WordPress Vulnerability Report — May 1, 2024

In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 269 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 90 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 248 Patched / 21 Unpatched

2.1
Auto Featured Image (Auto Post Thumbnail)
2.2
FameTheme Demo Importer
2.3
Piotnet Addons For Elementor
2.4
AGCA – Custom Dashboard & Login Page
2.5
Serious Slider
2.6
Meks Smart Social Widget
2.7
Xserver Migrator
2.8
Annual Archive
2.9
rtMedia for WordPress, BuddyPress and bbPress
2.10
ClickCease Click Fraud Protection
2.11
Democracy Poll
2.12
Login Logout Register Menu
2.13
Meks ThemeForest Smart Widget
2.14
Print-O-Matic
2.15
Smart Recent Posts Widget
2.16
CM Tooltip Glossary
2.17
Customify Site Library
2.18
WordPress Ad Widget
2.19
PopupAlly
2.20
Pretty Google Calendar
2.21
Fan Page Widget by ThemeNcode
2.22
Filterable Portfolio
2.23
Share This Image
2.24
Smart Maintenance Mode
2.25
ENL Newsletter
2.26
ENL Newsletter
2.27
ENL Newsletter
2.28
Advanced Search
2.29
Advanced Most Recent Posts Mod
2.30
Advanced Post List
2.31
AJAX Login and Registration modal popup + inline form
2.32
Element Pack Pro
2.33
CF7 File Download – File Download for CF7
2.34
Client Dash
2.35
Contact Form 7 Extension For Mailchimp
2.36
CPO Companion
2.37
Crelly Slider
2.38
Easy Set Favicon
2.39
Embed Google Fonts
2.40
XStore Core
2.41
XStore Core
2.42
XStore Core
2.43
XStore Core
2.44
XStore Core
2.45
XStore Core
2.46
XStore Core
2.47
XStore Core
2.48
Giphypress
2.49
GWP-Histats
2.50
JW Player for WordPress
2.51
MF Gig Calendar
2.52
Mini Loops
2.53
Opal Widgets For Elementor
2.54
CodeBard’s Patron Button and Widgets for Patreon
2.55
PB MailCrypt
2.56
Piotnet Addons For Elementor Pro
2.57
Piotnet Addons For Elementor Pro
2.58
Piotnet Addons For Elementor Pro
2.59
Piotnet Addons For Elementor Pro
2.60
Piotnet Addons For Elementor Pro
2.61
Progressive WordPress (PWA)
2.62
Realtyna Organic IDX plugin
2.63
Recencio Book Reviews
2.64
Regenerate post permalink
2.65
School Management Pro
2.66
Shortcode Addons
2.67
Sliding Widgets
2.68
Social Share Buttons by Supsystic
2.69
Solid Affiliate
2.70
SP Project & Document Manager
2.71
Sticky Anything
2.72
WidgetKit
2.73
WZone
2.74
WZone
2.75
WZone
2.76
WZone
2.77
WZone
2.78
WZone
2.79
WP GDPR Compliance
2.80
WP Masquerade
2.81
WP Page Post Widget Clone
2.82
WTI Like Post
2.83
XforWooCommerce
2.84
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
2.85
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.86
Rank Math SEO with AI Best SEO Tools
2.87
ElementsKit Elementor addons and Templates Library
2.88
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
2.89
Premium Addons for Elementor
2.90
Premium Addons for Elementor
2.91
Spectra – WordPress Gutenberg Blocks
2.92
Contact Form 7 Database Addon – CFDB7
2.93
WP Shortcodes Plugin — Shortcodes Ultimate
2.94
Happy Addons for Elementor
2.95
Duplicate Post
2.96
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.97
Royal Elementor Addons and Templates
2.98
Royal Elementor Addons and Templates
2.99
PDF Invoices & Packing Slips for WooCommerce
2.100
PDF Invoices & Packing Slips for WooCommerce
2.101
Call Now Button – The #1 Click to Call Button for WordPress
2.102
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
2.103
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
2.104
Jeg Elementor Kit
2.105
Jeg Elementor Kit
2.106
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.107
Qi Addons For Elementor
2.108
YITH WooCommerce Compare
2.109
Elementor Addon Elements
2.110
BackUpWordPress
2.111
Colibri Page Builder
2.112
Colibri Page Builder
2.113
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
2.114
FileOrganizer – Manage WordPress and Website Files
2.115
Table Rate Shipping Method for WooCommerce by Flexible Shipping
2.116
HT Mega – Absolute Addons For Elementor
2.117
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
2.118
Social Sharing Plugin – Sassy Social Share
2.119
Schema & Structured Data for WP & AMP
2.120
Strong Testimonials
2.121
Social Media Share Buttons & Social Sharing Icons
2.122
WP Chat App
2.123
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.124
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.125
VK Block Patterns
2.126
WP STAGING WordPress Backup Plugin – Migration Backup Restore
2.127
Backup Migration
2.128
Import and export users and customers
2.129
MainWP Child Reports
2.130
Tutor LMS – eLearning and online course solution
2.131
Tutor LMS – eLearning and online course solution
2.132
WP SMTP
2.133
WP ULike – Most Advanced WordPress Marketing Toolkit
2.134
WP ULike – Most Advanced WordPress Marketing Toolkit
2.135
WP ULike – Most Advanced WordPress Marketing Toolkit
2.136
Comments – wpDiscuz
2.137
Database for Contact Form 7, WPforms, Elementor forms
2.138
Media Cleaner: Clean your WordPress!
2.139
Export and Import Users and Customers
2.140
Blog2Social: Social Media Auto Post & Scheduler
2.141
Exclusive Addons for Elementor
2.142
Exclusive Addons for Elementor
2.143
Exclusive Addons for Elementor
2.144
Getwid – Gutenberg Blocks
2.145
FOX – Currency Switcher Professional for WooCommerce
2.146
WP-Members Membership Plugin
2.147
Enhanced Text Widget
2.148
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.149
Collapse-O-Matic
2.150
Quick Featured Images
2.151
Simple Membership
2.152
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.153
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.154
Simply Static
2.155
Print Invoice & Delivery Notes for WooCommerce
2.156
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.157
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.158
AGCA – Custom Dashboard & Login Page
2.159
Popup Box – Best WordPress Popup Plugin
2.160
FV Flowplayer Video Player
2.161
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.162
Timetable and Event Schedule by MotoPress
2.163
Social Sharing Plugin – Social Warfare
2.164
VOD Infomaniak
2.165
WP Google Review Slider
2.166
Hide Dashboard Notifications
2.167
Appointment Hour Booking – WordPress Booking Plugin
2.168
Payment Gateway Based Fees and Discounts for WooCommerce
2.169
Data Tables Generator by Supsystic
2.170
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
2.171
Pricing Table by Supsystic
2.172
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
2.173
Rate My Post – Star Rating Plugin by FeedbackWP
2.174
Secure Copy Content Protection and Content Locking
2.175
Secure Copy Content Protection and Content Locking
2.176
Social Share Icons & Social Share Buttons
2.177
Social Share Icons & Social Share Buttons
2.178
Video Conferencing with Zoom
2.179
Product Addons & Fields for WooCommerce
2.180
Brevo for WooCommerce
2.181
WPZOOM Addons for Elementor (Templates, Widgets)
2.182
Advanced Floating Content Lite
2.183
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
2.184
rtMedia for WordPress, BuddyPress and bbPress
2.185
Classified Listing – Classified ads & Business Directory Plugin
2.186
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
2.187
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
2.188
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
2.189
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
2.190
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
2.191
SSL Mixed Content Fix
2.192
List Custom Taxonomy Widget
2.193
Page Builder: Live Composer
2.194
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
2.195
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.196
Pop-up
2.197
Five Star Restaurant Reservations – WordPress Booking Plugin
2.198
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
2.199
RomethemeKit For Elementor
2.200
RomethemeKit For Elementor
2.201
Send PDF for Contact Form 7
2.202
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
2.203
Ultimate Posts Widget
2.204
Easy Accept Payments via PayPal
2.205
WP Datepicker
2.206
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
2.207
WP Travel Engine – Best Travel Booking WordPress Plugin
2.208
Arconix FAQ
2.209
FG Joomla to WordPress
2.210
RomethemeForm For Elementor
2.211
Smart Forms – when you need more than just a contact form
2.212
Smart Forms – when you need more than just a contact form
2.213
WP LinkedIn Auto Publish
2.214
WordPress Backup & Migration
2.215
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.216
Maintenance Mode
2.217
WPC Composite Products for WooCommerce
2.218
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.219
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.220
ProfileGrid – User Profiles, Memberships, Groups and Communities
2.221
The Plus Blocks for Block Editor | Gutenberg
2.222
Better Elementor Addons
2.223
Easy Property Listings
2.224
Image Slider
2.225
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
2.226
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
2.227
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
2.228
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.229
Arconix Shortcodes
2.230
Assistant – Every Day Productivity Apps
2.231
Podlove Podcast Publisher
2.232
Podlove Podcast Publisher
2.233
Salon booking system
2.234
Salon booking system
2.235
Salon booking system
2.236
Ultimate 410 Gone Status Code
2.237
Advanced Local Pickup for WooCommerce
2.238
Embed Google Photos album
2.239
Import WP – Export and Import CSV and XML files to WordPress
2.240
Tickera – WordPress Event Ticketing
2.241
VikRentCar Car Rental Management System
2.242
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
2.243
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
2.244
Coupon & Discount Code Reveal Button
2.245
Debug Log Manager
2.246
Newsletters
2.247
Newsletters
2.248
PropertyHive
2.249
Vision – Image Map Builder
2.250
Widget Post Slider
2.251
WP-Lister Lite for eBay
2.252
WP-Recall – Registration, Profile, Commerce & More
2.253
WP-Recall – Registration, Profile, Commerce & More
2.254
Accessibility Widget
2.255
Advanced Testimonial Carousel for Elementor
2.256
All-in-one Like Widget
2.257
Knowledge Base documentation & wiki plugin – BasePress Docs
2.258
Knowledge Base documentation & wiki plugin – BasePress Docs
2.259
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
2.260
Custom field finder
2.261
RSS Redirect & Feedburner Alternative
2.262
InstaWP Connect – 1-click WP Staging & Migration
2.263
iPages Flipbook For WordPress
2.264
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.265
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.266
User Meta – User Profile Builder and User management plugin
2.267
SuperFaktura WooCommerce
2.268
Academy LMS – eLearning and online course solution for WordPress
2.269
Academy LMS – eLearning and online course solution for WordPress
2.270
ActiveDEMAND
2.271
Admin Bar Editor – Hide Toolbar by User Roles
2.272
AI Post Generator | AutoWriter
2.273
AppPresser – Mobile App Framework
2.274
Booking Ultra Pro Appointments Booking Calendar Plugin
2.275
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.276
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
2.277
ChatBot Conversational Forms
2.278
Culqi
2.279
EPROLO Dropshipping
2.280
USPS Shipping for WooCommerce – Live Rates
2.281
Headline Analyzer
2.282
KB Support – WordPress Help Desk and Knowledge Base
2.283
Login with phone number
2.284
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
2.285
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
2.286
Reviews Plus
2.287
Save as PDF Plugin by Pdfcrowd
2.288
Seers | GDPR & CCPA Cookie Consent & Compliance
2.289
Image Optimizer, Resizer and CDN – Sirv
2.290
StreamWeasels Twitch Integration
2.291
Poll | Vote | Contest – Best Poll Plugin for WordPress
2.292
Vitepos – Point of sale (POS) plugin for WooCommerce
2.293
WP Club Manager – WordPress Sports Club Plugin
2.294
WP GoToWebinar
2.295
MDTF – Meta Data and Taxonomies Filter
2.296
WP Time Slots Booking Form
2.297
WPCal.io – Easy Meeting Scheduler
2.298
WPPizza – A Restaurant Plugin
2.299
Frontend Dashboard
2.300
Leaky Paywall
2.301
Olive One Click Demo Import
2.302
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
2.303
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.304
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.305
Slash Admin
2.306
Car Dealer (Dealership) and Vehicle sales
2.307
ShortPixel Critical CSS
2.308
Admin and Customer Messages After Order for WooCommerce: OrderConvo
2.309
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
2.310
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
2.311
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
2.312
Better Comments
2.313
Better Comments
2.314
Header Footer Code Manager Pro
2.315
ARForms
2.316
ARForms
2.317
ARForms
2.318
ARForms
2.319
ARForms
2.320
ARForms Form Builder
2.321
Digital Publications by Supsystic
2.322
ElementsKit Pro
2.323
Fancy Product Designer
2.324
Interactive World Maps
2.325
Max Addons Pro for Bricks
2.326
Max Addons Pro for Bricks
2.327
WooCommerce Shipping Label
2.328
WooCommerce Customers Manager
2.329
WooCommerce Customers Manager
2.330
WP Media Category Management
2.331
Wp Staging Pro

3. WordPress Themes — 21 Patched / 7 Unpatched

3.1
UDesign
3.2
XStore
3.3
XStore
3.4
XStore
3.5
XStore
3.6
XStore
3.7
XStore
3.8
Accountra
3.9
Althea WP
3.10
Blocksy
3.11
Blocksy
3.12
Brite
3.13
Colibri WP
3.14
ColorNews
3.15
Elevate WP
3.16
Financio
3.17
Hugo WP
3.18
Intrace
3.19
Pathway
3.20
Photology
3.21
Royal Elementor Kit
3.22
Startupzy
3.23
Teluro
3.24
Travey
3.25
Vertice
3.26
Virtue
3.27
WP Portfolio
3.28
Zeever

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

WordPress Plugins — 248 Patched / 21 Unpatched

Plugin Slug:: auto-post-thumbnail
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: famethemes-demo-importer
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: ag-custom-admin
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: cryout-serious-slider
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: meks-smart-social-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: xserver-migrator
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical

Plugin Slug:: anual-archive
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: clickcease-click-fraud-protection
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: democracy-poll
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: login-logout-register-menu
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: meks-themeforest-smart-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: print-o-matic
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: smart-recent-posts-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: customify-sites
Installations: 6,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical

Plugin Slug:: ad-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: popupally
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: pretty-google-calendar
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: facebook-fan-page-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: filterable-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: share-this-image
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: smart-maintenance-mode
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Advanced Most Recent Posts Mod
Plugin Slug:: advanced-most-recent-posts-mod
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Advanced Post List
Plugin Slug:: advanced-post-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: AJAX Login and Registration modal popup + inline form
Plugin Slug:: ajax-login-and-registration-modal-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Element Pack Pro
Plugin Slug:: bdthemes-element-pack
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High

Plugin:: CF7 File Download – File Download for CF7
Plugin Slug:: cf7-file-download
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Client Dash
Plugin Slug:: client-dash
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form 7 Extension For Mailchimp
Plugin Slug:: contact-form-7-mailchimp-extension
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CPO Companion
Plugin Slug:: cpo-companion
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy Set Favicon
Plugin Slug:: easy-set-favicon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Embed Google Fonts
Plugin Slug:: embed-google-fonts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Giphypress
Plugin Slug:: giphypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: GWP-Histats
Plugin Slug:: gwp-histats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: JW Player for WordPress
Plugin Slug:: jw-player-7-for-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: MF Gig Calendar
Plugin Slug:: mf-gig-calendar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Mini Loops
Plugin Slug:: mini-loops
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Opal Widgets For Elementor
Plugin Slug:: opal-widgets-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CodeBard’s Patron Button and Widgets for Patreon
Plugin Slug:: patron-button-and-widgets-by-codebard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: PB MailCrypt
Plugin Slug:: pb-mailcrypt-antispam-email-encryption
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Progressive WordPress (PWA)
Plugin Slug:: progressive-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Realtyna Organic IDX plugin
Plugin Slug:: real-estate-listing-realtyna-wpl
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Recencio Book Reviews
Plugin Slug:: recencio-book-reviews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Regenerate post permalink
Plugin Slug:: regenerate-post-permalinks
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: School Management Pro
Plugin Slug:: school-management-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Sliding Widgets
Plugin Slug:: sliding-widgets
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Social Share Buttons by Supsystic
Plugin Slug:: social-share-buttons-by-supsystic
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Solid Affiliate
Plugin Slug:: solid-affiliate
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Sticky Anything
Plugin Slug:: toast-stick-anything
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: WP GDPR Compliance
Plugin Slug:: wp-gdpr-compliance
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Masquerade
Plugin Slug:: wp-masquerade
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Page Post Widget Clone
Plugin Slug:: wp-page-post-widget-clone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WTI Like Post
Plugin Slug:: wti-like-post
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: XforWooCommerce
Plugin Slug:: xforwoocommerce
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1.1
Severity Score:: Medium

Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.9.16
Severity Score:: Medium

Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.217
Severity Score:: Medium

Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.1
Severity Score:: High

Plugin Slug:: optinmonster
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.16.0
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium

Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.26
Severity Score:: Medium

Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 700,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.12.7
Severity Score:: Medium

Plugin Slug:: contact-form-cfdb7
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.7
Severity Score:: Medium

Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.0
Severity Score:: Medium

Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.7
Severity Score:: Medium

Plugin Slug:: copy-delete-posts
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: Medium

Plugin Slug:: metform
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.4
Severity Score:: Medium

Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium

Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.95
Severity Score:: Medium

Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.8.1
Severity Score:: High

Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High

Plugin Slug:: call-now-button
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: Medium

Plugin Slug:: chaty
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium

Plugin Slug:: instant-images
Installations: 200,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1.1
Severity Score:: High

Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium

Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium

Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.21
Severity Score:: Medium

Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium

Plugin Slug:: yith-woocommerce-compare
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.38.0
Severity Score:: Medium

Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium

Plugin Slug:: backupwordpress
Installations: 100,000+
Vulnerability:: Directory Traversal
Patched in Version:: 3.14
Severity Score:: Low

Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.264
Severity Score:: Medium

Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium

Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.1
Severity Score:: Medium

Plugin Slug:: fileorganizer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium

Plugin Slug:: flexible-shipping
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.16
Severity Score:: Medium

Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.8
Severity Score:: Medium

Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium

Plugin Slug:: sassy-social-share
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.61
Severity Score:: Medium

Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.30
Severity Score:: Medium

Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.12
Severity Score:: Medium

Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium

Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium

Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium

Plugin Slug:: vk-block-patterns
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1.1
Severity Score:: Medium

Plugin Slug:: wp-staging
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.0
Severity Score:: Medium

Plugin Slug:: backup-backup
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium

Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.26.3
Severity Score:: Medium

Plugin Slug:: mainwp-child-reports
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium

Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.0
Severity Score:: Medium

Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium

Plugin Slug:: wp-smtp
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.7
Severity Score:: High

Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium

Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.7.0
Severity Score:: High

Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium

Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.16
Severity Score:: Medium

Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: High

Plugin Slug:: media-cleaner
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.7.3
Severity Score:: Medium

Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 2.5.4
Severity Score:: Medium

Plugin Slug:: blog2social
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.5.0
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9.2
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.4
Severity Score:: Medium

Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium

Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium

Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.1.9
Severity Score:: Medium

Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.4.9.4
Severity Score:: Medium

Plugin Slug:: enhanced-text-widget
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: Medium

Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.25
Severity Score:: Medium

Plugin Slug:: jquery-collapse-o-matic
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5.6
Severity Score:: Medium

Plugin Slug:: quick-featured-images
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 13.7.1
Severity Score:: Medium

Plugin Slug:: simple-membership
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.4
Severity Score:: Medium

Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium

Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.79
Severity Score:: High

Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1.4
Severity Score:: High

Plugin Slug:: woocommerce-delivery-notes
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.0
Severity Score:: Medium

Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium

Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium

Plugin Slug:: ag-custom-admin
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.2
Severity Score:: Medium

Plugin Slug:: ays-popup-box
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.7
Severity Score:: Medium

Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.5.45.7212
Severity Score:: Medium

Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5.6
Severity Score:: Medium

Plugin Slug:: mp-timetable
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.12
Severity Score:: High

Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.6.2
Severity Score:: Medium

Plugin Slug:: vod-infomaniak
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.7
Severity Score:: High

Plugin Slug:: wp-google-places-review-slider
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.6
Severity Score:: Medium

Plugin Slug:: wp-hide-backed-notices
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3
Severity Score:: Medium

Plugin Slug:: appointment-hour-booking
Installations: 20,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.4.57
Severity Score:: Medium

Plugin Slug:: checkout-fees-for-woocommerce
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.12.2
Severity Score:: Medium

Plugin Slug:: data-tables-generator-by-supsystic
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.32
Severity Score:: Medium

Plugin Slug:: gt3-photo-video-gallery
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7.22
Severity Score:: Medium

Plugin Slug:: pricing-table-by-supsystic
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 1.9.13
Severity Score:: Medium

Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.12.11
Severity Score:: Medium

Plugin Slug:: rate-my-post
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium

Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.1
Severity Score:: Medium

Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.2
Severity Score:: Medium

Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.2
Severity Score:: Medium

Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.3
Severity Score:: Medium

Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.4.5
Severity Score:: Medium

Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 32.0.19
Severity Score:: Critical

Plugin Slug:: woocommerce-sendinblue-newsletter-subscription
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.18
Severity Score:: High

Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.36
Severity Score:: Medium

Plugin Slug:: advanced-floating-content-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium

Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.33
Severity Score:: Medium

Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.19
Severity Score:: High

Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.11
Severity Score:: Medium

Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.9.0
Severity Score:: Medium

Plugin Slug:: elespare
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.3
Severity Score:: Medium

Plugin Slug:: email-customizer-for-woocommerce
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.1
Severity Score:: High

Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.9
Severity Score:: Low

Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.49
Severity Score:: Medium

Plugin Slug:: http-https-remover
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.7
Severity Score:: Medium

Plugin Slug:: list-custom-taxonomy-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium

Plugin Slug:: live-composer-page-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.39
Severity Score:: Medium

Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium

Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.11.1
Severity Score:: Medium

Plugin Slug:: pop-up-pop-up
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.4
Severity Score:: Medium

Plugin Slug:: restaurant-reservations
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.17
Severity Score:: Medium

Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.22
Severity Score:: Medium

Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium

Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium

Plugin Slug:: send-pdf-for-contact-form-7
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2.4
Severity Score:: Medium

Plugin Slug:: socialsnap
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium

Plugin Slug:: ultimate-posts-widget
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.0
Severity Score:: Medium

Plugin Slug:: wordpress-easy-paypal-payment-or-donation-accept-plugin
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0
Severity Score:: High

Plugin Slug:: wp-datepicker
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.1.1
Severity Score:: High

Plugin Slug:: wp-scheduled-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium

Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.1
Severity Score:: High

Plugin Slug:: arconix-faq
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.4
Severity Score:: Medium

Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.21.0
Severity Score:: Medium

Plugin Slug:: romethemeform
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium

Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.96
Severity Score:: Medium

Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.92
Severity Score:: Medium

Plugin Slug:: wp-linkedin-auto-publish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.12
Severity Score:: Medium

Plugin Slug:: wp-migration-duplicator
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.9
Severity Score:: Medium

Plugin Slug:: armember-membership
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.29
Severity Score:: Critical

Plugin Slug:: hkdev-maintenance-mode
Installations: 8,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.0.2
Severity Score:: Low

Plugin Slug:: wpc-composite-products
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.8
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.8.3
Severity Score:: Medium

Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium

Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.6
Severity Score:: Medium

Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.2
Severity Score:: Medium

Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium

Plugin Slug:: image-slider-widget
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.127
Severity Score:: Medium

Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: High

Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: Medium

Plugin Slug:: print-my-blog
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.26.3
Severity Score:: Medium

Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.74
Severity Score:: Medium

Plugin Slug:: arconix-shortcodes
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.11
Severity Score:: Medium

Plugin Slug:: assistant
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.9.2
Severity Score:: Medium

Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.12
Severity Score:: Medium

Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.15
Severity Score:: High

Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.6
Severity Score:: Medium

Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.6
Severity Score:: Medium

Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.6.6
Severity Score:: Medium

Plugin Slug:: ultimate-410
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium

Plugin Slug:: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: Medium

Plugin Slug:: embed-google-photos-album-easily
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.1
Severity Score:: Medium

Plugin Slug:: jc-importer
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.13.1
Severity Score:: Medium

Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.5.2.5
Severity Score:: Medium

Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.3
Severity Score:: Medium

Plugin Slug:: wp-ada-compliance-check-basic
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.4
Severity Score:: Medium

Plugin Slug:: wp-fusion-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.43.0
Severity Score:: Medium

Plugin Slug:: coupon-reveal-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium

Plugin Slug:: debug-log-manager
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium

Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.9.6
Severity Score:: Critical

Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.6
Severity Score:: High

Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.13
Severity Score:: Medium

Plugin Slug:: vision
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium

Plugin Slug:: widget-post-slider
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium

Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.6.0
Severity Score:: Critical

Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: High

Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: Critical

Plugin Slug:: accessibility-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium

Plugin Slug:: advanced-testimonial-carousel-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium

Plugin Slug:: all-in-one-facebook-like-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: Medium

Plugin Slug:: basepress
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.16.2.1
Severity Score:: Medium

Plugin Slug:: basepress
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.16.2.1
Severity Score:: Medium

Plugin Slug:: cookiehub
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.1
Severity Score:: Medium

Plugin Slug:: custom-field-finder
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.4
Severity Score:: Medium

Plugin Slug:: feedburner-alternative-and-rss-redirect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0
Severity Score:: Medium

Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.0.25
Severity Score:: Medium

Plugin Slug:: ipages-flipbook
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.2
Severity Score:: Medium

Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8.4
Severity Score:: High

Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.8.3
Severity Score:: Medium

Plugin Slug:: user-meta
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1
Severity Score:: Medium

Plugin Slug:: woocommerce-superfaktura
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.40.4
Severity Score:: Medium

Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: High

Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: Medium

Plugin Slug:: activedemand
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.2.42
Severity Score:: Critical

Plugin Slug:: admin-bar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.23
Severity Score:: Medium

Plugin Slug:: ai-post-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4
Severity Score:: Medium

Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.1
Severity Score:: Medium

Plugin Slug:: booking-ultra-pro
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.13
Severity Score:: High

Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.8.9
Severity Score:: High

Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 21.3.5
Severity Score:: High

Plugin Slug:: conversational-forms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.0
Severity Score:: High

Plugin Slug:: culqi-checkout
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.15
Severity Score:: Medium

Plugin Slug:: eprolo-dropshipping
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium

Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.10.0
Severity Score:: Medium

Plugin Slug:: headline-analyzer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium

Plugin Slug:: kb-support
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.1
Severity Score:: Medium

Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.94
Severity Score:: Critical

Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.4
Severity Score:: High

Plugin Slug:: radio-station
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.8
Severity Score:: Medium

Plugin Slug:: reviews-plus
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium

Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.1
Severity Score:: Medium

Plugin Slug:: seers-cookie-consent-banner-privacy-policy
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.1.1
Severity Score:: High

Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 7.2.3
Severity Score:: High

Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.0
Severity Score:: Medium

Plugin Slug:: totalpoll-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.0
Severity Score:: Medium

Plugin Slug:: vitepos-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.2
Severity Score:: Medium

Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.12
Severity Score:: Medium

Plugin Slug:: wp-gotowebinar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 15.1
Severity Score:: Medium

Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.1
Severity Score:: Medium

Plugin Slug:: wp-time-slots-booking-form
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.07
Severity Score:: High

Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium

Plugin Slug:: wppizza
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.18.11
Severity Score:: Medium

Plugin Slug:: frontend-dashboard
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.4
Severity Score:: High

Plugin Slug:: leaky-paywall
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 4.20.9
Severity Score:: High

Plugin Slug:: olive-one-click-demo-import
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.1.2
Severity Score:: High

Plugin Slug:: woo-aliexpress-dropshipping
Installations: 900+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 2.1.2
Severity Score:: High

Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.5.4
Severity Score:: Critical

Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: Critical

Plugin Slug:: slash-admin
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.2
Severity Score:: High

Plugin Slug:: cardealer
Installations: 700+
Vulnerability:: Content Injection
Patched in Version:: 4.16
Severity Score:: Low

Plugin Slug:: shortpixel-critical-css
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: High

Plugin Slug:: admin-and-client-message-after-order-for-woocommerce
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 12.5
Severity Score:: Critical

Plugin Slug:: wp-s3-smart-upload
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.1
Severity Score:: High

Plugin Slug:: evergreen-content-poster
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium

Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.02
Severity Score:: Medium

Plugin Slug:: better-comments
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium

Plugin Slug:: better-comments
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium

Plugin:: Header Footer Code Manager Pro
Plugin Slug:: 99robots-header-footer-code-manager-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.17
Severity Score:: High

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: SQL Injection
Patched in Version:: 6.4.1
Severity Score:: High

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 6.4.1
Severity Score:: High

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: High

Plugin:: ARForms Form Builder
Plugin Slug:: arforms-form-builder
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: High

Plugin:: Digital Publications by Supsystic
Plugin Slug:: digital-publications-by-supsystic
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.8
Severity Score:: Medium

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.1
Severity Score:: High

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.8
Severity Score:: High

Plugin:: Interactive World Maps
Plugin Slug:: interactive-world-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: High

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Settings Change
Patched in Version:: 1.6.2
Severity Score:: Medium

Plugin:: WooCommerce Shipping Label
Plugin Slug:: shipping-labels-for-woo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.9
Severity Score:: Medium

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Broken Access Control
Patched in Version:: 29.8
Severity Score:: Medium

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 29.8
Severity Score:: High

Plugin:: WP Media Category Management
Plugin Slug:: wp-media-category-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: High

Plugin:: Wp Staging Pro
Plugin Slug:: wp-staging-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.5.0
Severity Score:: Medium

WordPress Themes — 21 Patched / 7 Unpatched

Theme:: UDesign
Theme Slug:: u-design
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Theme Slug:: accountra
Downloads: 20,885
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium

Theme Slug:: althea-wp
Downloads: 52,642
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.16
Severity Score:: Medium

Theme Slug:: blocksy
Downloads: 3,113,676
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.40
Severity Score:: Medium

Theme Slug:: blocksy
Downloads: 3,113,676
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.34
Severity Score:: Medium

Theme Slug:: brite
Downloads: 125,207
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.15
Severity Score:: Medium

Theme Slug:: colibri-wp
Downloads: 1,271,195
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.99
Severity Score:: Medium

Theme Slug:: colornews
Downloads: 266,626
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium

Theme Slug:: elevate-wp
Downloads: 70,130
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.17
Severity Score:: Medium

Theme Slug:: financio
Downloads: 17,197
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4
Severity Score:: Medium

Theme Slug:: hugo-wp
Downloads: 59,334
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.10
Severity Score:: Medium

Theme Slug:: intrace
Downloads: 84,888
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.1
Severity Score:: Medium

Theme Slug:: pathway
Downloads: 57,050
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium

Theme Slug:: photology
Downloads: 17,339
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4
Severity Score:: Medium

Theme Slug:: royal-elementor-kit
Downloads: 461,793
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.117
Severity Score:: Medium

Theme Slug:: startupzy
Downloads: 66,824
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.2
Severity Score:: Medium

Theme Slug:: teluro
Downloads: 188,771
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.36
Severity Score:: Medium

Theme Slug:: travey
Downloads: 17,666
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.5
Severity Score:: Medium

Theme Slug:: vertice
Downloads: 47,531
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.11
Severity Score:: Medium

Theme Slug:: virtue
Downloads: 2,473,892
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9
Severity Score:: Medium

Theme Slug:: wp-portfolio
Downloads: 82,208
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: Medium

Theme Slug:: zeever
Downloads: 208,788
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.1
Severity Score:: Medium

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link

WordPress Vulnerability Report — May 1, 2024

Table of Contents

WordPress Core

WordPress Plugins — 248 Patched / 21 Unpatched

WordPress Themes — 21 Patched / 7 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

VirusWord by Promaps, Inc.

Table of Contents

WordPress Core

WordPress Plugins — 248 Patched / 21 Unpatched

WordPress Themes — 21 Patched / 7 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Explore more