WordPress Vulnerability Report — September 25, 2024

Since last week, 72 new vulnerabilities emerged in the WordPress ecosystem including 66 plugins and 6 themes. 24 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Sep 25, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:14 min.

In this report, 72 vulnerabilities have been publicly disclosed. Security patches for 48 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 24 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 46 Patched / 20 Unpatched

2.1 MC4WP: Mailchimp for WordPress
2.2 WCFM Marketplace – Multivendor Marketplace for WooCommerce
2.3 IMPress for IDX Broker
2.4 WPCargo Track & Trace
2.5 Product Carousel Slider & Grid Ultimate for WooCommerce
2.6 Spice Starter Sites
2.7 Gutenberg Blocks – Unlimited blocks For Gutenberg
2.8 Team Showcase
2.9 Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin
2.10 Accordion Image Menu
2.11 Thanh Toán Quét Mã QR Code T? ??ng
2.12 Kodex Posts likes
2.13 Limit Login Attempts Plus
2.14 Logo Manager For Enamad
2.15 Posts reminder
2.16 WooCommerce Multiple Free Gift
2.17 WP Category Dropdown
2.18 WP Custom Fields Search
2.19 WP Easy Gallery
2.20 WP Easy Gallery
2.21 MC4WP: Mailchimp for WordPress
2.22 W3 Total Cache
2.23 Backuply – Backup, Restore, Migrate and Clone
2.24 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.25 WooCommerce Multilingual & Multicurrency with WPML
2.26 FOX – Currency Switcher Professional for WooCommerce
2.27 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.28 Pixel Cat – Conversion Pixel Manager
2.29 Koko Analytics
2.30 Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.31 Greenshift – animation and page builder blocks
2.32 Themify – WooCommerce Product Filter
2.33 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin
2.34 SKT Templates – 100% free Elementor & Gutenberg templates
2.35 WP Hardening (discontinued)
2.36 BA Book Everything
2.37 BA Book Everything
2.38 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
2.39 Gum Elementor Addon
2.40 Maintenance Redirect
2.41 WP Booking System – Booking Calendar
2.42 WP Datepicker
2.43 Affiliate Program Suite — SliceWP Affiliates
2.44 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.45 Seriously Simple Stats
2.46 WP Travel – Ultimate Travel Booking System, Tour Management Engine
2.47 Garden Gnome Package
2.48 Geo Mashup
2.49 Waitlist Woocommerce ( Back in stock notifier )
2.50 PropertyHive
2.51 Simple Spoiler
2.52 Appointment & Event Booking Calendar Plugin – Webba Booking
2.53 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.54 AnWP Football Leagues
2.55 IdeaPush
2.56 Login with phone number
2.57 Share This Image
2.58 ShiftController Employee Shift Scheduling
2.59 Sunshine Photo Cart: Free Client Photo Galleries for Photographers
2.60 MDTF – Meta Data and Taxonomies Filter
2.61 MDTF – Meta Data and Taxonomies Filter
2.62 XT Ajax Add To Cart for WooCommerce
2.63 Webo-facto
2.64 WP Abstracts
2.65 Houzez Login Register
2.66 WooEvents

3. WordPress Themes — 2 Patched / 4 Unpatched

3.1 Blogvi
3.2 Roseta
3.3 Septera
3.4 Verbosa
3.5 Bricks Builder
3.6 Houzez

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.6.2 is available! This minor release includes 15 bug fixes in Core and 11 in the Block Editor, addressing issues like unexpected CSS specificity changes in certain themes.

WordPress Plugins — 46 Patched / 20 Unpatched

Plugin:: MC4WP: Mailchimp for WordPress
Plugin Slug:: mailchimp-for-wp
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8850

Plugin:: WCFM Marketplace – Multivendor Marketplace for WooCommerce
Plugin Slug:: wc-multivendor-marketplace
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44009

Plugin:: IMPress for IDX Broker
Plugin Slug:: idx-broker-platinum
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44047

Plugin:: WPCargo Track & Trace
Plugin Slug:: wpcargo
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-44004

Plugin:: Product Carousel Slider & Grid Ultimate for WooCommerce
Plugin Slug:: woo-product-carousel-slider-and-grid-ultimate
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44048

Plugin:: Spice Starter Sites
Plugin Slug:: spice-starter-sites
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44003

Plugin:: Gutenberg Blocks – Unlimited blocks For Gutenberg
Plugin Slug:: unlimited-blocks
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44049

Plugin:: Team Showcase
Plugin Slug:: team
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44002

Plugin:: Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin
Plugin Slug:: bus-booking-manager
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44037

Plugin:: Accordion Image Menu
Plugin Slug:: accordion-image-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8092

Plugin:: Thanh Toán Quét Mã QR Code T? ??ng
Plugin Slug:: bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8914

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44036

Plugin:: Limit Login Attempts Plus
Plugin Slug:: limit-login-attempts-plus
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-4533

Plugin:: Logo Manager For Enamad
Plugin Slug:: logo-manager-for-enamad
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5170

Plugin:: Posts reminder
Plugin Slug:: posts-reminder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8093

Plugin:: WooCommerce Multiple Free Gift
Plugin Slug:: woocommerce-multiple-free-gift
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-3459

Plugin:: WP Category Dropdown
Plugin Slug:: wp-category-dropdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8103

Plugin:: WP Custom Fields Search
Plugin Slug:: wp-custom-fields-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8364

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8437

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8436

Plugin:: MC4WP: Mailchimp for WordPress
Plugin Slug:: mailchimp-for-wp
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-8680

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.6
Severity Score:: Low
CVE:: 2023-5359

Plugin:: Backuply – Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.5
Severity Score:: High
CVE:: 2024-8669

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.28
Severity Score:: Medium
CVE:: 2024-44043

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.7
Severity Score:: Medium
CVE:: 2024-44006

Plugin:: FOX – Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2.2
Severity Score:: High
CVE:: 2024-8271

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2022-2439

Plugin:: Pixel Cat – Conversion Pixel Manager
Plugin Slug:: facebook-conversion-pixel
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: High
CVE:: 2024-8544

Plugin:: Koko Analytics
Plugin Slug:: koko-analytics
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.13
Severity Score:: High
CVE:: 2024-8662

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.3
Severity Score:: Medium
CVE:: 2024-8758

Plugin:: Greenshift – animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.4
Severity Score:: Medium
CVE:: 2024-44005

Plugin:: Themify – WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-44046

Plugin:: Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin
Plugin Slug:: mailoptin
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.70.4
Severity Score:: Medium
CVE:: 2024-8628

Plugin:: SKT Templates – 100% free Elementor & Gutenberg templates
Plugin Slug:: skt-templates
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.15
Severity Score:: High
CVE:: 2024-44007

Plugin:: WP Hardening (discontinued)
Plugin Slug:: wp-security-hardening
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-6641

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.21
Severity Score:: Medium
CVE:: 2024-8794

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.21
Severity Score:: High
CVE:: 2024-8795

Plugin:: Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.8.1.15
Severity Score:: Critical
CVE:: 2024-8791

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-44035

Plugin:: Maintenance Redirect
Plugin Slug:: jf3-maintenance-mode
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.1.0
Severity Score:: Low
CVE:: 2024-45453

Plugin:: WP Booking System – Booking Calendar
Plugin Slug:: wp-booking-system
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.19.9
Severity Score:: High
CVE:: 2024-8797

Plugin:: WP Datepicker
Plugin Slug:: wp-datepicker
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-44042

Plugin:: Affiliate Program Suite — SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.21
Severity Score:: High
CVE:: 2024-8714

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.79
Severity Score:: Medium
CVE:: 2024-8267

Plugin:: Seriously Simple Stats
Plugin Slug:: seriously-simple-stats
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: High
CVE:: 2024-8738

Plugin:: WP Travel – Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.4.0
Severity Score:: Medium
CVE:: 2024-44039

Plugin:: Garden Gnome Package
Plugin Slug:: garden-gnome-package
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-8657

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.13
Severity Score:: Medium
CVE:: 2024-44008

Plugin:: Waitlist Woocommerce ( Back in stock notifier )
Plugin Slug:: waitlist-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: High
CVE:: 2024-8724

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.20
Severity Score:: High
CVE:: 2024-8490

Plugin:: Simple Spoiler
Plugin Slug:: simple-spoiler
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2024-8479

Plugin:: Appointment & Event Booking Calendar Plugin – Webba Booking
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.50
Severity Score:: Medium
CVE:: 2024-8432

Plugin:: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.8.12
Severity Score:: High
CVE:: 2024-8246

Plugin:: AnWP Football Leagues
Plugin Slug:: football-leagues-by-anwppro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.16.8
Severity Score:: Medium
CVE:: 2024-8917

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.69
Severity Score:: Medium
CVE:: 2024-44041

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.50
Severity Score:: High
CVE:: 2024-6482

Plugin:: Share This Image
Plugin Slug:: share-this-image
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 2.04
Severity Score:: Medium
CVE:: 2024-8761

Plugin:: ShiftController Employee Shift Scheduling
Plugin Slug:: shiftcontroller
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.65
Severity Score:: Medium
CVE:: 2024-44040

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2024-44038

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.3.4
Severity Score:: High
CVE:: 2024-8624

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.4
Severity Score:: Medium
CVE:: 2024-8623

Plugin:: XT Ajax Add To Cart for WooCommerce
Plugin Slug:: xt-woo-ajax-add-to-cart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-8716

Plugin:: Webo-facto
Plugin Slug:: webo-facto-connector
Installations: 900+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.41
Severity Score:: Critical
CVE:: 2024-8853

Plugin:: WP Abstracts
Plugin Slug:: wp-abstracts-manuscripts-manager
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-44045

Plugin:: Houzez Login Register
Plugin Slug:: houzez-login-register
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-21743

Plugin:: WooEvents
Plugin Slug:: woo-events
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 4.1.3
Severity Score:: Critical
CVE:: 2024-8671

WordPress Themes — 2 Patched / 4 Unpatched

Theme:: Blogvi
Theme Slug:: blogvi
Downloads: 25,426
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35715

Theme:: Roseta
Theme Slug:: roseta
Downloads: 97,031
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-45451

Theme:: Septera
Theme Slug:: septera
Downloads: 126,076
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-45452

Theme:: Verbosa
Theme Slug:: verbosa
Downloads: 108,792
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44050

Theme:: Bricks Builder
Theme Slug:: bricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.2
Severity Score:: Medium
CVE:: 2023-3410

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-22303

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 46 Patched / 20 Unpatched

WordPress Themes — 2 Patched / 4 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Author:

Join us for the next Solid Academy Webinar!

What is a WordPress Phishing Attack?

Website Protection: 5 Ways to Keep Your Website Safe

23 Ideas To Grow Your WordPress Business in 2023

Author:

Sign up now — Get SolidWP updates and valuable content straight to your inbox

Sign up

Related Posts

WordPress Vulnerability Report — April 22, 2026

WordPress Vulnerability Report — April 15, 2026

WordPress Vulnerability Report — April 8, 2026

WordPress Vulnerability Report — April 1, 2026