There are no vulnerabilities to report in WordPress core this week. The ColorWay theme had a vulnerability emerge that has not been patched. 77 plugin vulnerabilities have new patches. Wicked Folders accounts for 18 of these. WordPress Shortcodes Ultimate and GamiPress each patched 3 vulnerabilities. Quick Contact Form, RSVP Maker, and Arigato Autoresponder each patched 2 vulnerabilities. Only 3 plugins with new vulnerabilities have not been patched as of this writing.adidas yeezy foam runner mens stores make a custom jersey nike air jordan black wigs for women sex toy silicone adidas ultra boost customized jerseys nfl fantasy football custom nfl jerseys cheap jerseys adidas yeezy for men nfl team shop nfl jersey for sale nike air jordan 11 legend blue best mens sex toys
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
Am I Vulnerable?
If you are an iThemes Security or Security Pro user, the Site Scan feature will notify you of any vulnerabilities in WordPress, plugins, and themes you have installed. You can also review the following list of new vulnerabilities and check them against your installed plugins and themes.
Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone !
How Bad Is It?
Each vulnerability will have a severity rating of low , medium , high , or critical . Severity levels do not indicate whether a vulnerability is being actively exploited or not. A severity rating indicates how easy it would be for an attacker to exploit the vulnerability and how damaging the impact of an effective exploit could be.
We will highlight active exploits as we become aware of them.
Vulnerabilities are assessed by many different authorities, who each interpret risk with their own perspective and priorities. We are providing you with Patchstack’s risk assessment for WordPress site owners like you.
Is There An Update?
The most important information about a vulnerability is whether it has been patched or not.
If a patch or security release exists to secure the vulnerability, you will see a note about this in a green footer closing the individual vulnerability report. You should immediately update the vulnerable software to the highest version available.
Please be aware that even a deactivated plugin or theme may be exploited by attackers as long as it remains installed in WordPress . You should either update or delete vulnerable plugins and themes as soon as possible when a vulnerability emerges in them.
What Should I Do?
If no update is available for a vulnerable plugin or theme that you are actively using, you will see a red footer closing the individual vulnerability report with a warning that no update has been provided yet. We will also highlight vulnerable plugins and themes that have no known fix.
Popular, widely used plugins and themes that remain vulnerable form a uniquely large and attractive attack surface so we will call special attention to them.
You should weigh the costs and benefits of removing vulnerable plugins and themes with no known fix. If they have been dropped from the wordpress.org repositories, we will note their status is “closed.” We recommend adopting a different, secure solution as soon as possible for plugins designated “closed” or that have “no known fix” forthcoming.
It is urgent to remove unpatched themes and plugins with vulnerabilities of any severity if they are being actively exploited and there’s no security update available.
The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.
Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.
The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.
WordPress Core News
WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.
WordPress 6.2 Beta 1
WordPress 6.2 Beta 1 is ready for download and testing! The current target for the final release is March 28, 2023. With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.
No new WordPress core vulnerabilities were disclosed this week.
There is a known unpatched vulnerability in WordPress core affecting all versions of WordPress. If you’re using iThemes Security, you’ve probably been alerted to this. As we are unsure when this very low-severity vulnerability will be patched, emails from iThemes Security will no longer alert for this specific vulnerability. Read our blog post about this vulnerability.
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
WordPress Plugin Vulnerabilities
In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress Rank Math SEO plugin
Plugin Slug
seo-by-rank-math
Installations
1,000,000+
Vulnerability
Local File Inclusion vulnerability
Patched in Version
1.0.107.3
Severity Score
High
The vulnerability has been patched, so you should update to version 1.0.107.3.
WordPress WP-Optimize plugin
Plugin Slug
wp-optimize
Installations
1,000,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.2.12
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.2.12.
WordPress Shortcodes Ultimate plugin
Plugin Slug
shortcodes-ultimate
Installations
700,000+
Vulnerability
Server Side Request Forgery (SSRF)
Patched in Version
5.12.7
Severity Score
High
The vulnerability has been patched, so you should update to version 5.12.7.
WordPress Shortcodes Ultimate plugin
Plugin Slug
shortcodes-ultimate
Installations
700,000+
Vulnerability
Arbitrary File Download
Patched in Version
5.12.7
Severity Score
High
The vulnerability has been patched, so you should update to version 5.12.7.
WordPress Shortcodes Ultimate plugin
Plugin Slug
shortcodes-ultimate
Installations
700,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.12.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.12.7.
WordPress Under Construction Plugin
Plugin Slug
under-construction-page
Installations
600,000+
Vulnerability
Multiple CSRF Vulnerabilities
Patched in Version
3.97
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.97.
WordPress Redirection for Contact Form 7 plugin
Plugin Slug
wpcf7-redirect
Installations
300,000+
Vulnerability
Privilege Escalation
Patched in Version
2.8.0
Severity Score
High
The vulnerability has been patched, so you should update to version 2.8.0.
WordPress Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin plugin
Plugin Slug
email-subscribers
Installations
100,000+
Vulnerability
CSV Injection
Patched in Version
5.5.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.5.3.
WordPress Plugin for Google Reviews plugin
Plugin Slug
widget-google-reviews
Installations
100,000+
Vulnerability
SQL Injection
Patched in Version
2.2.4
Severity Score
Critical
The vulnerability has been patched, so you should update to version 2.2.4.
WordPress Mercado Pago payments for WooCommerce plugin
Plugin Slug
woocommerce-mercadopago
Installations
100,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.4.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 6.4.0.
WordPress Mercado Pago payments for WooCommerce plugin
Plugin Slug
woocommerce-mercadopago
Installations
100,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.4.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 6.4.0.
WordPress WooLentor plugin
Plugin Slug
woolentor-addons
Installations
100,000+
Vulnerability
CSRF Leading to Plugin Settings Change Vulnerability
Patched in Version
2.5.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.2.
WordPress Auto Featured Image (Auto Post Thumbnail) plugin
Plugin Slug
auto-post-thumbnail
Installations
80,000+
Vulnerability
Authenticated(Admin+) Remote File Download vulnerability
Patched in Version
3.9.16
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.16.
WordPress Ajax Search Lite plugin
Plugin Slug
ajax-search-lite
Installations
70,000+
Vulnerability
Auth. Data Exposure vulnerability
Patched in Version
4.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.11.
WordPress A2 Optimized WP plugin
Plugin Slug
a2-optimized-wp
Installations
60,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.0.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.0.5.
WordPress Schema – All In One Schema Rich Snippets plugin
Plugin Slug
all-in-one-schemaorg-rich-snippets
Installations
60,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.6.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.6.6.
WordPress Profile Builder plugin
Plugin Slug
profile-builder
Installations
60,000+
Vulnerability
Sensitive Information Disclosure via Shortcode vulnerability
Patched in Version
3.9.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.1.
WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin
Plugin Slug
cf7-widget-elementor
Installations
40,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.2.
WordPress All-in-one Floating Contact Form plugin
Plugin Slug
mystickyelements
Installations
40,000+
Vulnerability
Authenticated (Admin+) SQL Injection vulnerability
Patched in Version
2.0.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.0.9.
WordPress Quiz And Survey Master plugin
Plugin Slug
quiz-master-next
Installations
40,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
8.0.8
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.0.8.
WordPress Visualizer: Tables and Charts Manager for WordPress plugin
Plugin Slug
visualizer
Installations
40,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.9.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.2.
WordPress Actionable Google Analytics and Google Shopping plugin for WooCommerce plugin
Plugin Slug
enhanced-e-commerce-for-woocommerce-store
Installations
30,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
5.2.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.2.4.
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin
Plugin Slug
miniorange-login-openid
Installations
30,000+
Vulnerability
Arbitrary Content Deletion
Patched in Version
7.6.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 7.6.1.
WordPress Responsive Pricing Table plugin
Plugin Slug
dk-pricr-responsive-pricing-table
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.1.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.1.7.
WordPress Interactive Geo Maps plugin
Plugin Slug
interactive-geo-maps
Installations
20,000+
Vulnerability
Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Patched in Version
1.5.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.5.11.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization via ajax_save_state vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_clone_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_save_sort_order vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_save_folder_order vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_clone_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_edit_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_edit_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization via ajax_delete_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_save_state vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_add_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_save_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery on ajax_move_object vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_save_sort_order vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_delete_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery via ajax_save_folder_order vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_move_object vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Cross-Site Request Forgery on ajax_save_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress Wicked Folders plugin
Plugin Slug
wicked-folders
Installations
20,000+
Vulnerability
Missing Authorization on ajax_add_folder vulnerability
Patched in Version
2.18.17
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.18.17.
WordPress CURCY plugin
Plugin Slug
woo-multi-currency
Installations
20,000+
Vulnerability
Unauthenticated plugin settings change vulnerability
Patched in Version
2.1.26
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.26.
WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin
Plugin Slug
better-robots-txt
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.4.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.6.
WordPress eCommerce Product Catalog Plugin for WordPress plugin
Plugin Slug
ecommerce-product-catalog
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.3.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.3.5.
WordPress GamiPress plugin
Plugin Slug
gamipress
Installations
10,000+
Vulnerability
SQL Injection
Patched in Version
2.5.7.1
Severity Score
High
The vulnerability has been patched, so you should update to version 2.5.7.1.
WordPress GamiPress plugin
Plugin Slug
gamipress
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.5.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.7.
WordPress GamiPress plugin
Plugin Slug
gamipress
Installations
10,000+
Vulnerability
Missing Authorization Leading to Points Manipulation Vulnerability
Patched in Version
2.5.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.7.
WordPress Qubely plugin
Plugin Slug
qubely
Installations
10,000+
Vulnerability
Authenticated(Contributor+) Stored Cross-Site Scripting vulnerability
Patched in Version
1.8.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.8.5.
WordPress Cost of Goods for WooCommerce plugin
Plugin Slug
cost-of-goods-for-woocommerce
Installations
8,000+
Vulnerability
Broken Access Control
Patched in Version
2.8.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.8.7.
WordPress Shoppable Images plugin
Plugin Slug
mabel-shoppable-images-lite
Installations
8,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.2.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.4.
WordPress Woocommerce Vietnam Checkout plugin
Plugin Slug
woo-vietnam-checkout
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.0.5
Severity Score
High
The vulnerability has been patched, so you should update to version 2.0.5.
WordPress Google Maps CP plugin
Plugin Slug
codepeople-post-map
Installations
7,000+
Vulnerability
Missing Authorization Leading To Feedback Submission Vulnerability
Patched in Version
1.0.44
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.0.44.
WordPress Portfolio – WordPress Portfolio Plugin plugin
Plugin Slug
tlp-portfolio
Installations
7,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.8.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.8.11.
WordPress Announce from the Dashboard plugin
Plugin Slug
announce-from-the-dashboard
Installations
6,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.5.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.5.2.
WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Plugin Slug
icegram-rainmaker
Installations
6,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.3.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.3.9.
WordPress Auto Hide Admin Bar plugin
Plugin Slug
auto-hide-admin-bar
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.6.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.6.2.
WordPress Fancy Comments WordPress plugin
Plugin Slug
fancy-facebook-comments
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.2.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.11.
WordPress Tickera – WordPress Event Ticketing plugin
Plugin Slug
tickera-event-ticketing-system
Installations
5,000+
Vulnerability
CSRF Leading To Post Status Change Vulnerability
Patched in Version
3.5.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.5.1.1.
WordPress Auto Affiliate Links plugin
Plugin Slug
wp-auto-affiliate-links
Installations
5,000+
Vulnerability
Unauth. Broken Access Control vulnerability
Patched in Version
6.2.1.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 6.2.1.6.
WordPress WordPress Comments Import & Export plugin
Plugin Slug
comments-import-export-woocommerce
Installations
3,000+
Vulnerability
CSV Injection
Patched in Version
2.3.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.3.2.
WordPress Quick Contact Form plugin
Plugin Slug
quick-contact-form
Installations
3,000+
Vulnerability
Broken Access Control
Patched in Version
8.0.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.0.4.
WordPress Quick Contact Form plugin
Plugin Slug
quick-contact-form
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
8.0.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.0.4.
WordPress Chained Quiz plugin
Plugin Slug
chained-quiz
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.3.2.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.3.2.6.
WordPress Locatoraid Store Locator plugin
Plugin Slug
locatoraid
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.9.12
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.12.
WordPress WPGlobus Translate Options plugin
Plugin Slug
wpglobus-translate-options
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.2.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.2.0.
WordPress Auto YouTube Importer plugin
Plugin Slug
auto-youtube-importer
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.0.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.0.4.
WordPress Arigato Autoresponder and Newsletter plugin
Plugin Slug
bft-autoresponder
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.7.1.2
Severity Score
High
The vulnerability has been patched, so you should update to version 2.7.1.2.
WordPress Arigato Autoresponder and Newsletter plugin
Plugin Slug
bft-autoresponder
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.7.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.7.1.1.
WordPress OWM Weather plugin
Plugin Slug
owm-weather
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
5.6.12
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.6.12.
WordPress Twitch Player plugin
Plugin Slug
ttv-easy-embed-player
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.1.
WordPress Booking Calendar Contact Form plugin
Plugin Slug
booking-calendar-contact-form
Installations
900+
Vulnerability
Broken Access Control
Patched in Version
1.2.35
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.35.
WordPress Gutenberg Forms plugin
Plugin Slug
forms-gutenberg
Installations
700+
Vulnerability
Auth. Broken Access Control vulnerability
Patched in Version
2.2.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.2.9.
WordPress RSVPMaker plugin
Plugin Slug
rsvpmaker
Installations
500+
Vulnerability
SQL Injection
Patched in Version
9.9.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 9.9.4.
WordPress RSVPMaker plugin
Plugin Slug
rsvpmaker
Installations
500+
Vulnerability
SQL Injection
Patched in Version
9.9.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 9.9.4.
WordPress PayPal Brasil para WooCommerce plugin
Plugin
PayPal Brasil para WooCommerce
Plugin Slug
paypal-brasil-para-woocommerce
Vulnerability
Broken Access Control
Patched in Version
1.4.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.3.
WordPress Plugin Vulnerabilities – No Known Fix
This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin from WordPress to ensure it cannot be exploited.
WordPress Slider by Supsystic plugin
Plugin Slug
slider-by-supsystic
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.
WordPress WeChat Robot plugin
Plugin Slug
weixin-robot-advanced
Installations
300+
Vulnerability
Reflected Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
The vulnerability has not been patched. You should deactivate the plugin.
WordPress 0mk Shortener plugin
Plugin Slug
0mk-shortener
Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Patched in Version
No Fix
Severity Score
High
The vulnerability has not been patched. You should deactivate the plugin.
WordPress Theme Vulnerabilities
In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress Monolit Theme theme
Theme
Monolit Theme
Theme Slug
monolit
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.0.7
Severity Score
High
The vulnerability has been patched, so you should update to version 2.0.7.
WordPress Theme Vulnerabilities – No Known Fix
This section contains theme vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the theme.
WordPress ColorWay theme
Theme Slug
colorway
Downloads
1,314,098
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should switch themes.