Get Access to All Themes & Plugins for only 15$

WordPress Vulnerability Report – February 22, 2023

[ad_1]

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our gadidas online wigs for women cheap human hair wigs cheap human hair lace front wigs best sex toys for couples nike air jordan store air jordan sale dallas cowboys football best wigs for white women nike air max for sale nfl chicago bears custom jerseys cheap sex toys nba jersey customized wigs shop oal is to help you decide what to do if you are using one of these vulnerable plugins or themes […]

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

Am I Vulnerable?

If you are an iThemes Security or Security Pro user, the Site Scan feature will notify you of any vulnerabilities in WordPress, plugins, and themes you have installed. You can also review the following list of new vulnerabilities and check them against your installed plugins and themes.

Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone!

How Bad Is It?

Each vulnerability will have a severity rating of low, medium, high, or critical. Severity levels do not indicate whether a vulnerability is being actively exploited or not. A severity rating indicates how easy it would be for an attacker to exploit the vulnerability and how damaging the impact of an effective exploit could be.

We will highlight active exploits as we become aware of them.

Vulnerabilities are assessed by many different authorities, who each interpret risk with their own perspective and priorities. We are providing you with Patchstack’s risk assessment for WordPress site owners like you.

Is There An Update?

The most important information about a vulnerability is whether it has been patched or not.

If a patch or security release exists to secure the vulnerability, you will see a note about this in a green footer closing the individual vulnerability report. You should immediately update the vulnerable software to the highest version available.

Please be aware that even a deactivated plugin or theme may be exploited by attackers as long as it remains installed in WordPress. You should either update or delete vulnerable plugins and themes as soon as possible when a vulnerability emerges in them.

What Should I Do?

If no update is available for a vulnerable plugin or theme that you are actively using, you will see a red footer closing the individual vulnerability report with a warning that no update has been provided yet. We will also highlight vulnerable plugins and themes that have no known fix.

Popular, widely used plugins and themes that remain vulnerable form a uniquely large and attractive attack surface so we will call special attention to them.

You should weigh the costs and benefits of removing vulnerable plugins and themes with no known fix. If they have been dropped from the wordpress.org repositories, we will note their status is “closed.” We recommend adopting a different, secure solution as soon as possible for plugins designated “closed” or that have “no known fix” forthcoming.

It is urgent to remove unpatched themes and plugins with vulnerabilities of any severity if they are being actively exploited and there’s no security update available.

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.

Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

WordPress Core News

WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

WordPress 6.2 Beta 1

WordPress 6.2 Beta 1 is ready for download and testing! The current target for the final release is March 28, 2023. With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.

  • No new WordPress core vulnerabilities were disclosed this week.

There is a known unpatched vulnerability in WordPress core affecting all versions of WordPress. If you’re using iThemes Security, you’ve probably been alerted to this. As we are unsure when this very low-severity vulnerability will be patched, emails from iThemes Security will no longer alert for this specific vulnerability. Read our blog post about this vulnerability.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

WordPress All In One WP Security & Firewall plugin

Product image for All-In-One Security (AIOS) – Security and Firewall.

Plugin Slug
all-in-one-wp-security-and-firewall
Installations
1,000,000+
Vulnerability
Authenticated(Admin+) Directory Traversal vulnerability
Patched in Version
5.1.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.1.5.

WordPress Starter Templates plugin

Product image for Starter Templates — Elementor, WordPress & Beaver Builder Templates.

Plugin Slug
astra-sites
Installations
1,000,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.1.21
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.1.21.

WordPress Ocean Extra plugin

Product image for Ocean Extra.

Plugin Slug
ocean-extra
Installations
700,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.3.

WordPress Ocean Extra plugin

Product image for Ocean Extra.

Plugin Slug
ocean-extra
Installations
700,000+
Vulnerability
Subscriber+ Arbitrary Post Content Disclosure
Patched in Version
2.1.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.3.

WordPress WordPress Gallery Plugin – NextGEN Gallery plugin

Product image for WordPress Gallery Plugin – NextGEN Gallery.

Plugin Slug
nextgen-gallery
Installations
600,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.29
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.29.

WordPress ProfilePress plugin

Product image for Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.

Plugin Slug
wp-user-avatar
Installations
300,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.5.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Contextual Related Posts plugin

Product image for Contextual Related Posts.

Plugin Slug
contextual-related-posts
Installations
70,000+
Vulnerability
Missing Authorization in crp_ajax_clearcache
Patched in Version
3.3.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.3.2.

WordPress Media Library Assistant plugin

Product image for Media Library Assistant.

Plugin Slug
media-library-assistant
Installations
70,000+
Vulnerability
Admin+ SQL Injection
Patched in Version
3.06
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.06.

WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin

Product image for wpDataTables – WordPress Tables & Table Charts Plugin.

Plugin Slug
wpdatatables
Installations
70,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.50
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.50.

WordPress Profile Builder plugin

Product image for Profile Builder – User Profile & User Registration Forms.

Plugin Slug
profile-builder
Installations
60,000+
Vulnerability
Sensitive Information Disclosure via Shortcode
Patched in Version
3.9.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.1.

WordPress WP Table Builder – WordPress Table Plugin plugin

Product image for WP Table Builder – WordPress Table Plugin.

Plugin Slug
wp-table-builder
Installations
60,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.4.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.7.

WordPress Ditty plugin

Product image for Ditty WordPress Plugin – Responsive Slider, List, and Ticker Display.

Plugin Slug
ditty-news-ticker
Installations
40,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.0.33
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.0.33.

WordPress Quiz And Survey Master plugin

Product image for Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress.

Plugin Slug
quiz-master-next
Installations
40,000+
Vulnerability
Unauthenticated Arbitrary Media Deletion
Patched in Version
8.0.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.0.9.

WordPress The Post Grid plugin

Product image for The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid.

Plugin Slug
the-post-grid
Installations
40,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
5.0.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.0.5.

WordPress Visualizer: Tables and Charts Manager for WordPress plugin

Product image for Visualizer: Tables and Charts Manager for WordPress.

Plugin Slug
visualizer
Installations
40,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.9.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.5.

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin

Product image for WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn).

Plugin Slug
miniorange-login-openid
Installations
30,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
7.6.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 7.6.0.

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin

Product image for WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn).

Plugin Slug
miniorange-login-openid
Installations
30,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
7.6.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 7.6.0.

WordPress Top 10 – Popular posts plugin for WordPress plugin

Product image for Top 10  – Popular posts plugin for WordPress.

Plugin Slug
top-10
Installations
30,000+
Vulnerability
Broken Access Control
Patched in Version
3.2.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.2.4.

WordPress Uncanny Toolkit for LearnDash plugin

Product image for Uncanny Toolkit for LearnDash.

Plugin Slug
uncanny-learndash-toolkit
Installations
30,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.6.4.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.6.4.2.

WordPress Advanced Dynamic Pricing for WooCommerce plugin

Plugin Slug
advanced-dynamic-pricing-for-woocommerce
Installations
20,000+
Vulnerability
Broken Access Control
Patched in Version
4.1.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.1.6.

WordPress Interactive Geo Maps plugin

Product image for Interactive Geo Maps.

Plugin Slug
interactive-geo-maps
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.5.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.5.9.

WordPress Link Juice Keeper plugin

Product image for Link Juice Keeper.

Plugin Slug
link-juice-keeper
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.0.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.0.3.

WordPress TeraWallet – For WooCommerce plugin

Product image for TeraWallet – For WooCommerce.

Plugin Slug
woo-wallet
Installations
20,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.4.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.0.

WordPress Wp-Insert plugin

Product image for Wp-Insert.

Plugin Slug
wp-insert
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.5.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.1.

WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin

Product image for WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster.

Plugin Slug
better-robots-txt
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.4.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.6.

WordPress Conditional Payments for WooCommerce plugin

Product image for Conditional Payments for WooCommerce.

Plugin Slug
conditional-payments-for-woocommerce
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.3.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.3.2.

WordPress RegistrationMagic plugin

Product image for RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.

Plugin Slug
custom-registration-form-builder-with-submission-manager
Installations
10,000+
Vulnerability
Multiple Cross Site Request Forgery (CSRF)
Patched in Version
5.1.9.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.1.9.3.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.

Plugin Slug
gallery-videos
Installations
10,000+
Vulnerability
Broken Access Control
Patched in Version
1.7.7
Severity Score
High
The vulnerability has been patched, so you should update to version 1.7.7.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.

Plugin Slug
gallery-videos
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.7.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.7.7.

WordPress GamiPress plugin

Product image for GamiPress – The most flexible and powerful gamification plugin for WordPress.

Plugin Slug
gamipress
Installations
10,000+
Vulnerability
Unauthenticated SQL Injection
Patched in Version
2.5.7.1
Severity Score
High
The vulnerability has been patched, so you should update to version 2.5.7.1.

WordPress GamiPress plugin

Product image for GamiPress – The most flexible and powerful gamification plugin for WordPress.

Plugin Slug
gamipress
Installations
10,000+
Vulnerability
CSRF Leading to Settings Change
Patched in Version
2.5.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.7.

WordPress GamiPress plugin

Product image for GamiPress – The most flexible and powerful gamification plugin for WordPress.

Plugin Slug
gamipress
Installations
10,000+
Vulnerability
Missing Authorization Leading to Points Manipulation
Patched in Version
2.5.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.7.

WordPress Opt-Out for Google Analytics plugin

Product image for Google Analytics Opt-Out.

Plugin Slug
google-analytics-opt-out
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.3.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.3.5.

WordPress Scriptless Social Sharing plugin

Product image for Scriptless Social Sharing.

Plugin Slug
scriptless-social-sharing
Installations
10,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
3.2.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.2.2.

WordPress UsersWP plugin

Product image for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress.

Plugin Slug
userswp
Installations
10,000+
Vulnerability
CSV Injection
Patched in Version
1.2.3.10
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.3.10.

WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin

Product image for ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce.

Plugin Slug
woo-alidropship
Installations
10,000+
Vulnerability
Broken Access Control
Patched in Version
1.0.22
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.0.22.

WordPress WP Coder plugin

Product image for WP Coder – add custom html, css and js code.

Plugin Slug
wp-coder
Installations
10,000+
Vulnerability
Admin+ SQL Injection
Patched in Version
2.5.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.4.

WordPress WP VR 360 Panorama and Virtual Tour Builder plugin

Product image for WP VR – 360 Panorama and Virtual Tour Builder For WordPress.

Plugin Slug
wpvr
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
8.2.8
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.2.8.

WordPress TinyMCE Custom Styles plugin

Plugin Slug
tinymce-custom-styles
Installations
9,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.1.3.

WordPress Cart All In One For WooCommerce plugin

Product image for Cart All In One For WooCommerce.

Plugin Slug
woo-cart-all-in-one
Installations
9,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.1.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.1.11.

WordPress JSON Content Importer plugin

Product image for JSON Content Importer.

Plugin Slug
json-content-importer
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.3.16
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.3.16.

WordPress Shoppable Images plugin

Product image for Shoppable Images.

Plugin Slug
mabel-shoppable-images-lite
Installations
8,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.2.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.4.

WordPress Simple Yearly Archive plugin

Product image for Simple Yearly Archive.

Plugin Slug
simple-yearly-archive
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.9.

WordPress Gutenberg Blocks by WordPress Download Manager plugin

Product image for Gutenberg Blocks by WordPress Download Manager.

Plugin Slug
wpdm-gutenberg-blocks
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.9.

WordPress Meta slider and carousel with lightbox plugin

Product image for Meta Slider and Carousel with Lightbox.

Plugin Slug
meta-slider-and-carousel-with-lightbox
Installations
7,000+
Vulnerability
Broken Access Control
Patched in Version
1.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.7.

WordPress Podlove Podcast Publisher plugin

Product image for Podlove Podcast Publisher.

Plugin Slug
podlove-podcasting-plugin-for-wordpress
Installations
7,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.8.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.8.4.

WordPress Portfolio – WordPress Portfolio Plugin plugin

Product image for Portfolio – WordPress Portfolio Plugin.

Plugin Slug
tlp-portfolio
Installations
7,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.8.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.8.11.

WordPress Zeno Font Resizer plugin

Product image for Zeno Font Resizer.

Plugin Slug
zeno-font-resizer
Installations
7,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.8.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.8.0.

WordPress AutomatorWP plugin

Product image for AutomatorWP – The most flexible and powerful no-code automation plugin for WordPress.

Plugin Slug
automatorwp
Installations
6,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.5.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.5.9.

WordPress Blockonomics plugin

Product image for WordPress Bitcoin Payments – Blockonomics.

Plugin Slug
blockonomics-bitcoin-payments
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.5.8
Severity Score
High
The vulnerability has been patched, so you should update to version 3.5.8.

WordPress Fancy Comments WordPress plugin

Product image for Fancy Comments WordPress.

Plugin Slug
fancy-facebook-comments
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.2.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.11.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.

Plugin Slug
publish-to-schedule
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
4.5.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.5.4.

WordPress Tickera – WordPress Event Ticketing plugin

Product image for Tickera – WordPress Event Ticketing.

Plugin Slug
tickera-event-ticketing-system
Installations
5,000+
Vulnerability
CSRF Leading To Post Status Change
Patched in Version
3.5.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.5.1.1.

WordPress VikBooking Hotel Booking Engine & PMS plugin

Product image for VikBooking Hotel Booking Engine & PMS.

Plugin Slug
vikbooking
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.6.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.6.0.

WordPress OAuth Single Sign On – SSO (OAuth Client) plugin

Product image for OAuth Single Sign On – SSO (OAuth Client).

Plugin Slug
miniorange-login-with-eve-online-google-facebook
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.24.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 6.24.2.

WordPress Community by PeepSo plugin

Product image for Community by PeepSo – Social Network, Membership, Registration, User Profiles.

Plugin Slug
peepso-core
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.0.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 6.0.3.

WordPress Podlove Subscribe Button plugin

Product image for Podlove Subscribe button.

Plugin Slug
podlove-subscribe-button
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.3.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.3.9.

WordPress Podlove Subscribe button plugin

Product image for Podlove Subscribe button.

Plugin Slug
podlove-subscribe-button
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.3.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.3.9.

WordPress Multi Rating plugin

Product image for Multi Rating.

Plugin Slug
multi-rating
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.0.6
Severity Score
High
The vulnerability has been patched, so you should update to version 5.0.6.

WordPress Product Reviews Import Export for WooCommerce plugin

Product image for Product Reviews Import Export for WooCommerce.

Plugin Slug
product-reviews-import-export-for-woocommerce
Installations
3,000+
Vulnerability
Unauth. CSV Injection
Patched in Version
1.4.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.9.

WordPress Quick Contact Form plugin

Plugin Slug
quick-contact-form
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
8.0.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 8.0.4.

WordPress Quick Event Manager plugin

Plugin Slug
quick-event-manager
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
9.6.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 9.6.5.

WordPress Quick Paypal Payments plugin

Plugin Slug
quick-paypal-payments
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.7.26
Severity Score
High
The vulnerability has been patched, so you should update to version 5.7.26.

WordPress Quick Paypal Payments plugin

Plugin Slug
quick-paypal-payments
Installations
3,000+
Vulnerability
Broken Access Control
Patched in Version
5.7.26
Severity Score
High
The vulnerability has been patched, so you should update to version 5.7.26.

WordPress Quick Paypal Payments plugin

Plugin Slug
quick-paypal-payments
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.7.26
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.7.26.

WordPress Quick Paypal Payments plugin

Plugin Slug
quick-paypal-payments
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.7.26
Severity Score
Medium
The vulnerability has been patched, so you should update to version 5.7.26.

WordPress WP Custom Fields Search plugin

Product image for WP Custom Fields Search.

Plugin Slug
wp-custom-fields-search
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.2.35
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.2.35.

WordPress WordPress Email Marketing Plugin – WP Email Capture plugin

Product image for WordPress Email Marketing Plugin – WP Email Capture.

Plugin Slug
wp-email-capture
Installations
3,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.10
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.10.

WordPress WordPress Email Marketing Plugin – WP Email Capture plugin

Product image for WordPress Email Marketing Plugin – WP Email Capture.

Plugin Slug
wp-email-capture
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.10
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.10.

WordPress BuddyForms plugin

Product image for Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions.

Plugin Slug
buddyforms
Installations
2,000+
Vulnerability
PHAR Deserialization
Patched in Version
2.7.8
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.7.8.

WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin

Product image for CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce.

Plugin Slug
css-js-manager
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.4.49.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.4.49.1.

WordPress Locatoraid Store Locator plugin

Product image for Locatoraid Store Locator.

Plugin Slug
locatoraid
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.9.12
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.9.12.

WordPress Multiple Pages Generator by Themeisle plugin

Product image for Multiple Page Generator Plugin – MPG.

Plugin Slug
multiple-pages-generator-by-porthas
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.3.10
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.3.10.

WordPress Protected Posts Logout Button plugin

Plugin Slug
protected-posts-logout-button
Installations
2,000+
Vulnerability
Broken Access Control
Patched in Version
1.4.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.6.

WordPress Protected Posts Logout Button plugin

Plugin Slug
protected-posts-logout-button
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.4.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.4.6.

WordPress WordPress Books Gallery plugin

Product image for WordPress Books Gallery.

Plugin Slug
wp-books-gallery
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
4.4.9
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.4.9.

WordPress WPGlobus Translate Options plugin

Product image for WPGlobus Translate Options.

Plugin Slug
wpglobus-translate-options
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.2.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.2.0.

WordPress Archivist – Custom Archive Templates plugin

Product image for Archivist – Custom Archive Templates.

Plugin Slug
archivist-custom-archive-templates
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.7.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.7.5.

WordPress Archivist – Custom Archive Templates plugin

Product image for Archivist – Custom Archive Templates.

Plugin Slug
archivist-custom-archive-templates
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.7.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.7.5.

WordPress Click to Call or Chat Buttons plugin

Product image for Click to Call or Chat Buttons.

Plugin Slug
click-to-call-or-chat-buttons
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.5.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.5.0.

WordPress Clio Grow plugin

Plugin Slug
clio-grow-form
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.0.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.0.1.

WordPress Calendar Event Multi View plugin

Product image for Calendar Event Multi View.

Plugin Slug
cp-multi-view-calendar
Installations
1,000+
Vulnerability
Broken Access Control
Patched in Version
1.4.15
Severity Score
Low
The vulnerability has been patched, so you should update to version 1.4.15.

WordPress Get URL Cron plugin

Product image for Get URL Cron.

Plugin Slug
get-url-cron
Installations
1,000+
Vulnerability
Broken Access Control via geturlcron_action_handle
Patched in Version
1.4.8
Severity Score
High
The vulnerability has been patched, so you should update to version 1.4.8.

WordPress My Tickets plugin

Product image for My Tickets.

Plugin Slug
my-tickets
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.9.11
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.9.11.

WordPress Twitch Player plugin

Product image for Twitch Player.

Plugin Slug
ttv-easy-embed-player
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.1.1.

WordPress Broadcast Live Video plugin

Product image for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP.

Plugin Slug
videowhisper-live-streaming-integration
Installations
1,000+
Vulnerability
Remote Code Execution (RCE)
Patched in Version
5.5.16
Severity Score
Critical
The vulnerability has been patched, so you should update to version 5.5.16.

WordPress WP Dynamic Keywords Injector plugin

Product image for WP Dynamic Keywords Injector.

Plugin Slug
wp-dynamic-keywords-injector
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.3.16
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.3.16.

WordPress WP Prayer plugin

Plugin Slug
wp-prayer
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.9.7
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.9.7.

WordPress WordPress Stripe Donation plugin

Product image for Accept Stripe Donation – AidWP.

Plugin Slug
wp-stripe-donation
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.1.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.1.6.

WordPress Easy Panorama plugin

Product image for Easy Panorama.

Plugin Slug
easy-panorama
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.1.5.

WordPress Inline Tweet Sharer – Twitter Sharing Plugin plugin

Product image for Inline Tweet Sharer – Twitter Sharing Plugin.

Plugin Slug
inline-tweet-sharer
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.6.

WordPress Campaign URL Builder plugin

Product image for Campaign URL Builder.

Plugin Slug
campaign-url-builder
Installations
400+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.8.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.8.2.

WordPress Campaign URL Builder plugin

Product image for Campaign URL Builder.

Plugin Slug
campaign-url-builder
Installations
400+
Vulnerability
Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
Patched in Version
1.8.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.8.2.

WordPress WatchTowerHQ plugin

Product image for WatchTowerHQ.

Plugin Slug
watchtowerhq
Installations
100+
Vulnerability
Privilege Escalation
Patched in Version
3.6.17
Severity Score
Critical
The vulnerability has been patched, so you should update to version 3.6.17.

WordPress Interactive SVG Image Map Builder plugin

Product image for Interactive SVG Image Map Builder.

Plugin Slug
interactive-image-map-builder
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.1.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin from WordPress to ensure it cannot be exploited.

WordPress Google Maps v3 Shortcode plugin

Plugin Slug
google-maps-v3-shortcode
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Portfolio Slideshow plugin

Product image for Portfolio Slideshow.

Plugin Slug
portfolio-slideshow
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Simple PDF Viewer plugin

Product image for Simple PDF Viewer.

Plugin Slug
simple-pdf-viewer
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Ultimate WP Query Search Filter plugin

Product image for Ultimate WP Query Search Filter.

Plugin Slug
ultimate-wp-query-search-filter
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Tweaker plugin

Product image for Theme Tweaker.

Plugin Slug
theme-tweaker-lite
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Easy Google Analytics for WordPress plugin

Plugin Slug
easy-google-analytics-for-wordpress
Installations
1,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Post Rating plugin

Product image for WP Post Rating.

Plugin Slug
wp-post-comment-rating
Installations
1,000+
Vulnerability
Other Vulnerability Type
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP-RecentComments plugin

Plugin Slug
wp-recentcomments
Installations
1,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Bing Site Verification plugin using Meta Tag plugin

Plugin Slug
bing-site-verification-using-meta-tag
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WordPress Custom Settings plugin

Product image for WordPress Custom Settings.

Plugin Slug
custom-settings
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Exquisite PayPal Donation plugin

Product image for Exquisite PayPal Donation.

Plugin Slug
exquisite-paypal-donation
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sitemap Index plugin

Plugin Slug
sitemap-index
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sponsors Carousel plugin

Product image for Sponsors Carousel.

Plugin Slug
sponsors-carousel
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Stock market charts from finviz plugin

Product image for Stock market charts from finviz.

Plugin Slug
stock-market-charts-from-finviz
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Circles Gallery plugin

Product image for Circles Gallery.

Plugin Slug
circles-gallery
Installations
800+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress PayGreen plugin

Plugin Slug
paygreen-woocommerce
Installations
500+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Resource download management plugin

Plugin
WP Resource download management
Plugin Slug
download-info-page
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Eyes Only: User Access Shortcode plugin

Plugin
Eyes Only: User Access Shortcode
Plugin Slug
eyes-only-user-access-shortcode
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Peadig’s Like & Share Button plugin

Plugin
Peadig’s Like & Share Button
Plugin Slug
facebook-like-send-button
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Feed Changer plugin

Plugin
Feed Changer
Plugin Slug
feed-changer
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Fontiran plugin

Plugin
Fontiran
Plugin Slug
fontiran
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Nooz plugin

Plugin
Nooz
Plugin Slug
nooz
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Olevmedia Shortcodes plugin

Plugin
Olevmedia Shortcodes
Plugin Slug
olevmedia-shortcodes
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WP Open Social plugin

Plugin
WP Open Social
Plugin Slug
open-social
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Service Area Postcode Checker plugin

Plugin
Service Area Postcode Checker
Plugin Slug
service-area-postcode-checker
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Social Login WP plugin

Plugin
Social Login WP
Plugin Slug
social-login-wp
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Sticky Ad Bar Plugin plugin

Plugin
Sticky Ad Bar Plugin
Plugin Slug
sticky-ad-bar
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Tapfiliate plugin

Plugin
Tapfiliate
Plugin Slug
tapfiliate
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Upload File Type Settings Plugin plugin

Plugin
Upload File Type Settings Plugin
Plugin Slug
upload-file-type-settings-plugin
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress vSlider Multi Image Slider for WordPress plugin

Plugin
vSlider Multi Image Slider for WordPress
Plugin Slug
vslider
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress WP BaiDu Submit plugin

Plugin
WP BaiDu Submit
Plugin Slug
wp-baidu-submit
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

WordPress Real Estate 7 theme

Theme
Real Estate 7
Theme Slug
realestate-7
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.3.2
Severity Score
High
The vulnerability has been patched, so you should update to version 3.3.2.

WordPress WoodMart theme

Theme
WoodMart
Theme Slug
woodmart
Vulnerability
Unauth Arbitrary Shortcodes Injection
Patched in Version
7.1.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 7.1.1.
iThemes Team

[ad_2]
If you are looking for WordPress Plugins and Themes at low prices, Themes Club offers you all WordPress Plugins and Themes at prices starting at $3.99

We will be happy to hear your thoughts

Leave a reply

Themes Club
Logo
Register New Account
Compare items
  • Total (0)
Compare
0
Shopping cart