• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – March 8, 2023

WordPress Vulnerability Report – March 8, 2023

Vulnerable plugins and themes are some of the most common vectors for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging vulnerabilities and help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper analysis of trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

Please note the Metform Elementor Contact Form Builder plugin has an important update that patches two recently disclosed vulnerabilities. One is a high-risk XSS vulnerability. Update Metform to version 3.2.3 as soon as possible.

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.

Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

WordPress Core News

WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

WordPress 6.2 Beta 5

The first release candidate (RC1) for the WordPress 6.2 development cycle has been postponed two days, to Thursday, March 9, and an additional fifth Beta release came out on Tuesday, March 7. Additional time and testing were needed to deal with a regression that came to light last week. The project is still on track for the final release of WordPress 6.2 on March 28. You can get a preview of what’s coming in 6.2 thanks to Anne McCarthy and Rich Tabor, who hosted a live demo. Anne has also written a detailed overview.

  • No new WordPress core vulnerabilities were disclosed this week.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WordPress Yoast SEO plugin

Product image for Yoast SEO.

Plugin Slug
wordpress-seo

Installations
5,000,000+

Vulnerability
Authenticated (Contributor+) DOM-Based Cross-Site Scripting

Patched in Version
20.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 20.2.1.

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin

Product image for Cookie Notice & Compliance for GDPR / CCPA.

Plugin Slug
cookie-notice

Installations
1,000,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.4.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.7.

WordPress WPCode plugin

Product image for WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager.

Plugin Slug
insert-headers-and-footers

Installations
1,000,000+

Vulnerability
Contributor+ WPCode Library Auth Key Update/Deletion

Patched in Version
2.0.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.7.

WordPress Popup Builder by OptinMonster plugin

Product image for Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation.

Plugin Slug
optinmonster

Installations
1,000,000+

Vulnerability
Subscriber+ Arbitrary Post Content Disclosure

Patched in Version
2.12.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.12.2.

WordPress Smart Slider 3 plugin

Product image for Smart Slider 3.

Plugin Slug
smart-slider-3

Installations
900,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.5.1.14

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.5.1.14.

WordPress Shortcodes Ultimate plugin

Product image for WordPress Shortcodes Plugin — Shortcodes Ultimate.

Plugin Slug
shortcodes-ultimate

Installations
700,000+

Vulnerability
Subscriber+ User Meta Disclosure

Patched in Version
5.12.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.12.8.

WordPress Metform Elementor Contact Form Builder plugin

Product image for Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress.

Plugin Slug
metform

Installations
200,000+

Vulnerability
reCaptcha Protection Bypass Vulnerability

Patched in Version
3.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.2.

WordPress FluentSMTP plugin

Product image for FluentSMTP – WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Plugin.

Plugin Slug
fluent-smtp

Installations
100,000+

Vulnerability
Stored XSS via Email Logs

Patched in Version
2.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.3.

WordPress Paid Memberships Pro plugin

Product image for Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions.

Plugin Slug
paid-memberships-pro

Installations
100,000+

Vulnerability
SQL Injection

Patched in Version
2.9.12

Severity Score
High

The vulnerability has been patched, so you should update to version 2.9.12.

WordPress VK All in One Expansion Unit plugin

Product image for VK All in One Expansion Unit.

Plugin Slug
vk-all-in-one-expansion-unit

Installations
100,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
9.86.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 9.86.0.0.

WordPress Slimstat Analytics plugin

Product image for Slimstat Analytics.

Plugin Slug
wp-slimstat

Installations
100,000+

Vulnerability
SQL Injection

Patched in Version
4.9.3.3

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.3.3.

WordPress Auto Featured Image plugin

Product image for Auto Featured Image (Auto Post Thumbnail).

Plugin Slug
auto-post-thumbnail

Installations
80,000+

Vulnerability
Author+ Arbitrary File Upload

Patched in Version
3.9.16

Severity Score
Critical

The vulnerability has been patched, so you should update to version 3.9.16.

WordPress Calculated Fields Form plugin

Product image for Calculated Fields Form.

Plugin Slug
calculated-fields-form

Installations
60,000+

Vulnerability
Missing Authorization Leading To Feedback Submission

Patched in Version
1.1.121

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.121.

WordPress Dokan plugin

Product image for Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.

Plugin Slug
dokan-lite

Installations
60,000+

Vulnerability
SQL Injection

Patched in Version
3.7.13

Severity Score
High

The vulnerability has been patched, so you should update to version 3.7.13.

WordPress Quiz And Survey Master plugin

Product image for Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress.

Plugin Slug
quiz-master-next

Installations
40,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
8.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 8.1.0.

WordPress Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation plugin

Product image for Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation.

Plugin Slug
zero-bs-crm

Installations
40,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
5.5.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.5.0.

WordPress GN Publisher plugin

Product image for GN Publisher: Google News Compatible RSS Feeds.

Plugin Slug
gn-publisher

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.5.6

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.6.

WordPress Rife Elementor Extensions & Templates plugin

Product image for Rife Elementor Extensions & Templates.

Plugin Slug
rife-elementor-extensions

Installations
30,000+

Vulnerability
Broken Access Control

Patched in Version
1.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.0.

WordPress When Last Login plugin

Product image for When Last Login.

Plugin Slug
when-last-login

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.2.

WordPress WP Meteor Page Speed Optimization Topping plugin

Product image for WP Meteor Page Speed Optimization Topping.

Plugin Slug
wp-meteor

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.5.

WordPress Gallery Blocks with Lightbox plugin

Product image for Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery.

Plugin Slug
simply-gallery-block

Installations
20,000+

Vulnerability
Missing Authorization in pgc_sgb_add_dashboard_widget

Patched in Version
3.0.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.8.

WordPress Wholesale Suite plugin

Product image for Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.

Plugin Slug
woocommerce-wholesale-prices

Installations
20,000+

Vulnerability
Settings Change

Patched in Version
2.1.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.5.1.

WordPress Yasr – Yet Another Stars Rating plugin

Product image for Yasr – Yet Another Stars Rating.

Plugin Slug
yet-another-stars-rating

Installations
20,000+

Vulnerability
XSS & Arbitrary Shortcode Execution

Patched in Version
3.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.1.3.

WordPress Admin CSS MU plugin

Product image for Admin CSS MU.

Plugin Slug
admin-css-mu

Installations
10,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
2.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.7.

WordPress Maspik – Spam blacklist plugin

Product image for Maspik – Spam blacklist.

Plugin Slug
contact-forms-anti-spam

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
0.7.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.7.9.

WordPress GTmetrix for WordPress plugin

Product image for GTmetrix for WordPress.

Plugin Slug
gtmetrix-for-wordpress

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
0.4.6

Severity Score
Low

The vulnerability has been patched, so you should update to version 0.4.6.

WordPress HT Slider For Elementor plugin

Product image for HT Slider For Elementor.

Plugin Slug
ht-slider-for-elementor

Installations
10,000+

Vulnerability
Arbitrary Plugin Activation via CSRF

Patched in Version
1.4.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.0.

WordPress 10WebMapBuilder plugin

Product image for 10Web Map Builder for Google Maps.

Plugin Slug
wd-google-maps

Installations
10,000+

Vulnerability
SQL Injection

Patched in Version
1.0.73

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.73.

WordPress WP SMS plugin

Product image for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.

Plugin Slug
wp-sms

Installations
9,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
6.0.4.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.0.4.1.

WordPress WP SMS plugin

Product image for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.

Plugin Slug
wp-sms

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
5.4.13

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.13.

WordPress YITH WooCommerce Product Slider Carousel plugin

Product image for YITH WooCommerce Product Slider Carousel.

Plugin Slug
yith-woocommerce-product-slider-carousel

Installations
9,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.16.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.16.1.

WordPress JCH Optimize plugin

Product image for JCH Optimize.

Plugin Slug
jch-optimize

Installations
8,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.3.

WordPress LWS Tools plugin

Product image for LWS Tools.

Plugin Slug
lws-tools

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.4.

WordPress ProfileGrid plugin

Product image for ProfileGrid – User Profiles, Memberships, Groups and Communities.

Plugin Slug
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability
Subscriber+ Arbitrary Password Reset

Patched in Version
5.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 5.3.1.

WordPress Add Expires Headers & Optimized Minify plugin

Product image for Add Expires Headers & Optimized Minify.

Plugin Slug
add-expires-headers

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.7.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.1.

WordPress Button Generator plugin

Product image for Button Generator – easily Button Builder.

Plugin Slug
button-generation

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.4.

WordPress WpStream plugin

Product image for WpStream – Live Streaming, Video on Demand, Pay Per View.

Plugin Slug
wpstream

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.4.10.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.4.10.6.

WordPress Dashboard Widgets Suite plugin

Product image for Dashboard Widgets Suite.

Plugin Slug
dashboard-widgets-suite

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.2.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.

Plugin Slug
publish-to-schedule

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.5.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Simple File List plugin

Plugin Slug
simple-file-list

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
6.0.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.0.10.

WordPress Watu Quiz plugin

Product image for Watu Quiz.

Plugin Slug
watu

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.3.9.1

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.9.1.

WordPress WP OAuth Server plugin

Product image for WP OAuth Server (OAuth Authentication).

Plugin Slug
oauth2-provider

Installations
4,000+

Vulnerability
Subscriber+ Arbitrary Client Deletion

Patched in Version
4.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.3.0.

WordPress Pie Register plugin

Product image for Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction.

Plugin Slug
pie-register

Installations
4,000+

Vulnerability
Arbitrary Content Deletion

Patched in Version
3.8.1.3

Severity Score
High

The vulnerability has been patched, so you should update to version 3.8.1.3.

WordPress Pie Register plugin

Product image for Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction.

Plugin Slug
pie-register

Installations
4,000+

Vulnerability
Open Redirection

Patched in Version
3.8.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.2.3.

WordPress We’re Open! plugin

Product image for We’re Open!.

Plugin Slug
opening-hours

Installations
3,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.47

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.47.

WordPress Search in Place plugin

Product image for Search in Place.

Plugin Slug
search-in-place

Installations
3,000+

Vulnerability
Missing Authorization Leading To Feedback Submission

Patched in Version
1.0.105

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.105.

WordPress WP Plugin Manager plugin

Product image for WP Plugin Manager – Deactivate plugins per page.

Plugin Slug
wp-plugin-manager

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.8.

WordPress DeepL API translation

Plugin Slug
wpdeepl

Installations
3,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.5.

WordPress Cart Lift

Product image for Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD.

Plugin Slug
cart-lift

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.1.6

Severity Score
High

The vulnerability has been patched, so you should update to version 3.1.6.

WordPress CP Contact Form with PayPal

Product image for CP Contact Form with PayPal.

Plugin Slug
cp-contact-form-with-paypal

Installations
2,000+

Vulnerability
Missing Authorization Leading To Feedback Submission

Patched in Version
1.3.35

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.35.

WordPress Simple Slug Translate plugin

Product image for Simple Slug Translate.

Plugin Slug
simple-slug-translate

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.7.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.3.

WordPress DecaLog plugin

Plugin Slug
decalog

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.7.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.7.1.

WordPress Easy Testimonial Slider and Form

Product image for Easy Testimonial Slider and Form.

Plugin Slug
easy-testimonial-rotator

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.16

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.16.

WordPress Event Espresso 4 Decaf plugin

Product image for Event Espresso 4 Decaf – Event Registration Event Ticketing.

Plugin Slug
event-espresso-decaf

Installations
1,000+

Vulnerability
Bypass Vulnerability

Patched in Version
4.10.45.decaf

Severity Score
Low

The vulnerability has been patched, so you should update to version 4.10.45.decaf.

WordPress Sheets To WP Table Live Sync

Product image for Sheets To WP Table Live Sync.

Plugin Slug
sheets-to-wp-table-live-sync

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.13.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.13.0.

WordPress Total Poll Lite

Product image for Total Poll Lite.

Plugin Slug
totalpoll-lite

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
4.8.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.8.7.

WordPress WP Time Slots Booking Form

Product image for WP Time Slots Booking Form.

Plugin Slug
wp-time-slots-booking-form

Installations
1,000+

Vulnerability
Missing Authorization Leading To Feedback Submission

Patched in Version
1.1.77

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.77.

WordPress Donation Block For PayPal

Product image for Donation Block For PayPal.

Plugin Slug
donations-block

Installations
700+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.0.

WordPress Namaste! LMS plugin

Product image for Namaste! LMS.

Plugin Slug
namaste-lms

Installations
700+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.6.

WordPress Namaste! LMS plugin

Product image for Namaste! LMS.

Plugin Slug
namaste-lms

Installations
700+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.5.9.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.9.4.

WordPress real.Kit plugin

Plugin Slug
real-kit

Installations
600+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
5.1.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.1.1.

WordPress Custom Login Admin Front-end CSS

Product image for Custom Login Admin Front-end CSS.

Plugin Slug
custom-login-admin-front-end-css-with-multisite-support

Installations
500+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
1.5

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.

WordPress HT Portfolio plugin

Product image for HT Portfolio – WordPress Portfolio Plugin for Elementor.

Plugin Slug
ht-portfolio

Installations
300+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.6.

WordPress WooCommerce Checkout Field Manager plugin

Product image for WooCommerce Checkout Field Manager.

Plugin Slug
n-media-woocommerce-checkout-fields

Installations
200+

Vulnerability
Arbitrary File Upload

Patched in Version
18.0

Severity Score
Critical

The vulnerability has been patched, so you should update to version 18.0.

WordPress GS Insever Portfolio plugin

Product image for GS Insever Portfolio.

Plugin Slug
gs-instagram-portfolio

Installations
100+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.4.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.5.

WordPress WC Sales Notification plugin

Product image for WC Sales Notification.

Plugin Slug
wc-sales-notification

Installations
100+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

WordPress Debug Assistant plugin

Plugin Slug
debug-assistant

Installations
80+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.5

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.

WordPress Debug Assistant plugin

Plugin Slug
debug-assistant

Installations
80+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.5.

WordPress Preview Link Generator plugin

Product image for Preview Link Generator.

Plugin Slug
preview-link-generator

Installations
10+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.4.

WordPress Replyable plugin

Plugin
Postmatic

Plugin Slug
postmatic

Vulnerability
PHP Object Injection

Patched in Version
2.2.10

Severity Score
High

The vulnerability has been patched, so you should update to version 2.2.10.

WordPress Toolset Types plugin

Plugin
Types

Plugin Slug
types

Vulnerability
Arbitrary File Upload

Patched in Version
3.4.18

Severity Score
High

The vulnerability has been patched, so you should update to version 3.4.18.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WordPress Instant Images

Product image for Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels.

Plugin Slug
instant-images

Installations
100,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Rus-To-Lat plugin

Plugin Slug
rustolat

Installations
90,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Social Bookmarking Light plugin

Plugin Slug
wp-social-bookmarking-light

Installations
60,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress clickfunnels plugin

Product image for ClickFunnels.

Plugin Slug
clickfunnels

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Translitera plugin

Plugin Slug
wp-translitera

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP TFeed plugin

Product image for WP TFeed.

Plugin Slug
accesspress-twitter-feed

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Content Shortcode plugin

Product image for Custom Content Shortcode.

Plugin Slug
custom-content-shortcode

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Content Shortcode plugin

Product image for Custom Content Shortcode.

Plugin Slug
custom-content-shortcode

Installations
10,000+

Vulnerability
Local File Inclusion

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress menu shortcode plugin

Plugin Slug
menu-shortcode

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Smart YouTube PRO plugin

Product image for Smart YouTube PRO.

Plugin Slug
smart-youtube

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Styles plugin

Product image for Styles.

Plugin Slug
styles

Installations
10,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Video Background plugin

Product image for Video Background.

Plugin Slug
video-background

Installations
10,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Clean Up plugin

Plugin Slug
wp-clean-up

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress XML Sitemap Generator for Google plugin

Product image for Google XML Sitemaps Generator.

Plugin Slug
xml-sitemap-generator-for-google

Installations
10,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress FareHarbor for WordPress plugin

Product image for FareHarbor for WordPress.

Plugin Slug
fareharbor

Installations
8,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Blog Floating Button plugin

Product image for Blog Floating Button.

Plugin Slug
blog-floating-button

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Classic Editor and Classic Widgets plugin

Product image for Classic Editor and Classic Widgets.

Plugin Slug
classic-editor-and-classic-widgets

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress CPO Content Types plugin

Product image for CPO Content Types.

Plugin Slug
cpo-content-types

Installations
7,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Resize at Upload Plus plugin

Plugin Slug
resize-at-upload-plus

Installations
7,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Advanced Text Widget plugin

Product image for Advanced Text Widget.

Plugin Slug
advanced-text-widget

Installations
6,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Advanced Text Widget plugin

Product image for Advanced Text Widget.

Plugin Slug
advanced-text-widget

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress New Adman plugin

Plugin Slug
new-adman

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress New Adman plugin

Plugin Slug
new-adman

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP No External Links plugin

Product image for WP No External Links.

Plugin Slug
no-external-links

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Simple CSV/XLS Exporter plugin

Product image for Simple CSV/XLS Exporter.

Plugin Slug
simple-csv-xls-exporter

Installations
6,000+

Vulnerability
CSV Injection

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Social Auto Poster plugin

Product image for Social Auto Poster.

Plugin Slug
accesspress-facebook-auto-post

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Elegant Custom Fonts plugin

Product image for Elegant Custom Fonts.

Plugin Slug
elegant-custom-fonts

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress About Me 3000 widget plugin

Product image for About Me 3000 widget.

Plugin Slug
about-me-3000

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Leyka plugin

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Leyka plugin

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Wpopal Core Features plugin

Product image for Wpopal Core Features.

Plugin Slug
wpopal-core-features

Installations
2,000+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Simple Vimeo Shortcode

Plugin Slug
the-very-simple-vimeo-shortcode

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sales Report Email for WooCommerce

Product image for Sales Report Email for WooCommerce.

Plugin Slug
woo-advanced-sales-report-email

Installations
1,000+

Vulnerability
Other Vulnerability Type

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Google Tag Manager plugin

Product image for WP Google Tag Manager.

Plugin Slug
wp-google-tag-manager

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Ever Compare plugin

Product image for Ever Compare – Products Compare Plugin for WooCommerce.

Plugin Slug
ever-compare

Installations
800+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress React Webcam plugin

Product image for React Webcam.

Plugin Slug
react-webcam

Installations
600+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress User Activity plugin

Product image for User Activity.

Plugin Slug
user-activity

Installations
300+

Vulnerability
Content Spoofing

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress GoToWP plugin

Product image for GoToWP.

Plugin Slug
gotowp

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Repost plugin

Plugin Slug
wp-repost

Installations
200+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Repost plugin

Plugin Slug
wp-repost

Installations
200+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress wp2syslog plugin

Plugin Slug
wp2syslog

Installations
80+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress CSS Adder By Agene-Press

Plugin Slug
css-adder-by-agence-press

Installations
60+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress AMP Toolbox plugin

Plugin Slug
amp-toolbox

Installations
50+

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Start plugin

Product image for WordPress Start.

Plugin Slug
iksweb

Installations
40+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Manage Upload Limit plugin

Product image for Manage Upload Limit.

Plugin Slug
wpsimpletools-upload-limit

Installations
40+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress DupeOff plugin

Plugin Slug
dupeoff

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Shipyaari Shipping Management

Product image for Shipyaari Shipping Management.

Plugin Slug
manage-shipyaari-shipping

Installations
10+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Advanced Recent Posts plugin

Plugin
Advanced Recent Posts

Plugin Slug
advanced-recent-posts

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Confirm Data plugin

Product image for Confirm Data.

Plugin Slug
confirm-data

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Correos Oficial plugin

Plugin
Correos Oficial

Plugin Slug
correosoficial

Vulnerability
Arbitrary File Download

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Add User plugin

Plugin
Custom Add User

Plugin Slug
custom-add-user

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Download Attachments plugin

Plugin
Download Attachments

Plugin Slug
download-attachments

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress GigPress plugin

Plugin
GigPress

Plugin Slug
gigpress

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress i2 Pros & Cons plugin

Plugin
i2 Pros & Cons

Plugin Slug
i2-pro-cons

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress PHPFreeChat plugin

Plugin
PHPFreeChat

Plugin Slug
phpfreechat

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Product GTIN (EAN, UPC, ISBN) for WooCommerce plugin

Plugin
Product GTIN (EAN, UPC, ISBN) for WooCommerce

Plugin Slug
product-gtin-ean-upc-isbn-for-woocommerce

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Page Builder – Qards

Plugin
WordPress Page Builder – Qards

Plugin Slug
qards-free

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Resume Builder plugin

Plugin
Resume Builder

Plugin Slug
resume-builder

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Saan World Clock plugin

Plugin
Saan World Clock

Plugin Slug
saan-world-clock

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Smart Logo Showcase Lite plugin

Plugin
Smart Logo Showcase Lite

Plugin Slug
smart-logo-showcase-lite

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Synved Shortcodes plugin

Plugin
Synved Shortcodes

Plugin Slug
synved-shortcodes

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Minifier plugin

Plugin
Theme Minifier

Plugin Slug
theme-minifier

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress UpQode Google Maps plugin

Plugin
UpQode Google Maps

Plugin Slug
upqode-google-maps

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Galleries by Angie Makes

Plugin
Galleries by Angie Makes

Plugin Slug
wc-gallery

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WooSupply plugin

Plugin
WooSupply – Suppliers, Supply Orders and Stock Management

Plugin Slug
woosupply

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WooVIP plugin

Plugin
WooVIP – Membership plugin for WordPress and WooCommerce

Plugin Slug
woovip

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WooVirtualWallet plugin

Plugin
WooVirtualWallet – A virtual wallet for WooCommerce

Plugin Slug
woovirtualwallet

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress AMO for WP plugin

Plugin
AMO for WP – Membership Management

Plugin Slug
wp-amo

Vulnerability
Server Side Request Forgery (SSRF)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WPaudio MP3 Player plugin

Plugin
WPaudio MP3 Player

Plugin Slug
wpaudio-mp3-player

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WPB Advanced FAQ plugin

Plugin
WPB Advanced FAQ

Plugin Slug
wpb-advanced-faq

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

WordPress OceanWP theme

Product image for OceanWP.

Theme Slug
oceanwp

Downloads
5,985,364

Vulnerability
Local File Inclusion

Patched in Version
3.4.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.4.2.

WordPress Total theme

Product image for Total.

Theme Slug
total

Downloads
956,513

Vulnerability
Broken Authentication

Patched in Version
2.1.20

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.1.20.

WordPress Big Store theme

Product image for Big Store.

Theme Slug
big-store

Downloads
104,293

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.9.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.9.4.

WordPress darcie theme

Product image for Darcie.

Theme Slug
darcie

Downloads
14,911

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.1.6

Severity Score
High

The vulnerability has been patched, so you should update to version 1.1.6.

WordPress Houzez theme

Theme
Houzez

Theme Slug
houzez

Vulnerability
Privilege Escalation

Patched in Version
2.7.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 2.7.2.

WordPress Real Estate 7 theme

Theme
Real Estate 7

Theme Slug
realestate-7

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.3.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.5.

WordPress Real Estate 7 theme

Theme
Real Estate 7

Theme Slug
realestate-7

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.3.5

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.5.
iThemes Team

Source link

Written by:
Abdul Wahid
Published on:
March 13, 2023
Thoughts:
No comments yet

Categories: Woocommerce

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Wordpress

  • Latest News (285)
  • Plugins (323)
  • Themes (332)
  • Tutorials (416)
  • Videos (847)
  • Woocommerce (423)

Recent Articles

Here’s how to downgrade WooCommerce plugin and keep your data

Receiving a "Store Version Not Supported" …

Continue Reading about Here’s how to downgrade WooCommerce plugin and keep your data

Lakeshore PBS presents new season of ‘Whitney Reynolds Show’

MERRILLVILLE — Lakeshore PBS is the presenting …

Continue Reading about Lakeshore PBS presents new season of ‘Whitney Reynolds Show’

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter