• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – May 24, 2023

WordPress Vulnerability Report – May 24, 2023

Written by

Dan Knauss

on

May 24, 2023

Last Updated on May 24, 2023

On May 20, 2023, WordPress 6.2.2 was released to address a regression — a bug introduced in 6.2.1 that broke shortcode functionality — as well as a security issue. Because 6.2.2 is a security release, you should update your sites immediately. All versions since WordPress 5.9 have also been updated. The next major version of WordPress core slated for an August release will be 6.3.

WordPress core has been updated to secure 6 vulnerabilities disclosed with its 6.2.1-6.2.2 releases. In the plugin and theme ecosystem, 97 total vulnerabilities emerged in public disclosure. They may affect over 5 million WordPress sites. Out of the total number, there are 64 plugin vulnerabilities that have security patches available.

Additionally, there are 22 plugin vulnerabilities and 11 theme vulnerabilities with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core

Vulnerability
Unauth. Shortcode Execution

Patched in Version
6.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.2.

WordPress Core

Vulnerability
Insufficient Sanitization of Block Attributes vulnerabilities

Patched in Version
6.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.1.

WordPress Core

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
6.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.1.

WordPress Core

Vulnerability
Unauth. Shortcode Execution

Patched in Version
6.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.1.

WordPress Core

Vulnerability
Unauth. Directory Traversal

Patched in Version
6.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.1.

WordPress Core

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.1.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

UpdraftPlus

Product image for UpdraftPlus WordPress Backup Plugin.

Plugin Slug
updraftplus

Installations
3,000,000+

Vulnerability
CSRF lead to wp-admin Site Wide XSS

Patched in Version
1.23.4

Severity Score
High

The vulnerability has been patched, so you should update to version 1.23.4.

PixelYourSite

Product image for PixelYourSite – Your smart PIXEL (TAG) Manager.

Plugin Slug
pixelyoursite

Installations
400,000+

Vulnerability
Authenticated (Administrator+) Stored Cross-Site Scripting

Patched in Version
9.3.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 9.3.7.

Chaty

Product image for Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty.

Plugin Slug
chaty

Installations
200,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 3.1.

Simple Page Ordering

Product image for Simple Page Ordering.

Plugin Slug
simple-page-ordering

Installations
200,000+

Vulnerability
Broken Access Control

Patched in Version
2.5.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.5.1.

Unlimited Elements For Elementor

Product image for Unlimited Elements For Elementor (Free Widgets, Addons, Templates).

Plugin Slug
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability
Unrestricted Zip Extraction

Patched in Version
1.5.61

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.5.61.

Performance Lab

Product image for Performance Lab.

Plugin Slug
performance-lab

Installations
70,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.0.

Contact Form Entries

Product image for Contact Form Entries – Contact Form 7, WPforms and more.

Plugin Slug
contact-form-entries

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.1.

Contact Form Entries

Product image for Contact Form Entries – Contact Form 7, WPforms and more.

Plugin Slug
contact-form-entries

Installations
60,000+

Vulnerability
SQL Injection

Patched in Version
1.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.3.1.

WP-Matomo Integration (WP-Piwik)

Product image for WP-Matomo Integration (WP-Piwik).

Plugin Slug
wp-piwik

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.28

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.28.

Ultimate Dashboard

Product image for Ultimate Dashboard – Custom WordPress Dashboard.

Plugin Slug
ultimate-dashboard

Installations
50,000+

Vulnerability
Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

Patched in Version
3.7.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.7.6.

Better Notifications for WP

Product image for Customize WordPress Emails and Alerts – Better Notifications for WP.

Plugin Slug
bnfw

Installations
40,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.9.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.9.3.

JetFormBuilder

Product image for JetFormBuilder — Dynamic Blocks Form Builder.

Plugin Slug
jetformbuilder

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.0.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.7.

BEAR

Product image for BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.

Plugin Slug
woo-bulk-editor

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.3.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.2.

AI Engine: ChatGPT Chatbot

Product image for AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable.

Plugin Slug
ai-engine

Installations
20,000+

Vulnerability
Authenticated (Admin+) Stored Cross-Site Scripting

Patched in Version
1.6.83

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.83.

Contact Form by Supsystic

Product image for Contact Form by Supsystic.

Plugin Slug
contact-form-by-supsystic

Installations
10,000+

Vulnerability
Cross-Site Request Forgery via AJAX action

Patched in Version
1.7.25

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.25.

Custom 404 Pro

Product image for Custom 404 Pro.

Plugin Slug
custom-404-pro

Installations
10,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.8.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.2.

RegistrationMagic

Product image for RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.

Plugin Slug
custom-registration-form-builder-with-submission-manager

Installations
10,000+

Vulnerability
Authentication Bypass

Patched in Version
5.2.1.1

Severity Score
Critical

The vulnerability has been patched, so you should update to version 5.2.1.1.

Unite Gallery Lite

Product image for Unite Gallery Lite.

Plugin Slug
unite-gallery-lite

Installations
10,000+

Vulnerability
Local File Inclusion

Patched in Version
1.7.60

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.60.

WP SMS

Product image for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.

Plugin Slug
wp-sms

Installations
9,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
6.1.5

Severity Score
High

The vulnerability has been patched, so you should update to version 6.1.5.

PluginOps Optin Builder

Product image for MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.

Plugin Slug
mailchimp-subscribe-sm

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.0.9.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.9.2.

WP Custom Cursors

Product image for WP Custom Cursors | WordPress Cursor Plugin.

Plugin Slug
wp-custom-cursors

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.2.

Bit Form

Product image for Bit Form – Contact Form Plugin for WordPress: Drag & Drop, Responsive, Payment Form & Custom Form Builder.

Plugin Slug
bit-form

Installations
2,000+

Vulnerability
Remote Code Execution (RCE) via Unauthenticated Arbitrary File Upload

Patched in Version
1.9

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.9.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.

Plugin Slug
groundhogg

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF) to Privilege Escalation

Patched in Version
2.7.10

Severity Score
High

The vulnerability has been patched, so you should update to version 2.7.10.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.

Plugin Slug
groundhogg

Installations
2,000+

Vulnerability
Multiple Missing Authorization

Patched in Version
2.7.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.10.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.

Plugin Slug
groundhogg

Installations
2,000+

Vulnerability
Auth. Stored Cross-Site Scripting (XSS)

Patched in Version
2.7.10

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.7.10.

OTP Login Woocommerce & Gravity Forms

Product image for OTP Login Woocommerce & Gravity Forms.

Plugin Slug
mobile-login-woocommerce

Installations
2,000+

Vulnerability
Authentication Bypass to Privilege Escalation

Patched in Version
2.3

Severity Score
High

The vulnerability has been patched, so you should update to version 2.3.

Multiple Page Generator Plugin

Product image for Multiple Page Generator Plugin – MPG.

Plugin Slug
multiple-pages-generator-by-porthas

Installations
2,000+

Vulnerability
Authenticated (Administrator+) SQL Injection

Patched in Version
3.3.18

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.18.

Multiple Page Generator Plugin

Product image for Multiple Page Generator Plugin – MPG.

Plugin Slug
multiple-pages-generator-by-porthas

Installations
2,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.3.18

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.3.18.

Predictive Search for WooCommerce

Product image for Predictive Search for WooCommerce.

Plugin Slug
woocommerce-predictive-search

Installations
2,000+

Vulnerability
Broken Access Control

Patched in Version
5.8.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.8.1.

video carousel slider with lightbox

Product image for video carousel slider with lightbox.

Plugin Slug
wp-responsive-video-gallery-with-lightbox

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.23

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.23.

Zotpress

Product image for Zotpress.

Plugin Slug
zotpress

Installations
2,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
7.3.4

Severity Score
High

The vulnerability has been patched, so you should update to version 7.3.4.

BP Social Connect

Product image for BP Social Connect.

Plugin Slug
bp-social-connect

Installations
1,000+

Vulnerability
Authentication Bypass

Patched in Version
1.6.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.6.2.

EventPrime

Product image for EventPrime – Modern Events Calendar, Bookings and Tickets.

Plugin Slug
eventprime-event-calendar-management

Installations
1,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
3.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.0.

EventPrime

Product image for EventPrime – Modern Events Calendar, Bookings and Tickets.

Plugin Slug
eventprime-event-calendar-management

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.0

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.0.

Novelist

Product image for Novelist.

Plugin Slug
novelist

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.1.

reCAPTCHA for all

Product image for reCAPTCHA and Cloudflare Turnstile For All Pages, to Block Spam and Hackers Attack, Block Visitors from China.

Plugin Slug
recaptcha-for-all

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
1.23

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.23.

Smart App Banner

Product image for Smart App Banner.

Plugin Slug
smart-app-banner

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.

WIP Custom Login

Product image for WIP Custom Login.

Plugin Slug
wip-custom-login

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.0.

WishSuite – Wishlist for WooCommerce

Product image for WishSuite – Wishlist for WooCommerce.

Plugin Slug
wishsuite

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.5.

WooDiscuz – WooCommerce Comments

Product image for WooDiscuz – WooCommerce Comments.

Plugin Slug
woodiscuz-woocommerce-comments

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.0.

Video Gallery

Product image for Video Gallery.

Plugin Slug
video-slider-with-thumbnails

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.11

Severity Score
High

The vulnerability has been patched, so you should update to version 1.0.11.

Predictive Search

Product image for Predictive Search.

Plugin Slug
predictive-search

Installations
20+

Vulnerability
Missing Authorization

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

Ricerca smart and advanced search

Product image for Ricerca – advanced search.

Plugin Slug
ricerca-smart-search

Installations
20+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.16

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.16.

AutomateWoo

Plugin
AutomateWoo

Plugin Slug
automatewoo

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
5.7.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.7.2.

AutomateWoo

Plugin
AutomateWoo

Plugin Slug
automatewoo

Vulnerability
Manager+ SQL Injection

Patched in Version
5.7.2

Severity Score
High

The vulnerability has been patched, so you should update to version 5.7.2.

Duplicator Pro

Plugin
Duplicator Pro

Plugin Slug
duplicator-pro

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.5.11.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.11.1.

Essential Addons for Elementor Pro

Plugin
Essential Addons for Elementor Pro

Plugin Slug
essential-addons-elementor

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
5.4.9

Severity Score
High

The vulnerability has been patched, so you should update to version 5.4.9.

Essential Addons for Elementor Pro

Plugin
Essential Addons for Elementor Pro

Plugin Slug
essential-addons-elementor

Vulnerability
Unauthenticated Server Side Request Forgery (SSRF)

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

Rank Math SEO PRO

Plugin
Rank Math SEO PRO

Plugin Slug
seo-by-rank-math-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.36

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.36.

LearnDash LMS

Plugin
LearnDash LMS

Plugin Slug
sfwd-lms

Vulnerability
Auth. SQL Injection (SQLi)

Patched in Version
4.5.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.3.1.

WooCommerce Bookings

Plugin
WooCommerce Bookings

Plugin Slug
woocommerce-bookings

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
1.15.79

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.15.79.

WooCommerce Brands

Plugin
WooCommerce Brands

Plugin Slug
woocommerce-brands

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
1.6.46

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.6.46.

WooCommerce Composite Products

Plugin
WooCommerce Composite Products

Plugin Slug
woocommerce-composite-products

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
8.7.6

Severity Score
High

The vulnerability has been patched, so you should update to version 8.7.6.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Arbitrary File Upload

Patched in Version
4.9.50

Severity Score
Critical

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
4.9.50

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Multiple Cross Site Request Forgery (CSRF)

Patched in Version
4.9.50

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Pre-Orders

Plugin
WooCommerce Pre-Orders

Plugin Slug
woocommerce-pre-orders

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
2.0.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.1.

WooCommerce Pre-Orders

Plugin
WooCommerce Pre-Orders

Plugin Slug
woocommerce-pre-orders

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
2.0.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.0.0.

WooCommerce Product Add-ons

Plugin
WooCommerce Product Add-ons

Plugin Slug
woocommerce-product-addons

Vulnerability
Authenticated PHP Object Injection

Patched in Version
6.2.0

Severity Score
High

The vulnerability has been patched, so you should update to version 6.2.0.

WooCommerce Product Add-ons

Plugin
WooCommerce Product Add-ons

Plugin Slug
woocommerce-product-addons

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
6.2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.0.

WooCommerce Product Recommendations

Plugin
WooCommerce Product Recommendations

Plugin Slug
woocommerce-product-recommendations

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.3.0.

WooCommerce Ship to Multiple Addresses

Plugin
WooCommerce Ship to Multiple Addresses

Plugin Slug
woocommerce-shipping-multiple-addresses

Vulnerability
Insecure Direct Object References (IDOR)

Patched in Version
3.8.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.8.4.

WooCommerce Warranty Requests

Plugin
WooCommerce Warranty Requests

Plugin Slug
woocommerce-warranty

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.1.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.7.

Predictive Search

Plugin
E-Commerce Predictive Search

Plugin Slug
wp-e-commerce-predictive-search

Vulnerability
Missing Authorization

Patched in Version
1.2.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.3.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Easy Forms for Mailchimp

Product image for Easy Forms for Mailchimp.

Plugin Slug
yikes-inc-easy-mailchimp-extender

Installations
100,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Scripts n Styles

Product image for Scripts n Styles.

Plugin Slug
scripts-n-styles

Installations
30,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easing Slider

Product image for Easing Slider.

Plugin Slug
easing-slider

Installations
20,000+

Vulnerability
Plugin Settings Reset

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP htaccess Control

Product image for WP htaccess Control.

Plugin Slug
wp-htaccess-control

Installations
8,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Custom Post Type Generator

Product image for Custom Post Type Generator.

Plugin Slug
custom-post-type-generator

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Leyka

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Privilege Escalation

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Leyka

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Baidu Tongji generator

Plugin Slug
baidu-tongji-generator

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Captcha

Plugin Slug
easy-captcha

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Captcha

Plugin Slug
easy-captcha

Installations
1,000+

Vulnerability
Refletced Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Stop Referrer Spam

Product image for Stop Referrer Spam.

Plugin Slug
stop-referrer-spam

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP-Hijri

Product image for WP-Hijri.

Plugin Slug
wp-hijri

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Front End Users

Product image for Front End Users.

Plugin Slug
front-end-only-users

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Cookie Monster

Plugin Slug
cookiemonster

Installations
800+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Jazz Popups

Product image for Jazz Popups.

Plugin Slug
jazz-popups

Installations
700+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Jazz Popups

Product image for Jazz Popups.

Plugin Slug
jazz-popups

Installations
700+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

WP Multi Store Locator

Product image for WP Multi Store Locator.

Plugin Slug
wp-multi-store-locator

Installations
500+

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

File Away

Plugin
File Away

Plugin Slug
file-away

Vulnerability
Contributor+ Stored XSS via Shortcode

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

nuajik CDN

Product image for nuajik.

Plugin Slug
nuajik-cdn

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SEO Change Monitor

Plugin Slug
seo-change-monitor

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Waiting: One-click countdowns

Plugin
Waiting: One-click countdowns

Plugin Slug
waiting

Vulnerability
Authenticated (Subscriber+) Stored Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WeSecur Security

Plugin
WeSecur Security

Plugin Slug
wesecur-security

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

SparkleStore

Product image for SparkleStore.

Theme Slug
sparklestore

Downloads
157,360

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

MetroStore

Product image for MetroStore.

Theme Slug
metrostore

Downloads
149,017

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

BuzzStore

Product image for BuzzStore.

Theme Slug
buzzstore

Downloads
103,769

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

SpiderMag

Product image for SpiderMag.

Theme Slug
spidermag

Downloads
60,716

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Craft Blog

Product image for Craft Blog.

Theme Slug
craft-blog

Downloads
42,112

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Kingcabs

Product image for Kingcabs.

Theme Slug
kingcabs

Downloads
33,701

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Medical Heed

Product image for Medical Heed.

Theme Slug
medical-heed

Downloads
27,651

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Appzend

Product image for Appzend.

Theme Slug
appzend

Downloads
19,919

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Fitness Park

Product image for Fitness Park.

Theme Slug
fitness-park

Downloads
18,803

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Kathmag

Product image for Kathmag.

Theme Slug
kathmag

Downloads
16,375

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Online eStore

Product image for Online eStore.

Theme Slug
online-estore

Downloads
14,574

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
May 25, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter