• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – May 31, 2023

WordPress Vulnerability Report – May 31, 2023

Written by

Dan Knauss

on

May 31, 2023

Last Updated on May 31, 2023

On May 20, 2023, WordPress 6.2.2 was released to address a regression — a bug introduced in 6.2.1 that broke shortcode functionality — as well as a security issue. Because 6.2.2 is a security release, you should update your sites immediately. All versions since WordPress 5.9 have also been updated. The next major version of WordPress Core, slated for an August release, will be 6.3.

WordPress core has been updated to secure one vulnerability disclosed with its 6.2.2 release. In the plugin and theme ecosystem, 85 total vulnerabilities emerged in public disclosure. They may affect over 12 million WordPress sites. Out of the total number, there are 57 plugin vulnerabilities and 2 theme vulnerabilities that have security patches available.

Additionally, there are 25 plugin vulnerabilities and 1 theme vulnerability with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

WordPress Core

Vulnerability
Unauth. Shortcode Execution

Patched in Version
6.2.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.2.2.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Elementor

Product image for Elementor Website Builder – More than Just a Page Builder.

Plugin Slug
elementor

Installations
5,000,000+

Vulnerability
Broken Access Control

Patched in Version
3.13.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.13.3.

Jetpack

Product image for Jetpack – WP Security, Backup, Speed, & Growth.

Plugin Slug
jetpack

Installations
5,000,000+

Vulnerability
Arbitrary File Overwrite

Patched in Version
12.1.1

Severity Score
Critical

The vulnerability has been patched, so you should update to version 12.1.1.

WooCommerce Shipping & Tax

Product image for WooCommerce Shipping & Tax.

Plugin Slug
woocommerce-services

Installations
900,000+

Vulnerability
Stored Cross Site Scripting (XSS)

Patched in Version
2.2.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.5.

Unlimited Elements For Elementor

Product image for Unlimited Elements For Elementor (Free Widgets, Addons, Templates).

Plugin Slug
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability
Unrestricted Zip Extraction

Patched in Version
1.5.61

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.5.61.

Custom Twitter Feeds

Product image for Custom Twitter Feeds (Tweets Widget).

Plugin Slug
custom-twitter-feeds

Installations
100,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.

Contact Form Entries

Product image for Contact Form Entries – Contact Form 7, WPforms and more.

Plugin Slug
contact-form-entries

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.3.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.1.

Contact Form Entries

Product image for Contact Form Entries – Contact Form 7, WPforms and more.

Plugin Slug
contact-form-entries

Installations
60,000+

Vulnerability
Auth. SQL Injection

Patched in Version
1.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.3.1.

WP-Matomo Integration (WP-Piwik)

Product image for WP-Matomo Integration (WP-Piwik).

Plugin Slug
wp-piwik

Installations
60,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.0.28

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.28.

Ultimate Dashboard

Product image for Ultimate Dashboard – Custom WordPress Dashboard.

Plugin Slug
ultimate-dashboard

Installations
50,000+

Vulnerability
Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

Patched in Version
3.7.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.7.6.

Easy Google Maps

Product image for Easy Google Maps.

Plugin Slug
google-maps-easy

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.11.8

Severity Score
High

The vulnerability has been patched, so you should update to version 1.11.8.

JetFormBuilder

Product image for JetFormBuilder — Dynamic Blocks Form Builder.

Plugin Slug
jetformbuilder

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
3.0.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.7.

BEAR

Product image for BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.

Plugin Slug
woo-bulk-editor

Installations
30,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.3.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.2.

Download Plugin

Product image for Download Plugin.

Plugin Slug
download-plugin

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.0.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.5.

Uncanny Automator

Product image for Uncanny Automator – Automate everything with the #1 no-code Automation tool for WordPress.

Plugin Slug
uncanny-automator

Installations
20,000+

Vulnerability
Cross-Site Request Forgery via update_automator_connect

Patched in Version
4.15

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.15.

Product Gallery Slider for WooCommerce

Product image for Product Gallery Slider for WooCommerce.

Plugin Slug
woo-product-gallery-slider

Installations
20,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
2.2.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.2.9.

Unite Gallery Lite

Product image for Unite Gallery Lite.

Plugin Slug
unite-gallery-lite

Installations
10,000+

Vulnerability
Local File Inclusion

Patched in Version
1.7.60

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.60.

WP Coder

Product image for WP Coder – add custom html, css and js code.

Plugin Slug
wp-coder

Installations
10,000+

Vulnerability
Reflected Cross-Site Scripting via ‘page’ parameter

Patched in Version
2.5.6

Severity Score
High

The vulnerability has been patched, so you should update to version 2.5.6.

bbp style pack

Product image for bbp style pack.

Plugin Slug
bbp-style-pack

Installations
8,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
5.5.6

Severity Score
High

The vulnerability has been patched, so you should update to version 5.5.6.

WordPress Backup & Migration

Product image for WordPress Backup & Migration.

Plugin Slug
wp-migration-duplicator

Installations
8,000+

Vulnerability
Broken Access Control

Patched in Version
1.4.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.1.

Drop Shadow Boxes

Product image for Drop Shadow Boxes.

Plugin Slug
drop-shadow-boxes

Installations
6,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.7.11

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.7.11.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_delete_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_bulk_delete_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_bulk_deactivate_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_deactivate_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_duplicate_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WP EasyCart

Product image for Shopping Cart & eCommerce Store.

Plugin Slug
wp-easycart

Installations
6,000+

Vulnerability
Cross-Site Request Forgery via process_bulk_activate_product

Patched in Version
5.4.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 5.4.9.

WOLF

Product image for WOLF – WordPress Posts Bulk Editor and Manager Professional.

Plugin Slug
bulk-editor

Installations
5,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.0.7.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.0.7.1.

PluginOps Optin Builder

Product image for MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.

Plugin Slug
mailchimp-subscribe-sm

Installations
5,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
4.0.9.2

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.9.2.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Authentication Bypass

Patched in Version
3.9.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 3.9.2.

MStore API

Product image for MStore API.

Plugin Slug
mstore-api

Installations
5,000+

Vulnerability
Authentication Bypass

Patched in Version
3.9.3

Severity Score
Critical

The vulnerability has been patched, so you should update to version 3.9.3.

Download Theme

Product image for Download Theme.

Plugin Slug
download-theme

Installations
4,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.0.

OAuth Single Sign On – SSO (OAuth Client)

Product image for OAuth Single Sign On – SSO (OAuth Client).

Plugin Slug
miniorange-login-with-eve-online-google-facebook

Installations
4,000+

Vulnerability
Broken Authentication

Patched in Version
6.23.4

Severity Score
High

The vulnerability has been patched, so you should update to version 6.23.4.

WS Form LITE

Product image for WS Form LITE – Drag & Drop Contact Form Builder for WordPress.

Plugin Slug
ws-form

Installations
4,000+

Vulnerability
CAPTCHA Bypass

Patched in Version
1.9.118

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.9.118.

Multiple Page Generator Plugin – MPG

Product image for Multiple Page Generator Plugin – MPG.

Plugin Slug
multiple-pages-generator-by-porthas

Installations
2,000+

Vulnerability
SQL Injection

Patched in Version
3.3.20

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.20.

Bubble Menu

Product image for Bubble Menu – circle floating menu.

Plugin Slug
bubble-menu

Installations
1,000+

Vulnerability
Reflected Cross-Site Scripting via ‘page’ parameter

Patched in Version
3.0.4

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.4.

EventPrime

Product image for EventPrime – Modern Events Calendar, Bookings and Tickets.

Plugin Slug
eventprime-event-calendar-management

Installations
1,000+

Vulnerability
Sensitive Data Exposure

Patched in Version
3.0.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.0.0.

EventPrime

Product image for EventPrime – Modern Events Calendar, Bookings and Tickets.

Plugin Slug
eventprime-event-calendar-management

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.0

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.0.

Novelist

Product image for Novelist.

Plugin Slug
novelist

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.2.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.2.1.

Smart App Banner

Product image for Smart App Banner.

Plugin Slug
smart-app-banner

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.1.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.3.

Telegram Bot & Channel

Product image for Telegram Bot & Channel.

Plugin Slug
telegram-bot

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
3.6.3

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.6.3.

WIP Custom Login

Product image for WIP Custom Login.

Plugin Slug
wip-custom-login

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
1.3.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.3.0.

WP-Hijri

Product image for WP-Hijri.

Plugin Slug
wp-hijri

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
1.5.2

Severity Score
High

The vulnerability has been patched, so you should update to version 1.5.2.

YouTube Playlist Player

Product image for YouTube Playlist Player.

Plugin Slug
youtube-playlist-player

Installations
1,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
4.6.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.6.5.

Duplicator Pro

Plugin
Duplicator Pro

Plugin Slug
duplicator-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
4.5.11.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.11.1.

Go Pricing – WordPress Responsive Pricing Tables

Plugin
Go Pricing

Plugin Slug
go-pricing-wordpress-responsive-pricing-tables

Vulnerability
Authenticated (Subscriber+) PHP Object Injection

Patched in Version
3.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 3.4.

Gravity Forms

Plugin
Gravity Forms

Plugin Slug
gravityforms

Vulnerability
Unauthenticated PHP Object Injection

Patched in Version
2.7.4

Severity Score
High

The vulnerability has been patched, so you should update to version 2.7.4.

Qubotchat

Product image for QuBot – Chatbot Builder with Templates.

Plugin Slug
qubotchat

Vulnerability
Admin+ Stored Cross Site Scripting (XSS)

Patched in Version
1.1.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.1.6.

Rank Math SEO PRO

Plugin
Rank Math SEO PRO

Plugin Slug
seo-by-rank-math-pro

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
3.0.36

Severity Score
High

The vulnerability has been patched, so you should update to version 3.0.36.

