WordPress Vulnerability Report — April 23, 2025

WORDPRESS HOSTING
Apr 23, 2025
0


In this report, 304 vulnerabilities have been publicly disclosed. Security patches for 162 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 142 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.

Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 153 Patched / 126 Unpatched

Plugin Slug:
master-slider

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-sitemap

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
scriptless-social-sharing

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
logo-carousel-slider

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
checkout-files-upload-woocommerce

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
license-envato

Installations
5,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nd-booking

Installations
5,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
acf-google-font-selector-field

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
anything-popup

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wps-team

Installations
3,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ulisting

Installations
2,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
activedemand

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
basic-interactive-world-map

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
rescue-shortcodes

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
attendance-manager

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
booking-and-rental-manager-for-woocommerce

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
real-estate-manager

Installations
900+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
js-jobs

Installations
800+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
js-jobs

Installations
800+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
movylo-widget

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-flipclock

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
excel-like-price-change-for-woocommerce-and-wp-e-commerce-light

Installations
700+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mapsvg-lite-interactive-vector-maps

Installations
700+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
kata-plus

Installations
600+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
question-answer

Installations
600+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
spice-blocks

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wooms

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
author-work-in-progress-bar

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bulk-term-editor

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-advanced-search

Installations
500+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bulk-page-stub-creator

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
rating-bws

Installations
400+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
site-search-360

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
contact-form-vcard-generator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
projectopia-core

Installations
300+

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
bruteguard

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
dynamic-post

Installations
200+

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
starfish-reviews

Installations
200+

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
capturly-optimize-your-website

Installations
100+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
contest-code-checker

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
course-booking-system

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
helpgent

Installations
100+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
local-magic

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
pdf2post

Installations
100+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
slazzer-background-changer

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
theme-changer

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woocommerce-products-without-featured-images

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
brid-video-easy-publish

Installations
80+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
checkout-field-visibility-for-woocommerce

Installations
80+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
hive-support

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
hive-support

Installations
70+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
product-lister-ebay

Installations
70+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
tp-gallery-slider

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
all-push-notification

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
enable-wp-debug-toggle

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
appsero-helper

Installations
50+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
office-locator

Installations
50+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
wp-donate

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mobile-app-for-woocommerce

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
bma-lite-appointment-booking-and-scheduling

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
email-shortcode

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ZooEffect

Plugin Slug:
1-jquery-photo-gallery-slideshow-flash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Add to Header

Plugin Slug:
add-to-header

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Amazon Showcase WordPress Plugin

Plugin Slug:
amazon-showcase-wordpress-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AnalyticsWP

Plugin Slug:
analyticswp

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AnalyticsWP

Plugin Slug:
analyticswp

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Anthologize

Plugin Slug:
anthologize

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPAMS

Plugin Slug:
apartment-management

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Avatar

Plugin Slug:
avatar

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Avatar

Plugin Slug:
avatar

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

bbPress2 shortcode whitelist

Plugin Slug:
bbpress2-shortcode-whitelist

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bknewsticker

Plugin Slug:
bknewsticker

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Broken Links Remover

Plugin Slug:
broken-links-remover

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Login Manager

Plugin Slug:
customized-login

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Dashboard Notepads

Plugin Slug:
dashboard-notepads

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FAT Services Booking

Plugin Slug:
fat-services-booking

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Foodbakery Sticky Cart

Plugin Slug:
foodbakery-sticky-cart

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Grand Conference

Plugin Slug:
grandconference

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Gravity Forms CSS Themes with Fontawesome and Placeholders

Plugin Slug:
gravity-forms-css-themes-with-fontawesome-and-placeholder-support

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

hockeydata LOS

Plugin Slug:
hockeydata-los

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Hospital Management System

Plugin Slug:
hospital-management

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

I Draw

Plugin Slug:
idraw

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Simple Maps

Plugin Slug:
interactive-maps

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

KiotViet Sync

Plugin Slug:
kiotvietsync

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

KiotViet Sync

Plugin Slug:
kiotvietsync

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

illow – Cookies Consent

Plugin Slug:
lgpd-compliant-cookie-banner

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Macro Calculator with Admin Email Optin & Data

Plugin Slug:
macro-admin-email-data-optin-calculator

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Memberpress

Plugin Slug:
memberpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

mLanguage

Plugin Slug:
mlanguage

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Modal Survey

Plugin Slug:
modal-survey

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Modal Survey

Plugin Slug:
modal-survey

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Modal Survey

Plugin Slug:
modal-survey

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

My auctions allegro

Plugin Slug:
my-auctions-allegro-free-edition

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

My Marginalia

Plugin Slug:
my-marginalia

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Redirect wordpress to welcome or landing page

Plugin Slug:
redirect-to-welcome-or-landing-page

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Review Wave – Google Places Reviews

Plugin Slug:
review-wave-google-places-reviews

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Revision Diet

Plugin Slug:
revision-diet

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Revy

Plugin Slug:
revy

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SUMO Reward Points

Plugin Slug:
rewardsystem

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

RSS Manager

Plugin Slug:
rss-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Media Links

Plugin Slug:
social-media-links

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

spam-stopper

Plugin Slug:
spam-stopper

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Style Manager

Plugin Slug:
style-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Széchenyi 2020 Logo

Plugin Slug:
szechenyi-2020-logo

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Testimonial Slider And Showcase Pro

Plugin Slug:
testimonial-slider-showcase-pro

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

translit it!

Plugin Slug:
translit-it

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TuriTop Booking System

Plugin Slug:
turitop-booking-system

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Smart Sections Theme Builder – WPBakery Page Builder Addon

Plugin Slug:
visucom-smart-sections

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

FoodBakery

Plugin Slug:
wp-foodbakery

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP Post to PDF Enhanced

Plugin Slug:
wp-post-to-pdf-enhanced

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Social Bookmarking

Plugin Slug:
wp-social-bookmarking

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Sticky Side Buttons

Plugin Slug:
wp-sticky-side-buttons

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Syntax

Plugin Slug:
wp-syntax

Vulnerability:
Denial of Service Attack

Patched in Version:
No Fix

Severity Score:
Low

Plugin:

WP Twitter Button

Plugin Slug:
wp-twitter-button

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WordPress Video Robot – The Ultimate Video Importer

Plugin Slug:
wp-video-robot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

wpLike2Get

Plugin Slug:
wplike2get

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WhatsApp Click to Chat Plugin for WordPress

Plugin Slug:
wpt-whatsapp

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Xelion Webchat

Plugin Slug:
xelion-webchat

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
contact-form-7

Installations
10,000,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
6.0.6

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.1.10

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.10

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
600,000+

Vulnerability:
Content Injection

Patched in Version:
2.4.7

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.7

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.979

Severity Score:
Medium

Plugin Slug:
fluentform

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.3

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.42.1

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.42.1

Severity Score:
Medium

Plugin Slug:
password-protected

Installations
300,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.7.8

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
2.10.2

Severity Score:
Critical

Plugin Slug:
wp-headers-and-footers

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.2

Severity Score:
High

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.29

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
3.3.13

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.13

Severity Score:
Medium

Plugin Slug:
kadence-woocommerce-email-designer

Installations
100,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.5.15

Severity Score:
Critical

Plugin Slug:
sassy-social-share

Installations
100,000+

Vulnerability:
Open Redirection

Patched in Version:
3.3.74

Severity Score:
Medium

Plugin Slug:
maxbuttons

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.8.4

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.52

Severity Score:
Medium

Plugin Slug:
facebook-pagelike-widget

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.2

Severity Score:
Medium

Plugin Slug:
ultimate-dashboard

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.6

Severity Score:
Medium

Plugin Slug:
greenshift-animation-and-page-builder-blocks

Installations
50,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
11.4.6

Severity Score:
High

Plugin Slug:
profile-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.13.7

Severity Score:
Medium

Plugin Slug:
wp-import-export-lite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.28

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.32

Severity Score:
Medium

Plugin Slug:
mappress-google-maps-for-wordpress

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.94.10

Severity Score:
Medium

Plugin Slug:
pirate-forms

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.0

Severity Score:
Medium

Plugin Slug:
themesflat-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
3.2.68

Severity Score:
Critical

Plugin Slug:
instagram-slider-widget

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.9

Severity Score:
Medium

Plugin Slug:
powerpress

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
11.9.18

Severity Score:
Medium

Plugin Slug:
rafflepress

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.12.17

Severity Score:
Medium

Plugin Slug:
wp-editor

Installations
30,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.2.9.2

Severity Score:
Medium

Plugin Slug:
wp-editor

Installations
30,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.2.9.2

Severity Score:
High

Plugin Slug:
advanced-dynamic-pricing-for-woocommerce

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.9.5

Severity Score:
Medium

Plugin Slug:
docket-cache

Installations
20,000+

Vulnerability:
Local File Inclusion

Patched in Version:
24.07.03

Severity Score:
High

Plugin Slug:
simple-social-buttons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.0

Severity Score:
Medium

Plugin Slug:
wp-rest-api-authentication

Installations
20,000+

Vulnerability:
Settings Change

Patched in Version:
3.6.4

Severity Score:
Medium

Plugin Slug:
wp-simple-booking-calendar

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.14

Severity Score:
Medium

Plugin Slug:
advanced-form-integration

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.100.0

Severity Score:
Medium

Plugin Slug:
conditional-payments-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.3.1

Severity Score:
Medium

Plugin Slug:
conditional-shipping-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4.1

Severity Score:
Medium

Plugin Slug:
html5-audio-player

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
Medium

Plugin Slug:
klarna-checkout-for-woocommerce

Installations
10,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
2.13.5

Severity Score:
High

Plugin Slug:
mediavine-control-panel

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.10.7

Severity Score:
Medium

Plugin Slug:
wc-product-table-lite

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.6

Severity Score:
Medium

Plugin Slug:
wp-data-access

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.5.37

Severity Score:
Medium

Plugin Slug:
wp-event-solution

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.0.26

Severity Score:
High

Plugin Slug:
themify-shortcodes

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

Plugin Slug:
contact-form-by-supsystic

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.30

Severity Score:
High

Plugin Slug:
debug-log-manager

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.5

Severity Score:
High

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.9.4.9

Severity Score:
High

Plugin Slug:
drag-and-drop-multiple-file-upload-for-woocommerce

Installations
6,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.1.5

Severity Score:
Critical

Plugin Slug:
wp-cafe

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.2.33

Severity Score:
High

Plugin Slug:
poll-wp

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.7

Severity Score:
High

Plugin Slug:
product-blocks

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.5

Severity Score:
Medium

Plugin Slug:
woo-coupon-usage

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.1

Severity Score:
High

Plugin Slug:
wpadverts

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.2

Severity Score:
Medium

Plugin Slug:
awesome-logo-carousel-block

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
Medium

Plugin Slug:
element-ready-lite

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.6.3

Severity Score:
Medium

Plugin Slug:
fluent-boards

Installations
4,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.48

Severity Score:
Critical

Plugin Slug:
fluent-community

Installations
4,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.3.1

Severity Score:
Critical

Plugin Slug:
responsive-block-editor-addons

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.3

Severity Score:
Medium

Plugin Slug:
wp-posts-carousel

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.11

Severity Score:
Medium

Plugin Slug:
name-directory

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.30.1

Severity Score:
Medium

Plugin Slug:
propertyhive

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
goodbarber

Installations
2,000+

Vulnerability:
Open Redirection

Patched in Version:
1.0.27

Severity Score:
Medium

Plugin Slug:
melapress-login-security

Installations
2,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.1.1

Severity Score:
Medium

Plugin Slug:
responsive-addons-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.9.1

Severity Score:
Medium

Plugin Slug:
skt-blocks

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
wp-optin-wheel

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.4.8

Severity Score:
Medium

Plugin Slug:
wpcom-member

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.7.8

Severity Score:
High

Plugin Slug:
wptools

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.19

Severity Score:
High

Plugin Slug:
jobwp

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.0

Severity Score:
High

Plugin Slug:
listdom

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
membership-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1

Severity Score:
Medium

Plugin Slug:
most-and-least-read-posts-widget

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.21

Severity Score:
Medium

Plugin Slug:
sign-up-sheets

Installations
1,000+

Vulnerability:
Content Injection

Patched in Version:
2.3.1

Severity Score:
Medium

Plugin Slug:
smart-maintenance-mode

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.2

Severity Score:
Medium

Plugin Slug:
travelfic-toolkit

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
2.4.1

Severity Score:
Critical

Plugin Slug:
wp-ever-accounting

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.6

Severity Score:
Medium

Plugin Slug:
wp-woocommerce-quickbooks

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
wpcasa

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.0

Severity Score:
Medium

Plugin Slug:
zephyr-project-manager

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.201

Severity Score:
Medium

Plugin Slug:
bft-autoresponder

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2.5

Severity Score:
High

Plugin Slug:
booking-and-rental-manager-for-woocommerce

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.9

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
900+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.0.10

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.24

Severity Score:
Medium

Plugin Slug:
landing-page-cat

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.9

Severity Score:
High

Plugin Slug:
taskbuilder

Installations
900+

Vulnerability:
SQL Injection

Patched in Version:
4.0.2

Severity Score:
High

Plugin Slug:
checkout-for-paypal

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.39

Severity Score:
Medium

Plugin Slug:
otpless

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.59

Severity Score:
High

Plugin Slug:
bertha-ai-free

Installations
600+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
1.12.11

Severity Score:
High

Plugin Slug:
bring-fraktguiden-for-woocommerce

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
1.11.5

Severity Score:
Medium

Plugin Slug:
verge3d

Installations
600+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.9.3

Severity Score:
Medium

Plugin Slug:
cloak-front-end-email

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.6

Severity Score:
High

Plugin Slug:
quentn-wp

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
1.2.9

Severity Score:
Critical

Plugin Slug:
quentn-wp

Installations
500+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.9

Severity Score:
Critical

Plugin Slug:
subscribe-to-unlock-lite

Installations
500+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.1

Severity Score:
High

Plugin Slug:
web-directory-free

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.9

Severity Score:
High

Plugin Slug:
wp-subscription-forms

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
administrator-z

Installations
400+

Vulnerability:
Directory Traversal

Patched in Version:
2025.03.30

Severity Score:
Medium

Plugin Slug:
administrator-z

Installations
400+

Vulnerability:
Privilege Escalation

Patched in Version:
2025.03.27

Severity Score:
High

Plugin Slug:
custom-css

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.2

Severity Score:
Critical

Plugin Slug:
uix-shortcodes

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.5

Severity Score:
Medium

Plugin Slug:
embedding-barcodes-into-product-pages-and-orders

Installations
300+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
2.0.5

Severity Score:
High

Plugin Slug:
expresstechsoftwares-memberpress-discord-add-on

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
High

Plugin Slug:
fast-ebay-listings

Installations
300+

Vulnerability:
Open Redirection

Patched in Version:
2.12.16

Severity Score:
Medium

Plugin Slug:
posts-table-filterable

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
High

Plugin Slug:
sb-chart-block

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
tax-switch-for-woocommerce

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
wp-data-logger

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
adminquickbar

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.2

Severity Score:
High

Plugin Slug:
push-notification-by-feedify

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.6

Severity Score:
High

Plugin Slug:
totalprocessing-card-payments

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.7

Severity Score:
High

Plugin Slug:
dashi

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
3.1.9

Severity Score:
Medium

Plugin Slug:
internal-link-finder

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.1.4

Severity Score:
High

Plugin Slug:
ip2location-variables

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.9.6

Severity Score:
High

Plugin Slug:
right-click-disable-or-ban

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
verowa-connect

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
High

Plugin Slug:
wp-update-mail-notification

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
material-dashboard

Installations
80+

Vulnerability:
Privilege Escalation

Patched in Version:
1.4.7

Severity Score:
Critical

Plugin Slug:
ai-text-to-speech

Installations
70+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.4

Severity Score:
Medium

Plugin Slug:
support-x

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.8

Severity Score:
High

Plugin Slug:
hostel

Installations
60+

Vulnerability:
SQL Injection

Patched in Version:
1.1.5.7

Severity Score:
High

Plugin Slug:
storecontrl-wp-connection

Installations
60+

Vulnerability:
Arbitrary File Download

Patched in Version:
4.1.4

Severity Score:
High

Plugin Slug:
smart-agreements

Installations
40+

Vulnerability:
Local File Inclusion

Patched in Version:
1.0.4

Severity Score:
High

Plugin Slug:
payment-form-for-paypal-pro

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.73

Severity Score:
Medium

Plugin:

AnalyticsWP

Plugin Slug:
analyticswp

Vulnerability:
SQL Injection

Patched in Version:
2.1.5

Severity Score:
Critical

Plugin:

Booster Plus for WooCommerce

Plugin Slug:
booster-plus-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.5

Severity Score:
High

Plugin:

FS Poster

Plugin Slug:
fs-poster

Vulnerability:
Broken Access Control

Patched in Version:
7.1.8

Severity Score:
High

Plugin:

JetBlocks For Elementor

Plugin Slug:
jet-blocks

Vulnerability:
Broken Access Control

Patched in Version:
1.3.16.1

Severity Score:
High

Plugin:

JetBlog

Plugin Slug:
jet-blog

Vulnerability:
Broken Access Control

Patched in Version:
2.4.3.1

Severity Score:
High

Plugin:

JetElements For Elementor

Plugin Slug:
jet-elements

Vulnerability:
Broken Access Control

Patched in Version:
2.7.4.2

Severity Score:
High

Plugin:

JetElements For Elementor

Plugin Slug:
jet-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.4.2

Severity Score:
Medium

Plugin:

JetMenu

Plugin Slug:
jet-menu

Vulnerability:
Broken Access Control

Patched in Version:
2.4.9.1

Severity Score:
High

Plugin:

JetPopup

Plugin Slug:
jet-popup

Vulnerability:
Broken Access Control

Patched in Version:
2.0.12

Severity Score:
High

Plugin:

JetReviews

Plugin Slug:
jet-reviews

Vulnerability:
Local File Inclusion

Patched in Version:
2.3.7

Severity Score:
High

Plugin:

JetTabs

Plugin Slug:
jet-tabs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.8

Severity Score:
Medium

Plugin:

JetTricks

Plugin Slug:
jet-tricks

Vulnerability:
Broken Access Control

Patched in Version:
1.5.1.1

Severity Score:
High

Plugin:

JetWooBuilder

Plugin Slug:
jet-woo-builder

Vulnerability:
Broken Access Control

Patched in Version:
2.1.18.1

Severity Score:
High

Plugin:

CLEVER

Plugin Slug:
lbg-audio11-html5-shoutcast_history

Vulnerability:
Path Traversal

Patched in Version:
2.5

Severity Score:
High

Plugin:

Live Forms

Plugin Slug:
liveforms

Vulnerability:
Broken Access Control

Patched in Version:
4.8.5

Severity Score:
Medium

Plugin:

Smart Product Review

Plugin Slug:
smart-product-review

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.0.5

Severity Score:
Critical

Plugin:

Super Store Finder

Plugin Slug:
superstorefinder-wp

Vulnerability:
SQL Injection

Patched in Version:
7.5

Severity Score:
Critical

Plugin:

Tourmaster

Plugin Slug:
tourmaster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.1

Severity Score:
High

Plugin:

Unlimited Timeline

Plugin Slug:
unlimited-timeline

Vulnerability:
Broken Access Control

Patched in Version:
1.6.1

Severity Score:
High

Plugin:

UrbanGo Membership

Plugin Slug:
urbango-membership

Vulnerability:
Privilege Escalation

Patched in Version:
1.1

Severity Score:
Critical

Plugin:

User Registration & Membership Pro

Plugin Slug:
user-registration-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.2.0

Severity Score:
Medium

Plugin:

Vitepos

Plugin Slug:
vitepos-lite

Vulnerability:
Broken Authentication

Patched in Version:
3.1.8

Severity Score:
High

Plugin:

Advanced Google Maps

Plugin Slug:
wp-google-map-gold

Vulnerability:
Broken Access Control

Patched in Version:
5.8.5

Severity Score:
Medium

Plugin:

Wp Staging Pro

Plugin Slug:
wp-staging-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.1.3

Severity Score:
Medium

WordPress Themes — 9 Patched / 16 Unpatched

Theme Slug:
arrival

Downloads
126,390

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
cww-portfolio

Downloads
85,610

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
grace-mag

Downloads
70,093

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
opstore

Downloads
82,183

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
sirat

Downloads
355,294

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
xews-lite

Downloads
14,599

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme:

Altair

Theme Slug:
altair

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Celestial Aura

Theme Slug:
celestial-aura

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

CiyaShop

Theme Slug:
ciyashop

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Eximius

Theme Slug:
eximius

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Grand Restaurant WordPress

Theme Slug:
grandrestaurant

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Grand Restaurant WordPress

Theme Slug:
grandrestaurant

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
No Fix

Severity Score:
High

Theme:

Grand Restaurant WordPress

Theme Slug:
grandrestaurant

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Grand Restaurant WordPress

Theme Slug:
grandrestaurant

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Grand Restaurant WordPress

Theme Slug:
grandrestaurant

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Grip

Theme Slug:
grip

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme:

Betheme

Theme Slug:
betheme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
28.0.4

Severity Score:
Medium

Theme:

Dessau

Theme Slug:
dessau

Vulnerability:
Local File Inclusion

Patched in Version:
1.9

Severity Score:
High

Theme:

Dør

Theme Slug:
dor

Vulnerability:
Local File Inclusion

Patched in Version:
2.4.1

Severity Score:
High

Theme:

Eduma

Theme Slug:
eduma

Vulnerability:
Broken Access Control

Patched in Version:
5.6.5

Severity Score:
Medium

Theme:

Foton

Theme Slug:
foton

Vulnerability:
Local File Inclusion

Patched in Version:
2.6.1

Severity Score:
High

Theme:

Ivy School

Theme Slug:
ivy-school

Vulnerability:
Local File Inclusion

Patched in Version:
1.6.1

Severity Score:
High

Theme:

Real Estate 7

Theme Slug:
realestate-7

Vulnerability:
Privilege Escalation

Patched in Version:
3.5.3

Severity Score:
High

Theme:

Tastyc

Theme Slug:
tastyc

Vulnerability:
Local File Inclusion

Patched in Version:
2.5.2

Severity Score:
High

Theme:

Wanderland

Theme Slug:
wanderland

Vulnerability:
Local File Inclusion

Patched in Version:
1.7.2

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security



Source link

Previous

starting a shared web hosting business

Next

Tips for Technical Interviews – Web Performance and Site Speed Consultant

Leave a Reply