Medium
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.87
- Severity Score:
- Medium
- Plugin Slug:
- wpvivid-backup-mainwp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.33
- Severity Score:
- High
- Plugin Slug:
- finale-woocommerce-sales-countdown-timer-discount
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.18.0
- Severity Score:
- Medium
- Plugin Slug:
- soundcloud-shortcode
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.2
- Severity Score:
- Medium
- Plugin Slug:
- sms-alert
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.0
- Severity Score:
- Medium
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- Plugin Slug:
- responsive-coming-soon
- Installations
- 4,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- Plugin Slug:
- chat-bubble
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4
- Severity Score:
- Medium
- Plugin Slug:
- slider-responsive-slideshow
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.0
- Severity Score:
- High
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.9
- Severity Score:
- Medium
- Plugin Slug:
- antihacker
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.52
- Severity Score:
- Medium
- Plugin Slug:
- antihacker
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.53
- Severity Score:
- Medium
- Plugin Slug:
- friends
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.8.6
- Severity Score:
- Medium
- Plugin Slug:
- oliver-pos
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.1.9
- Severity Score:
- Medium
- Plugin Slug:
- page-and-post-restriction
- Installations
- 1,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- Plugin Slug:
- tainacan
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 0.20.7
- Severity Score:
- Medium
- Plugin Slug:
- wp-comment-fields
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1
- Severity Score:
- Medium
- Plugin Slug:
- wp-comment-fields
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1
- Severity Score:
- Medium
- Plugin:
-
Backup
- Plugin Slug:
- backup2
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.9.9
- Severity Score:
- High
- Plugin:
-
Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.19.3
- Severity Score:
- Medium
- Plugin:
-
JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.3.4
- Severity Score:
- Critical
- Plugin:
-
JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.3.4
- Severity Score:
- Critical
- Plugin:
-
WP Social Widget
- Plugin Slug:
- wp-social-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.6
- Severity Score:
- Medium
WordPress Themes — 4 Patched / 1 Unpatched
- Theme Slug:
- atahualpa
- Downloads
- 1,333,690
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- Theme Slug:
- yuki
- Downloads
- 133,433
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.14
- Severity Score:
- Medium
- Theme Slug:
- yuki
- Downloads
- 133,433
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.15
- Severity Score:
- Medium
- Theme:
-
Avada
- Theme Slug:
- avada
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.11.6
- Severity Score:
- Medium
- Theme:
-
Avada
- Theme Slug:
- avada
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.11.5
- Severity Score:
- Critical
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!