LearnDash LMS

Plugin
LearnDash LMS

Plugin Slug
sfwd-lms

Vulnerability
Auth. SQL Injection (SQLi)

Patched in Version
4.5.3.1

Severity Score
High

The vulnerability has been patched, so you should update to version 4.5.3.1.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Follow-Up Emails Manager+ SQL Injection

Patched in Version
4.9.51

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.51.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Arbitrary File Upload

Patched in Version
4.9.50

Severity Score
Critical

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
4.9.50

Severity Score
High

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Follow-Up Emails

Plugin
WooCommerce Follow-Up Emails

Plugin Slug
woocommerce-follow-up-emails

Vulnerability
Multiple Cross Site Request Forgery (CSRF)

Patched in Version
4.9.50

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.9.50.

WooCommerce Product Vendors

Plugin
WooCommerce Product Vendors

Plugin Slug
woocommerce-product-vendors

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.1.77

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.77.

WooCommerce Product Vendors

Plugin
WooCommerce Product Vendors

Plugin Slug
woocommerce-product-vendors

Vulnerability
Vendor Admin+ SQL Injection

Patched in Version
2.1.77

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.77.

WooCommerce Warranty Requests

Plugin
WooCommerce Warranty Requests

Plugin Slug
woocommerce-warranty

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
2.1.7

Severity Score
High

The vulnerability has been patched, so you should update to version 2.1.7.

Yoast SEO: Local

Plugin
Yoast SEO: Local

Plugin Slug
wpseo-local

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
15.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 15.0.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Tutor LMS

Product image for Tutor LMS – eLearning and online course solution.

Plugin Slug
tutor

Installations
70,000+

Vulnerability
Multiple Broken Access Control

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Button Generator

Product image for Button Generator – easily Button Builder.

Plugin Slug
button-generation

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Flickr Justified Gallery

Product image for Flickr Justified Gallery.

Plugin Slug
flickr-justified-gallery

Installations
6,000+

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Google Map Shortcode

Plugin Slug
google-map-shortcode

Installations
4,000+

Vulnerability
Contributor+ Stored XSS

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Product Categories Selection Widget

Product image for WooCommerce Product Categories Selection Widget.

Plugin Slug
woocommerce-product-category-selection-widget

Installations
3,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Custom Post Type Generator

Product image for Custom Post Type Generator.

Plugin Slug
custom-post-type-generator

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Leyka

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Privilege Escalation

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Leyka

Product image for Leyka.

Plugin Slug
leyka

Installations
2,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Easy Admin Menu

Product image for Easy Admin Menu.

Plugin Slug
easy-admin-menu

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Captcha

Plugin Slug
easy-captcha

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Easy Captcha

Plugin Slug
easy-captcha

Installations
1,000+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Recently Viewed Products

Plugin Slug
recently-viewed-products

Installations
1,000+

Vulnerability
PHP Object Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

This Day In History

Product image for This Day In History.

Plugin Slug
this-day-in-history

Installations
1,000+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

SKU Label Changer For WooCommerce

Product image for SKU Label Changer For WooCommerce.

Plugin Slug
woo-sku-label-changer

Installations
1,000+

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Front End Users

Product image for Front End Users.

Plugin Slug
front-end-only-users

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

UTM Tracker

Product image for UTM Tracker.

Plugin Slug
utm-tracker

Installations
900+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

QueryWall

Product image for QueryWall: Plug'n Play Firewall.

Plugin Slug
querywall

Installations
500+

Vulnerability
Admin+ SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

SlideOnline

Product image for SlideOnline.

Plugin Slug
slideonline

Installations
500+

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

IP Metaboxes

Product image for IP Metaboxes.

Plugin Slug
ip-metaboxes

Installations
100+

Vulnerability
Reflected Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

IP Metaboxes

Product image for IP Metaboxes.

Plugin Slug
ip-metaboxes

Installations
100+

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

SIS Handball

Plugin Slug
sis-handball

Installations
30+

Vulnerability
SQL Injection

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched. You should deactivate the plugin.

Responsive Tabs For WPBakery Page Builder

Plugin
Responsive Tabs For WPBakery Page Builder

Plugin Slug
responsive-tabs-for-wpbakery

Vulnerability
Contributor+ Stored Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Video Contest WordPress Plugin

Plugin
Video Contest WordPress Plugin

Plugin Slug
video-contest

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

Video Contest WordPress Plugin

Plugin
Video Contest WordPress Plugin

Plugin Slug
video-contest

Vulnerability
Cross Site Scripting (XSS)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should deactivate the plugin.

WP Tiles

Plugin
WP Tiles

Plugin Slug
wp-tiles

Vulnerability
Cross Site Request Forgery (CSRF)

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

HashOne

Product image for HashOne.

Theme Slug
hashone

Downloads
160,367

Vulnerability
Broken Access Control

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched. You should switch themes.

Viral

Product image for Viral.

Theme Slug
viral

Downloads
144,927

Vulnerability
Broken Access Control

Patched in Version
1.8.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.1.

Viral News

Product image for Viral News.

Theme Slug
viral-news

Downloads
86,793

Vulnerability
Broken Access Control

Patched in Version
1.4.6

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.6.
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Source link

Written by:
Abdul Wahid
Published on:
June 12, 2023

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter