WordPress Vulnerability Report — March 19, 2025

Apr 7, 2025

In this report, 173 vulnerabilities have been publicly disclosed. Security patches for 63 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 110 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 57 Patched / 105 Unpatched

2.1
Post Lockdown
2.2
Picture Gallery – Frontend Image Uploads, AJAX Photo List
2.3
CRM and Lead Management by vcita
2.4
WP Email Delivery
2.5
Video Share VOD – Turnkey Video Site Builder Script
2.6
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet
2.7
amoCRM WebForm
2.8
Another Events Calendar
2.9
ArielBrailovsky-ViralAd
2.10
AS English Admin
2.11
Awesome Surveys
2.12
Back To Top
2.13
Bee Layer Slider
2.14
binlayerpress
2.15
Block Spam By Math Reloaded
2.16
Block Spam By Math Reloaded
2.17
W3Counter Free Real-Time Web Stats
2.18
BlogBuzzTime for WP
2.19
CC-IMG-Shortcode
2.20
Builder for Contact Form 7 by Webconstruct
2.21
Contact Form 7 Select Box Editor Button
2.22
Contact Us By Lord Linus
2.23
Coronavirus (COVID-19) Notice Message
2.24
Custom Dashboard Page
2.25
custom-field-list-widget
2.26
Custom top bar
2.27
Delete Original Image
2.28
Display Template Name
2.29
Domain Theme
2.30
DP ALTerminator – Missing ALT manager
2.31
Easy Image Display
2.32
Email Keep
2.33
Email Keep
2.34
Featured Posts Grid
2.35
Frontpage category filter
2.36
FTP Sync
2.37
GetShop ecommerce
2.38
GetSocial
2.39
GNUCommerce
2.40
GNUPress
2.41
Go To Top
2.42
Google News Editors Picks Feed Generator
2.43
In Stock Mailer for WooCommerce
2.44
Insert Code
2.45
Lava Ajax Search
2.46
LinkedIn Lite
2.47
List Mixcloud
2.48
List of Posts from each Category plugin for WordPress
2.49
Login Logger
2.50
Lunar
2.51
MaxA/B
2.52
Members page only for logged in users
2.53
PHP/MySQL CPU performance statistics
2.54
No Disposable Email
2.55
pixelstats
2.56
PluginPass
2.57
Plugins Last Updated Column
2.58
Portfolio and Projects
2.59
Post Read Time
2.60
price-calc
2.61
Rankchecker.io Integration
2.62
Comment Date and Gravatar remover
2.63
Responsive Google Map
2.64
REST API TO MiniProgram
2.65
S3Bubble Media Streaming
2.66
Schedule
2.67
Schedule
2.68
SEO Tools
2.69
Simple Amazon Affiliate
2.70
Social Snap
2.71
Spam Byebye
2.72
Tabbed Login Widget
2.73
TabGarb Pro
2.74
TBTestimonials
2.75
ThemeEgg ToolKit
2.76
Featured Image Thumbnail Grid
2.77
Já-Já Pagamentos for WooCommerce
2.78
WP Add Active Class To Menu Item
2.79
WP Azure offload
2.80
WP Bulk Post Duplicator
2.81
WP Compare Tables
2.82
WP Crowdfunding
2.83
Hashtags
2.84
WP Hide Admin Bar
2.85
WP JobHunt
2.86
WP JobHunt
2.87
WP JobHunt
2.88
WP Last Modified
2.89
WP Login Control
2.90
Mobile Themes
2.91
WP No-Bot Question
2.92
WP Performance Pack
2.93
wordpress login form to anywhere
2.94
WP Simple Slideshow
2.95
Skitter Slideshow
2.96
WP SVG Upload
2.97
WP jQuery Persian Datepicker
2.98
WPSchoolPress
2.99
WPSchoolPress
2.100
WPSchoolPress
2.101
WPSchoolPress
2.102
XV Random Quotes
2.103
XV Random Quotes
2.104
ZipList Recipe
2.105
Zoorum Comments
2.106
WooCommerce
2.107
All-in-One WP Migration and Backup
2.108
Ad Inserter – Ad Manager & AdSense Ads
2.109
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD
2.110
Page Builder: Pagelayer – Drag and Drop website builder
2.111
Page Builder: Pagelayer – Drag and Drop website builder
2.112
Page Builder: Pagelayer – Drag and Drop website builder
2.113
LoginPress | wp-login Custom Login Page Customizer
2.114
Download Manager
2.115
ShareThis Dashboard for Google Analytics
2.116
HUSKY – Products Filter Professional for WooCommerce
2.117
HUSKY – Products Filter Professional for WooCommerce
2.118
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)
2.119
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
2.120
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
2.121
WP Recipe Maker
2.122
DethemeKit for Elementor
2.123
SecuPress Free — WordPress Security
2.124
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
2.125
InstaWP Connect – 1-click WP Staging & Migration
2.126
WP Test Email
2.127
Business Directory Plugin – Easy Listing Directories for WordPress
2.128
NEX-Forms – Ultimate Form Builder – Contact forms and much more
2.129
Qubely – Advanced Gutenberg Blocks
2.130
Review Schema – Review & Structure Data Schema Plugin
2.131
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
2.132
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
2.133
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
2.134
Thumbnail carousel slider
2.135
WPCOM Member
2.136
AppPresser – Mobile App Framework
2.137
WPCS – WordPress Currency Switcher Professional
2.138
Event post
2.139
Omnipress
2.140
Simple Photo Feed
2.141
Church Admin
2.142
Maintenance Notice
2.143
WATI Chat and Notification
2.144
Skrill – WooCommerce
2.145
Accounting for WooCommerce
2.146
IP Based Login
2.147
IP Based Login
2.148
pipDisqus – Lightweight Disqus Comments
2.149
Formality
2.150
WC Affiliate – A Complete WooCommerce Affiliate Plugin
2.151
Appsero Helper
2.152
BP Email Assign Templates
2.153
BP Email Assign Templates
2.154
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins
2.155
CM FAQ – Simplify support with an intuitive FAQ management tool
2.156
AnalyticsWP
2.157
Gtbabel
2.158
Realteo
2.159
Resido
2.160
Search Filter Pro
2.161
SoundRise Music
2.162
VidoRev Extensions

3. WordPress Themes — 6 Patched / 5 Unpatched

3.1
Civi
3.2
Civi
3.3
Civi
3.4
JobCareer
3.5
Zegen
3.6
Design Comuni Italia
3.7
Eco Nature
3.8
Industrial
3.9
Traveler
3.10
Traveler
3.11
Workreap

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8 Beta 3 is ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

WordPress Plugins — 57 Patched / 105 Unpatched

Plugin Slug:: post-lockdown
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: picture-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: crm-customer-relationship-management-by-vcita
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin Slug:: wp-email-delivery
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: video-share-vod
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: paid-membership
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: amoCRM WebForm
Plugin Slug:: amocrm-webform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Another Events Calendar
Plugin Slug:: another-events-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ArielBrailovsky-ViralAd
Plugin Slug:: arielbrailovsky-viralad
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: AS English Admin
Plugin Slug:: as-english-admin
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Awesome Surveys
Plugin Slug:: awesome-surveys
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Back To Top
Plugin Slug:: backtotop
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Bee Layer Slider
Plugin Slug:: bee-layer-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: binlayerpress
Plugin Slug:: binlayerpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Block Spam By Math Reloaded
Plugin Slug:: block-spam-by-math-reloaded
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Block Spam By Math Reloaded
Plugin Slug:: block-spam-by-math-reloaded
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: W3Counter Free Real-Time Web Stats
Plugin Slug:: blog-stats-by-w3counter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: BlogBuzzTime for WP
Plugin Slug:: blogbuzztime-for-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CC-IMG-Shortcode
Plugin Slug:: cc-img-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Builder for Contact Form 7 by Webconstruct
Plugin Slug:: cf7-builder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form 7 Select Box Editor Button
Plugin Slug:: contact-form-7-select-box-editor-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Us By Lord Linus
Plugin Slug:: contact-us-by-lord-linus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Coronavirus (COVID-19) Notice Message
Plugin Slug:: coronavirus-covid-19-notice-message
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Custom Dashboard Page
Plugin Slug:: custom-dashboard-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: custom-field-list-widget
Plugin Slug:: custom-field-list-widget
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Custom top bar
Plugin Slug:: custom-top-bar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Delete Original Image
Plugin Slug:: delete-original-image
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Display Template Name
Plugin Slug:: display-template-name
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Domain Theme
Plugin Slug:: domain-theme
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: DP ALTerminator – Missing ALT manager
Plugin Slug:: dp-alterminator-missing-alt-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy Image Display
Plugin Slug:: easy-image-display
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Email Keep
Plugin Slug:: email-keep
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Email Keep
Plugin Slug:: email-keep
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Featured Posts Grid
Plugin Slug:: featured-posts-grid
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Frontpage category filter
Plugin Slug:: frontpage-category-filter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: FTP Sync
Plugin Slug:: ftp-sync
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: GetShop ecommerce
Plugin Slug:: getshop-ecommerce
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High

Plugin:: GetSocial
Plugin Slug:: getsocial
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: GNUCommerce
Plugin Slug:: gnucommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: GNUPress
Plugin Slug:: gnupress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Go To Top
Plugin Slug:: go-to-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Google News Editors Picks Feed Generator
Plugin Slug:: google-news-editors-picks-news-feeds
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: In Stock Mailer for WooCommerce
Plugin Slug:: in-stock-mailer-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Insert Code
Plugin Slug:: insert-code
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Lava Ajax Search
Plugin Slug:: lava-ajax-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: LinkedIn Lite
Plugin Slug:: linkedin-lite
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High

Plugin:: List Mixcloud
Plugin Slug:: list-mixcloud
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: List of Posts from each Category plugin for WordPress
Plugin Slug:: list-posts-by-category
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Login Logger
Plugin Slug:: login-logger
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Lunar
Plugin Slug:: lunar-sell-photos-online
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: MaxA/B
Plugin Slug:: maxab
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Members page only for logged in users
Plugin Slug:: members-page-only-for-logged-in-users
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: PHP/MySQL CPU performance statistics
Plugin Slug:: mywebtonet-performancestats
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: No Disposable Email
Plugin Slug:: no-disposable-email
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: pixelstats
Plugin Slug:: pixelstats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: PluginPass
Plugin Slug:: pluginpass-pro-plugintheme-licensing
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Plugins Last Updated Column
Plugin Slug:: plugins-last-updated-column
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Portfolio and Projects
Plugin Slug:: portfolio-and-projects
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Post Read Time
Plugin Slug:: post-read-time
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: price-calc
Plugin Slug:: price-calc
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Rankchecker.io Integration
Plugin Slug:: rankchecker-io-integration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Comment Date and Gravatar remover
Plugin Slug:: remove-date-and-gravatar-under-comment
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Responsive Google Map
Plugin Slug:: responsive-google-map
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: REST API TO MiniProgram
Plugin Slug:: rest-api-to-miniprogram
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: S3Bubble Media Streaming
Plugin Slug:: s3bubble-amazon-web-services-oembed-media-streaming-support
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Schedule
Plugin Slug:: schedule
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Schedule
Plugin Slug:: schedule
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: SEO Tools
Plugin Slug:: seo-automatic-seo-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Simple Amazon Affiliate
Plugin Slug:: simple-amazon-affiliate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Social Snap
Plugin Slug:: socialsnap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Spam Byebye
Plugin Slug:: spam-byebye
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Tabbed Login Widget
Plugin Slug:: tabbed-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: TabGarb Pro
Plugin Slug:: tabgarb
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: TBTestimonials
Plugin Slug:: tb-testimonials
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ThemeEgg ToolKit
Plugin Slug:: themeegg-toolkit
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: Featured Image Thumbnail Grid
Plugin Slug:: thumbnail-grid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Já-Já Pagamentos for WooCommerce
Plugin Slug:: wc-ja-ja-pagamentos-multicaixa-express
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Add Active Class To Menu Item
Plugin Slug:: wp-add-active-class-to-menu-item
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Azure offload
Plugin Slug:: wp-azure-offload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Bulk Post Duplicator
Plugin Slug:: wp-bulk-post-duplicator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Compare Tables
Plugin Slug:: wp-compare-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Hashtags
Plugin Slug:: wp-hashtags
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Hide Admin Bar
Plugin Slug:: wp-hide-admin-bar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WP Last Modified
Plugin Slug:: wp-last-modified
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Login Control
Plugin Slug:: wp-login-control
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Mobile Themes
Plugin Slug:: wp-mobile-themes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP No-Bot Question
Plugin Slug:: wp-no-bot-question
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Performance Pack
Plugin Slug:: wp-performance-pack
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: wordpress login form to anywhere
Plugin Slug:: wp-show-login-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Simple Slideshow
Plugin Slug:: wp-simple-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Skitter Slideshow
Plugin Slug:: wp-skitter-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP SVG Upload
Plugin Slug:: wp-svg-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP jQuery Persian Datepicker
Plugin Slug:: wpjqp-datepicker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WPSchoolPress
Plugin Slug:: wpschoolpress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WPSchoolPress
Plugin Slug:: wpschoolpress
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WPSchoolPress
Plugin Slug:: wpschoolpress
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: WPSchoolPress
Plugin Slug:: wpschoolpress
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ZipList Recipe
Plugin Slug:: ziplist-recipe-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Zoorum Comments
Plugin Slug:: zoorum-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin Slug:: woocommerce
Installations: 8,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.7.1
Severity Score:: Medium

Plugin Slug:: all-in-one-wp-migration
Installations: 5,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 7.90
Severity Score:: High

Plugin Slug:: ad-inserter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High

Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium

Plugin Slug:: pagelayer
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium

Plugin Slug:: pagelayer
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.9
Severity Score:: Medium

Plugin Slug:: pagelayer
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.9
Severity Score:: Medium

Plugin Slug:: loginpress
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.0
Severity Score:: Medium

Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Path Traversal
Patched in Version:: 3.3.09
Severity Score:: Low

Plugin Slug:: googleanalytics
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.2
Severity Score:: Medium

Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6.5
Severity Score:: High

Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6.6
Severity Score:: High

Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium

Plugin Slug:: simply-schedule-appointments
Installations: 50,000+
Vulnerability:: Content Injection
Patched in Version:: 1.6.8.7
Severity Score:: High

Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.3
Severity Score:: Medium

Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.8.1
Severity Score:: Medium

Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium

Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3
Severity Score:: Medium

Plugin Slug:: gs-logo-slider
Installations: 30,000+
Vulnerability:: Content Injection
Patched in Version:: 3.7.4
Severity Score:: High

Plugin Slug:: instawp-connect
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 0.1.0.84
Severity Score:: High

Plugin Slug:: wp-test-email
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: High

Plugin Slug:: business-directory-plugin
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 6.4.15
Severity Score:: Medium

Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 8.8.2
Severity Score:: Medium

Plugin Slug:: qubely
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.14
Severity Score:: Medium

Plugin Slug:: review-schema
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.5
Severity Score:: High

Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.20.0
Severity Score:: Medium

Plugin Slug:: tripetto
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.10
Severity Score:: Medium

Plugin Slug:: tripetto
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.0.10
Severity Score:: High

Plugin Slug:: wp-responsive-thumbnail-slider
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.5
Severity Score:: High

Plugin Slug:: wpcom-member
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.7.7
Severity Score:: Critical

Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.11
Severity Score:: High

Plugin Slug:: currency-switcher
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.2.0.5
Severity Score:: High

Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.9
Severity Score:: Medium

Plugin Slug:: omnipress
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.5
Severity Score:: Medium

Plugin Slug:: simple-photo-feed
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.1
Severity Score:: Medium

Plugin Slug:: church-admin
Installations: 900+
Vulnerability:: SQL Injection
Patched in Version:: 5.0.19
Severity Score:: Critical

Plugin Slug:: maintenance-notice
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium

Plugin Slug:: wati-chat-and-notification
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.5
Severity Score:: High

Plugin Slug:: official-skrill-woocommerce
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.67
Severity Score:: Medium

Plugin Slug:: accounting-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9
Severity Score:: Medium

Plugin Slug:: ip-based-login
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.1
Severity Score:: Medium

Plugin Slug:: ip-based-login
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium

Plugin Slug:: pipdisqus
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium

Plugin Slug:: formality
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.8
Severity Score:: High

Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6
Severity Score:: Medium

Plugin Slug:: appsero-helper
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3
Severity Score:: High

Plugin Slug:: bp-email-assign-templates
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium

Plugin Slug:: bp-email-assign-templates
Installations: 50+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.8
Severity Score:: Medium

Plugin Slug:: reportattacks
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: 2.33
Severity Score:: High

Plugin Slug:: cm-faq
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: High

Plugin:: AnalyticsWP
Plugin Slug:: analyticswp
Vulnerability:: SQL Injection
Patched in Version:: 2.1.0
Severity Score:: Critical

Plugin Slug:: gtbabel
Vulnerability:: Privilege Escalation
Patched in Version:: 6.6.9
Severity Score:: High

Plugin:: Realteo
Plugin Slug:: realteo
Vulnerability:: Broken Authentication
Patched in Version:: 1.2.9
Severity Score:: Critical

Plugin:: Resido
Plugin Slug:: resido
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.1
Severity Score:: Medium

Plugin:: Search Filter Pro
Plugin Slug:: search-filter-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.20
Severity Score:: Medium

Plugin:: SoundRise Music
Plugin Slug:: soundrise-music
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1
Severity Score:: High

Plugin:: VidoRev Extensions
Plugin Slug:: vidorev-extensions
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.9.9.9.9.6
Severity Score:: Medium

WordPress Themes — 6 Patched / 5 Unpatched

Theme:: Civi
Theme Slug:: civi
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High

Theme:: Civi
Theme Slug:: civi
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical

Theme:: Civi
Theme Slug:: civi
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: JobCareer
Theme Slug:: jobcareer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Theme:: Zegen
Theme Slug:: zegen
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium

Theme:: Design Comuni Italia
Theme Slug:: design-comuni-wordpress-theme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High

Theme:: Eco Nature
Theme Slug:: eco-nature
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.0
Severity Score:: High

Theme:: Industrial
Theme Slug:: industrial
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.9
Severity Score:: High

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: High

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.9
Severity Score:: High

Theme:: Workreap
Theme Slug:: workreap
Vulnerability:: Privilege Escalation
Patched in Version:: 3.2.6
Severity Score:: Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Source link