
[ad_1]
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our gadidas online wigs for women cheap human hair wigs cheap human hair lace front wigs best sex toys for couples nike air jordan store air jordan sale dallas cowboys football best wigs for white women nike air max for sale nfl chicago bears custom jerseys cheap sex toys nba jersey customized wigs shop oal is to help you decide what to do if you are using one of these vulnerable plugins or themes […]
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
Am I Vulnerable?
If you are an iThemes Security or Security Pro user, the Site Scan feature will notify you of any vulnerabilities in WordPress, plugins, and themes you have installed. You can also review the following list of new vulnerabilities and check them against your installed plugins and themes.
Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone!
How Bad Is It?
Each vulnerability will have a severity rating of low, medium, high, or critical. Severity levels do not indicate whether a vulnerability is being actively exploited or not. A severity rating indicates how easy it would be for an attacker to exploit the vulnerability and how damaging the impact of an effective exploit could be.
We will highlight active exploits as we become aware of them.
Vulnerabilities are assessed by many different authorities, who each interpret risk with their own perspective and priorities. We are providing you with Patchstack’s risk assessment for WordPress site owners like you.
Is There An Update?
The most important information about a vulnerability is whether it has been patched or not.
If a patch or security release exists to secure the vulnerability, you will see a note about this in a green footer closing the individual vulnerability report. You should immediately update the vulnerable software to the highest version available.
Please be aware that even a deactivated plugin or theme may be exploited by attackers as long as it remains installed in WordPress. You should either update or delete vulnerable plugins and themes as soon as possible when a vulnerability emerges in them.
What Should I Do?
If no update is available for a vulnerable plugin or theme that you are actively using, you will see a red footer closing the individual vulnerability report with a warning that no update has been provided yet. We will also highlight vulnerable plugins and themes that have no known fix.
Popular, widely used plugins and themes that remain vulnerable form a uniquely large and attractive attack surface so we will call special attention to them.
You should weigh the costs and benefits of removing vulnerable plugins and themes with no known fix. If they have been dropped from the wordpress.org repositories, we will note their status is “closed.” We recommend adopting a different, secure solution as soon as possible for plugins designated “closed” or that have “no known fix” forthcoming.
It is urgent to remove unpatched themes and plugins with vulnerabilities of any severity if they are being actively exploited and there’s no security update available.

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.
Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.
The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.
WordPress Core News
WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.
WordPress 6.2 Beta 1
WordPress 6.2 Beta 1 is ready for download and testing! The current target for the final release is March 28, 2023. With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.
There is a known unpatched vulnerability in WordPress core affecting all versions of WordPress. If you’re using iThemes Security, you’ve probably been alerted to this. As we are unsure when this very low-severity vulnerability will be patched, emails from iThemes Security will no longer alert for this specific vulnerability. Read our blog post about this vulnerability. (https://acatimes.com)
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
WordPress Plugin Vulnerabilities
In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress All In One WP Security & Firewall plugin
- Plugin Slug
- all-in-one-wp-security-and-firewall
- Installations
- 1,000,000+
- Vulnerability
- Authenticated(Admin+) Directory Traversal vulnerability
- Patched in Version
- 5.1.5
- Severity Score
- Medium
WordPress Starter Templates plugin
- Plugin Slug
- astra-sites
- Installations
- 1,000,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.1.21
- Severity Score
- Medium
WordPress Ocean Extra plugin
- Plugin Slug
- ocean-extra
- Installations
- 700,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.3
- Severity Score
- Medium
WordPress Ocean Extra plugin
- Plugin Slug
- ocean-extra
- Installations
- 700,000+
- Vulnerability
- Subscriber+ Arbitrary Post Content Disclosure
- Patched in Version
- 2.1.3
- Severity Score
- Medium
WordPress WordPress Gallery Plugin – NextGEN Gallery plugin
- Plugin Slug
- nextgen-gallery
- Installations
- 600,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.29
- Severity Score
- Medium
WordPress ProfilePress plugin
- Plugin Slug
- wp-user-avatar
- Installations
- 300,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.5.5
- Severity Score
- Medium
WordPress Contextual Related Posts plugin
- Plugin Slug
- contextual-related-posts
- Installations
- 70,000+
- Vulnerability
- Missing Authorization in crp_ajax_clearcache
- Patched in Version
- 3.3.2
- Severity Score
- Medium
WordPress Media Library Assistant plugin
- Plugin Slug
- media-library-assistant
- Installations
- 70,000+
- Vulnerability
- Admin+ SQL Injection
- Patched in Version
- 3.06
- Severity Score
- Medium
WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin
- Plugin Slug
- wpdatatables
- Installations
- 70,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.50
- Severity Score
- Medium
WordPress Profile Builder plugin
- Plugin Slug
- profile-builder
- Installations
- 60,000+
- Vulnerability
- Sensitive Information Disclosure via Shortcode
- Patched in Version
- 3.9.1
- Severity Score
- Medium
WordPress WP Table Builder – WordPress Table Plugin plugin
- Plugin Slug
- wp-table-builder
- Installations
- 60,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.7
- Severity Score
- Medium
WordPress Ditty plugin
- Plugin Slug
- ditty-news-ticker
- Installations
- 40,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.33
- Severity Score
- Medium
WordPress Quiz And Survey Master plugin
- Plugin Slug
- quiz-master-next
- Installations
- 40,000+
- Vulnerability
- Unauthenticated Arbitrary Media Deletion
- Patched in Version
- 8.0.9
- Severity Score
- Medium
WordPress The Post Grid plugin
- Plugin Slug
- the-post-grid
- Installations
- 40,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 5.0.5
- Severity Score
- Medium
WordPress Visualizer: Tables and Charts Manager for WordPress plugin
- Plugin Slug
- visualizer
- Installations
- 40,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.9.5
- Severity Score
- Medium
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin
- Plugin Slug
- miniorange-login-openid
- Installations
- 30,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 7.6.0
- Severity Score
- Medium
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin
- Plugin Slug
- miniorange-login-openid
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 7.6.0
- Severity Score
- Medium
WordPress Top 10 – Popular posts plugin for WordPress plugin
- Plugin Slug
- top-10
- Installations
- 30,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 3.2.4
- Severity Score
- Medium
WordPress Uncanny Toolkit for LearnDash plugin
- Plugin Slug
- uncanny-learndash-toolkit
- Installations
- 30,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.6.4.2
- Severity Score
- Medium
WordPress Advanced Dynamic Pricing for WooCommerce plugin
- Plugin Slug
- advanced-dynamic-pricing-for-woocommerce
- Installations
- 20,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 4.1.6
- Severity Score
- Medium
WordPress Interactive Geo Maps plugin
- Plugin Slug
- interactive-geo-maps
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.9
- Severity Score
- Medium
WordPress Link Juice Keeper plugin
- Plugin Slug
- link-juice-keeper
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.3
- Severity Score
- Medium
WordPress TeraWallet – For WooCommerce plugin
- Plugin Slug
- woo-wallet
- Installations
- 20,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.4.0
- Severity Score
- Medium
WordPress Wp-Insert plugin
- Plugin Slug
- wp-insert
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.5.1
- Severity Score
- Medium
WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin
- Plugin Slug
- better-robots-txt
- Installations
- 10,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.4.6
- Severity Score
- Medium
WordPress Conditional Payments for WooCommerce plugin
- Plugin Slug
- conditional-payments-for-woocommerce
- Installations
- 10,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 2.3.2
- Severity Score
- Medium
WordPress RegistrationMagic plugin
- Plugin Slug
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability
- Multiple Cross Site Request Forgery (CSRF)
- Patched in Version
- 5.1.9.3
- Severity Score
- Medium
WordPress Video Gallery – YouTube Gallery plugin
- Plugin Slug
- gallery-videos
- Installations
- 10,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.7.7
- Severity Score
- High
WordPress Video Gallery – YouTube Gallery plugin
- Plugin Slug
- gallery-videos
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.7
- Severity Score
- Medium
WordPress GamiPress plugin
- Plugin Slug
- gamipress
- Installations
- 10,000+
- Vulnerability
- Unauthenticated SQL Injection
- Patched in Version
- 2.5.7.1
- Severity Score
- High
WordPress GamiPress plugin
- Plugin Slug
- gamipress
- Installations
- 10,000+
- Vulnerability
- CSRF Leading to Settings Change
- Patched in Version
- 2.5.7
- Severity Score
- Medium
WordPress GamiPress plugin
- Plugin Slug
- gamipress
- Installations
- 10,000+
- Vulnerability
- Missing Authorization Leading to Points Manipulation
- Patched in Version
- 2.5.7
- Severity Score
- Medium
WordPress Opt-Out for Google Analytics plugin
- Plugin Slug
- google-analytics-opt-out
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.3.5
- Severity Score
- Medium
WordPress Scriptless Social Sharing plugin
- Plugin Slug
- scriptless-social-sharing
- Installations
- 10,000+
- Vulnerability
- Contributor+ Stored XSS
- Patched in Version
- 3.2.2
- Severity Score
- Medium
WordPress UsersWP plugin
- Plugin Slug
- userswp
- Installations
- 10,000+
- Vulnerability
- CSV Injection
- Patched in Version
- 1.2.3.10
- Severity Score
- Medium
WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin
- Plugin Slug
- woo-alidropship
- Installations
- 10,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.0.22
- Severity Score
- Medium
WordPress WP Coder plugin
- Plugin Slug
- wp-coder
- Installations
- 10,000+
- Vulnerability
- Admin+ SQL Injection
- Patched in Version
- 2.5.4
- Severity Score
- Medium
WordPress WP VR 360 Panorama and Virtual Tour Builder plugin
- Plugin Slug
- wpvr
- Installations
- 10,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 8.2.8
- Severity Score
- Medium
WordPress TinyMCE Custom Styles plugin
- Plugin Slug
- tinymce-custom-styles
- Installations
- 9,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.3
- Severity Score
- Medium
WordPress Cart All In One For WooCommerce plugin
- Plugin Slug
- woo-cart-all-in-one
- Installations
- 9,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.1.11
- Severity Score
- Medium
WordPress JSON Content Importer plugin
- Plugin Slug
- json-content-importer
- Installations
- 8,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.16
- Severity Score
- Medium
WordPress Shoppable Images plugin
- Plugin Slug
- mabel-shoppable-images-lite
- Installations
- 8,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.2.4
- Severity Score
- Medium
WordPress Simple Yearly Archive plugin
- Plugin Slug
- simple-yearly-archive
- Installations
- 8,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.9
- Severity Score
- Medium
WordPress Gutenberg Blocks by WordPress Download Manager plugin
- Plugin Slug
- wpdm-gutenberg-blocks
- Installations
- 8,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.9
- Severity Score
- Medium
WordPress Meta slider and carousel with lightbox plugin
- Plugin Slug
- meta-slider-and-carousel-with-lightbox
- Installations
- 7,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.7
- Severity Score
- Medium
WordPress Podlove Podcast Publisher plugin
- Plugin Slug
- podlove-podcasting-plugin-for-wordpress
- Installations
- 7,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.8.4
- Severity Score
- Medium
WordPress Portfolio – WordPress Portfolio Plugin plugin
- Plugin Slug
- tlp-portfolio
- Installations
- 7,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.8.11
- Severity Score
- Medium
WordPress Zeno Font Resizer plugin
- Plugin Slug
- zeno-font-resizer
- Installations
- 7,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.0
- Severity Score
- Medium
WordPress AutomatorWP plugin
- Plugin Slug
- automatorwp
- Installations
- 6,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 2.5.9
- Severity Score
- Medium
WordPress Blockonomics plugin
- Plugin Slug
- blockonomics-bitcoin-payments
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.5.8
- Severity Score
- High
WordPress Fancy Comments WordPress plugin
- Plugin Slug
- fancy-facebook-comments
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.11
- Severity Score
- Medium
WordPress Publish to Schedule plugin
- Plugin Slug
- publish-to-schedule
- Installations
- 5,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 4.5.4
- Severity Score
- Medium
WordPress Tickera – WordPress Event Ticketing plugin
- Plugin Slug
- tickera-event-ticketing-system
- Installations
- 5,000+
- Vulnerability
- CSRF Leading To Post Status Change
- Patched in Version
- 3.5.1.1
- Severity Score
- Medium
WordPress VikBooking Hotel Booking Engine & PMS plugin
- Plugin Slug
- vikbooking
- Installations
- 5,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.6.0
- Severity Score
- Medium
WordPress OAuth Single Sign On – SSO (OAuth Client) plugin
- Plugin Slug
- miniorange-login-with-eve-online-google-facebook
- Installations
- 4,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 6.24.2
- Severity Score
- Medium
WordPress Community by PeepSo plugin
- Plugin Slug
- peepso-core
- Installations
- 4,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 6.0.3
- Severity Score
- Medium
WordPress Podlove Subscribe Button plugin
- Plugin Slug
- podlove-subscribe-button
- Installations
- 4,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.3.9
- Severity Score
- Medium
WordPress Podlove Subscribe button plugin
- Plugin Slug
- podlove-subscribe-button
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.9
- Severity Score
- Medium
WordPress Multi Rating plugin
- Plugin Slug
- multi-rating
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 5.0.6
- Severity Score
- High
WordPress Product Reviews Import Export for WooCommerce plugin
- Plugin Slug
- product-reviews-import-export-for-woocommerce
- Installations
- 3,000+
- Vulnerability
- Unauth. CSV Injection
- Patched in Version
- 1.4.9
- Severity Score
- Medium
WordPress Quick Contact Form plugin
- Plugin Slug
- quick-contact-form
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 8.0.4
- Severity Score
- Medium
WordPress Quick Event Manager plugin
- Plugin Slug
- quick-event-manager
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 9.6.5
- Severity Score
- Medium
WordPress Quick Paypal Payments plugin
- Plugin Slug
- quick-paypal-payments
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 5.7.26
- Severity Score
- High
WordPress Quick Paypal Payments plugin
- Plugin Slug
- quick-paypal-payments
- Installations
- 3,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 5.7.26
- Severity Score
- High
WordPress Quick Paypal Payments plugin
- Plugin Slug
- quick-paypal-payments
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 5.7.26
- Severity Score
- Medium
WordPress Quick Paypal Payments plugin
- Plugin Slug
- quick-paypal-payments
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 5.7.26
- Severity Score
- Medium
WordPress WP Custom Fields Search plugin
- Plugin Slug
- wp-custom-fields-search
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.35
- Severity Score
- Medium
WordPress WordPress Email Marketing Plugin – WP Email Capture plugin
- Plugin Slug
- wp-email-capture
- Installations
- 3,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.10
- Severity Score
- Medium
WordPress WordPress Email Marketing Plugin – WP Email Capture plugin
- Plugin Slug
- wp-email-capture
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.10
- Severity Score
- Medium
WordPress BuddyForms plugin
- Plugin Slug
- buddyforms
- Installations
- 2,000+
- Vulnerability
- PHAR Deserialization
- Patched in Version
- 2.7.8
- Severity Score
- Medium
WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin
- Plugin Slug
- css-js-manager
- Installations
- 2,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 2.4.49.1
- Severity Score
- Medium
WordPress Locatoraid Store Locator plugin
- Plugin Slug
- locatoraid
- Installations
- 2,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.9.12
- Severity Score
- Medium
WordPress Multiple Pages Generator by Themeisle plugin
- Plugin Slug
- multiple-pages-generator-by-porthas
- Installations
- 2,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.3.10
- Severity Score
- Medium
WordPress Protected Posts Logout Button plugin
- Plugin Slug
- protected-posts-logout-button
- Installations
- 2,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.4.6
- Severity Score
- Medium
WordPress Protected Posts Logout Button plugin
- Plugin Slug
- protected-posts-logout-button
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.6
- Severity Score
- Medium
WordPress WordPress Books Gallery plugin
- Plugin Slug
- wp-books-gallery
- Installations
- 2,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 4.4.9
- Severity Score
- Medium
WordPress WPGlobus Translate Options plugin
- Plugin Slug
- wpglobus-translate-options
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.2.0
- Severity Score
- Medium
WordPress Archivist – Custom Archive Templates plugin
- Plugin Slug
- archivist-custom-archive-templates
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.7.5
- Severity Score
- Medium
WordPress Archivist – Custom Archive Templates plugin
- Plugin Slug
- archivist-custom-archive-templates
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.5
- Severity Score
- Medium
WordPress Click to Call or Chat Buttons plugin
- Plugin Slug
- click-to-call-or-chat-buttons
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.0
- Severity Score
- Medium
WordPress Clio Grow plugin
- Plugin Slug
- clio-grow-form
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.1
- Severity Score
- Medium
WordPress Calendar Event Multi View plugin
- Plugin Slug
- cp-multi-view-calendar
- Installations
- 1,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.4.15
- Severity Score
- Low
WordPress Get URL Cron plugin
- Plugin Slug
- get-url-cron
- Installations
- 1,000+
- Vulnerability
- Broken Access Control via geturlcron_action_handle
- Patched in Version
- 1.4.8
- Severity Score
- High
WordPress My Tickets plugin
- Plugin Slug
- my-tickets
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 1.9.11
- Severity Score
- Medium
WordPress Twitch Player plugin
- Plugin Slug
- ttv-easy-embed-player
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.1
- Severity Score
- Medium
WordPress Broadcast Live Video plugin
- Plugin Slug
- videowhisper-live-streaming-integration
- Installations
- 1,000+
- Vulnerability
- Remote Code Execution (RCE)
- Patched in Version
- 5.5.16
- Severity Score
- Critical
WordPress WP Dynamic Keywords Injector plugin
- Plugin Slug
- wp-dynamic-keywords-injector
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 2.3.16
- Severity Score
- Medium
WordPress WP Prayer plugin
- Plugin Slug
- wp-prayer
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.9.7
- Severity Score
- Medium
WordPress WordPress Stripe Donation plugin
- Plugin Slug
- wp-stripe-donation
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 3.1.6
- Severity Score
- Medium
WordPress Easy Panorama plugin
- Plugin Slug
- easy-panorama
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.5
- Severity Score
- Medium
WordPress Inline Tweet Sharer – Twitter Sharing Plugin plugin
- Plugin Slug
- inline-tweet-sharer
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.6
- Severity Score
- Medium
WordPress Campaign URL Builder plugin
- Plugin Slug
- campaign-url-builder
- Installations
- 400+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.2
- Severity Score
- Medium
WordPress Campaign URL Builder plugin
- Plugin Slug
- campaign-url-builder
- Installations
- 400+
- Vulnerability
- Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
- Patched in Version
- 1.8.2
- Severity Score
- Medium
WordPress WatchTowerHQ plugin
- Plugin Slug
- watchtowerhq
- Installations
- 100+
- Vulnerability
- Privilege Escalation
- Patched in Version
- 3.6.17
- Severity Score
- Critical
WordPress Interactive SVG Image Map Builder plugin
- Plugin Slug
- interactive-image-map-builder
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1
- Severity Score
- Medium
WordPress Plugin Vulnerabilities – No Known Fix
This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin from WordPress to ensure it cannot be exploited.
WordPress Google Maps v3 Shortcode plugin
- Plugin Slug
- google-maps-v3-shortcode
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Portfolio Slideshow plugin
- Plugin Slug
- portfolio-slideshow
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Simple PDF Viewer plugin
- Plugin Slug
- simple-pdf-viewer
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Ultimate WP Query Search Filter plugin
- Plugin Slug
- ultimate-wp-query-search-filter
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Theme Tweaker plugin
- Plugin Slug
- theme-tweaker-lite
- Installations
- 2,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Easy Google Analytics for WordPress plugin
- Plugin Slug
- easy-google-analytics-for-wordpress
- Installations
- 1,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WP Post Rating plugin
- Plugin Slug
- wp-post-comment-rating
- Installations
- 1,000+
- Vulnerability
- Other Vulnerability Type
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WP-RecentComments plugin
- Plugin Slug
- wp-recentcomments
- Installations
- 1,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Bing Site Verification plugin using Meta Tag plugin
- Plugin Slug
- bing-site-verification-using-meta-tag
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WordPress Custom Settings plugin
- Plugin Slug
- custom-settings
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Exquisite PayPal Donation plugin
- Plugin Slug
- exquisite-paypal-donation
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Sitemap Index plugin
- Plugin Slug
- sitemap-index
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Sponsors Carousel plugin
- Plugin Slug
- sponsors-carousel
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Stock market charts from finviz plugin
- Plugin Slug
- stock-market-charts-from-finviz
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Circles Gallery plugin
- Plugin Slug
- circles-gallery
- Installations
- 800+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress PayGreen plugin
- Plugin Slug
- paygreen-woocommerce
- Installations
- 500+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WP Resource download management plugin
- Plugin
- WP Resource download management
- Plugin Slug
- download-info-page
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Eyes Only: User Access Shortcode plugin
- Plugin
- Eyes Only: User Access Shortcode
- Plugin Slug
- eyes-only-user-access-shortcode
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Peadig’s Like & Share Button plugin
- Plugin
- Peadig’s Like & Share Button
- Plugin Slug
- facebook-like-send-button
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Feed Changer plugin
- Plugin
- Feed Changer
- Plugin Slug
- feed-changer
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Fontiran plugin
- Plugin
- Fontiran
- Plugin Slug
- fontiran
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Nooz plugin
- Plugin
- Nooz
- Plugin Slug
- nooz
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Olevmedia Shortcodes plugin
- Plugin
- Olevmedia Shortcodes
- Plugin Slug
- olevmedia-shortcodes
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WP Open Social plugin
- Plugin
- WP Open Social
- Plugin Slug
- open-social
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Service Area Postcode Checker plugin
- Plugin
- Service Area Postcode Checker
- Plugin Slug
- service-area-postcode-checker
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Social Login WP plugin
- Plugin
- Social Login WP
- Plugin Slug
- social-login-wp
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Sticky Ad Bar Plugin plugin
- Plugin
- Sticky Ad Bar Plugin
- Plugin Slug
- sticky-ad-bar
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Tapfiliate plugin
- Plugin
- Tapfiliate
- Plugin Slug
- tapfiliate
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Upload File Type Settings Plugin plugin
- Plugin
- Upload File Type Settings Plugin
- Plugin Slug
- upload-file-type-settings-plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress vSlider Multi Image Slider for WordPress plugin
- Plugin
- vSlider Multi Image Slider for WordPress
- Plugin Slug
- vslider
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress WP BaiDu Submit plugin
- Plugin
- WP BaiDu Submit
- Plugin Slug
- wp-baidu-submit
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Theme Vulnerabilities
In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress Real Estate 7 theme
- Theme
- Real Estate 7
- Theme Slug
- realestate-7
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.3.2
- Severity Score
- High
WordPress WoodMart theme
- Theme
- WoodMart
- Theme Slug
- woodmart
- Vulnerability
- Unauth Arbitrary Shortcodes Injection
- Patched in Version
- 7.1.1
- Severity Score
- Medium

[ad_2]
If you are looking for WordPress Plugins and Themes at low prices, Themes Club offers you all WordPress Plugins and Themes at prices starting at $3.99