WordPress Vulnerability Report

WordPress Vulnerability Report – June 15, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of low, medium, high, or critical.

Avatar photo
SolidWP Editorial Team

Updated:Aug 4, 2023
Published:Jun 15, 2022

Filed Under:WordPress Vulnerability Report

Reading Time:10 min.

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of low, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Get SolidWP tips direct in your inbox

Sign up

This field is for validation purposes and should be left unchanged.
Placeholder text
Placeholder text
Thanks

Oops something went wrong, please try submitting again

Get started with confidence — risk free, guaranteed

WordPress Core Vulnerabilities

WordPress 6.0 “Arturo” has been released! This major version release of WordPress was “built to help you unlock your creative aspirations and make your site-building experience more intuitive,” including almost 1,000 enhancements and bug fixes. See what’s new in WordPress 6.0.

No new WordPress core vulnerabilities were disclosed this week.

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

Elementor

Plugin:
Elementor Website Builder
Installations:
5,000,000+
Vulnerability:
DOM Reflected Cross-Site Scripting
Patched in Version:
3.5.6
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 3.5.6.

WooCommerce PDF Invoices & Packing Slips

Plugin:
WooCommerce PDF Invoices & Packing Slips
Installations:
300,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
2.15.0
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 2.15.0.

ShortPixel Image Optimizer

Plugin:
ShortPixel Image Optimizer
Installations:
300,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
4.22.10
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 4.22.10.

WooCommerce Menu Cart

Plugin:
WooCommerce Menu Cart
Installations:
100,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
2.12.0
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 2.12.0.

404 to 301

Plugin:
404 to 301 – Redirect, Log and Notify 404 Errors
Installations:
100,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
3.1.2
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 3.1.2.

WP All Export

Plugin:
Export any WordPress data to XML/CSV
Installations:
90,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
1.3.6
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 1.3.6.

Checkout Fields Manager for WooCommerce

Plugin:
Checkout Fields Manager for WooCommerce
Installations:
90,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
5.5.7
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 5.5.7.

Gravity PDF

Plugin:
Gravity PDF
Installations:
50,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
6.3.1
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 6.3.1.

Easy Testimonials

Plugin:
Easy Testimonials
Installations:
30,000+
Vulnerability:
Reflected Cross-Site Scripting
Patched in Version:
3.9
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 3.9.

WP Contact Slider

Plugin:
WP Contact Slider
Installations:
10,000+
Vulnerability:
Editor+ Stored Cross-Site Scripting
Patched in Version:
2.4.7
Severity Score:
Low
The vulnerability has been patched, so you should update to version 2.4.7.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin.

Gallery Bank

Plugin:
Gallery Bank – WordPress Photo Gallery Plugin
Vulnerability:
Author+ Stored XSS via Media Upload Module; Author+ Stored XSS via Gallery Description
Patched in Version:
No Fix
Severity Score:
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Copify

Plugin:
Copify
Vulnerability:
Stored Cross-Site Scripting via CSRF
Patched in Version:
No Fix
Severity Score:
High
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Toolbar To Share

Plugin:
ToolBar to Share
Vulnerability:
Stored Cross-Site Scripting via CSRF
Patched in Version:
No Fix
Severity Score:
Medium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

No new WordPress theme vulnerabilities were disclosed this week.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Avatar photoSolidWP Editorial Team

Each week, the team at SolidWP team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, SolidWP has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Looking for iThemes?

Browse all of SolidWP's articles

Did you like this article? Spread the word:

Author:

Avatar photoSolidWP Editorial Team

Each week, the team at SolidWP team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, SolidWP has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Looking for iThemes?

Browse all of SolidWP's articles