WordPress Vulnerability Report — December 13, 2023
Since our last report, 110 new vulnerabilities have been publicly disclosed. Security patches for 49 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Since our last report, 110 new vulnerabilities have been publicly disclosed. Security patches for 49 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 61 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.
WordPress Plugins — 49 Patched / 61 Unpatched
Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50368
Custom Login
- Plugin:
- Custom Login
- Plugin Slug:
- custom-login
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49858
Login With Ajax
- Plugin:
- Login With Ajax
- Plugin Slug:
- login-with-ajax
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49859
Social Media Feather | social media sharing
- Plugin Slug:
- social-media-feather
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49861
Structured Content (JSON-LD) #wpsc
- Plugin Slug:
- structured-content
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49820
Structured Content (JSON-LD) #wpsc
- Plugin Slug:
- structured-content
- Installations:
- 30,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49819
LiveChat – WP live chat plugin for WordPress
- Plugin Slug:
- wp-live-chat-software-for-wordpress
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49821
Elementor Timeline Widget
- Plugin:
- Elementor Timeline Widget
- Plugin Slug:
- 3r-elementor-timeline-widget
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49755
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
- Plugin Slug:
- advanced-page-visit-counter
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50371
Annual Archive
- Plugin:
- Annual Archive
- Plugin Slug:
- anual-archive
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49847
AppMySite – Create an app with the Best Mobile App Builder
- Plugin Slug:
- appmysite
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49762
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49857
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49757
Event Manager, Event Calendar, Event Tickets for WooCommerce – Eventin
- Plugin Slug:
- wp-event-solution
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49756
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations:
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40003
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49860
Rocket Maintenance Mode & Coming Soon Page
- Plugin Slug:
- rocket-maintenance-mode
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49842
Author Avatars List/Block
- Plugin:
- Author Avatars List/Block
- Plugin Slug:
- author-avatars
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49846
Alt Manager
- Plugin:
- Alt Manager
- Plugin Slug:
- alt-manager
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50373
Custom Post Type Page Template
- Plugin Slug:
- custom-post-type-page-template
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50372
First Order Discount Woocommerce
- Plugin Slug:
- first-order-discount-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49843
Product Enquiry for WooCommerce
- Plugin Slug:
- gm-woocommerce-quote-popup
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49761
Redirects
- Plugin:
- Redirects
- Plugin Slug:
- redirects
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49845
Multi Currency For WooCommerce
- Plugin Slug:
- wc-multi-currency
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49840
WPPerformanceTester
- Plugin:
- WPPerformanceTester
- Plugin Slug:
- wpperformancetester
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49844
Alma – Pay in installments or later for WooCommerce
- Plugin Slug:
- alma-gateway-for-woocommerce
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50369
Menu Bar Cart Icon For WooCommerce By Binary Carpenter
- Plugin Slug:
- bc-menu-cart-woo
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49855
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
- Plugin Slug:
- biteship
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49767
Block for Font Awesome
- Plugin:
- Block for Font Awesome
- Plugin Slug:
- block-for-font-awesome
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49751
Bulk Edit Post Titles
- Plugin:
- Bulk Edit Post Titles
- Plugin Slug:
- bulk-edit-post-titles
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49754
Responsive Slick Slider WordPress
- Plugin Slug:
- responsive-slick-slider
- Installations:
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49852
Square Thumbnails
- Plugin:
- Square Thumbnails
- Plugin Slug:
- square-thumbnails
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49851
WordPress Simple HTML Sitemap
- Plugin Slug:
- wp-simple-html-sitemap
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49850
WPsoonOnlinePage
- Plugin:
- WPsoonOnlinePage
- Plugin Slug:
- wp-soononline-page
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49760
SharkDropship & Affiliate for AliExpress, eBay, Amazon, Etsy
- Plugin Slug:
- woo-aliexpress-dropshipping
- Installations:
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49848
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49774
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49812
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49813
WooDiscuz – WooCommerce Comments
- Plugin:
- WooDiscuz – WooCommerce Comments
- Plugin Slug:
- woodiscuz-woocommerce-comments
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49759
Webflow Pages
- Plugin:
- Webflow Pages
- Plugin Slug:
- webflow-pages
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49818
WappPress
- Plugin:
- WappPress
- Plugin Slug:
- wapppress-builds-android-app-for-website
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49815
Symbiostock Lite
- Plugin:
- Symbiostock Lite
- Plugin Slug:
- symbiostock
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49814
Sayfa Sayaç
- Plugin:
- Sayfa Sayaç
- Plugin Slug:
- sayfa-sayac
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49776
Sayfa Sayaç
- Plugin:
- Sayfa Sayaç
- Plugin Slug:
- sayfa-sayac
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49778
PayTR Taksit Tablosu
- Plugin:
- PayTR Taksit Tablosu
- Plugin Slug:
- paytr-taksit-tablosu-woocommerce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49853
Partdo Core
- Plugin:
- Partdo Core
- Plugin Slug:
- partdo-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
Optin Forms
- Plugin:
- Optin Forms
- Plugin Slug:
- optin-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49841
Medibazar Core
- Plugin:
- Medibazar Core
- Plugin Slug:
- medibazar-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
Smart External Link Click Monitor [Link Log]
- Plugin:
- Smart External Link Click Monitor [Link Log]
- Plugin Slug:
- link-log
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49770
Smart External Link Click Monitor [Link Log]
- Plugin:
- Smart External Link Click Monitor [Link Log]
- Plugin Slug:
- link-log
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49771
Genesis Simple Love
- Plugin:
- Genesis Simple Love
- Plugin Slug:
- genesis-simple-love
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49772
Furnob Core
- Plugin:
- Furnob Core
- Plugin Slug:
- furnob-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
Flexible Woocommerce Checkout Field Editor
- Plugin:
- Flexible Woocommerce Checkout Field Editor
- Plugin Slug:
- flexible-woocommerce-checkout-field-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49817
Fix My Feed RSS Repair
- Plugin:
- Fix My Feed RSS Repair
- Plugin Slug:
- fix-my-feed-rss-repair
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49816
Digital Publications by Supsystic
- Plugin:
- Digital Publications by Supsystic
- Plugin Slug:
- digital-publications-by-supsystic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5756
CSV Importer
- Plugin:
- CSV Importer
- Plugin Slug:
- csv-importer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49775
CSprite
- Plugin:
- CSprite
- Plugin Slug:
- csprite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49763
Cosmetsy Core
- Plugin:
- Cosmetsy Core
- Plugin Slug:
- cosmetsy-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
Clotya Core
- Plugin:
- Clotya Core
- Plugin Slug:
- clotya-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
BCorp Shortcodes
- Plugin:
- BCorp Shortcodes
- Plugin Slug:
- bcorp-shortcodes
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-49773
Bacola Core
- Plugin:
- Bacola Core
- Plugin Slug:
- bacola-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49839
Elementor Website Builder – More than Just a Page Builder
- Plugin Slug:
- elementor
- Installations:
- 5,000,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.18.2
- Severity Score:
- Critical
- CVE:
- 2023-48777
WooPayments – Fully Integrated Solution Built and Supported by Woo
- Plugin Slug:
- woocommerce-payments
- Installations:
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
- CVE:
- 2023-49828
Spectra – WordPress Gutenberg Blocks
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations:
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.10
- Severity Score:
- Medium
- CVE:
- 2023-49833
MW WP Form
- Plugin:
- MW WP Form
- Plugin Slug:
- mw-wp-form
- Installations:
- 200,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.0.2
- Severity Score:
- Critical
- CVE:
- 2023-6316
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.3
- Severity Score:
- High
- CVE:
- 2023-6000
Post Duplicator
- Plugin:
- Post Duplicator
- Plugin Slug:
- post-duplicator
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.32
- Severity Score:
- Medium
- CVE:
- 2023-49835
Advanced Database Cleaner
- Plugin:
- Advanced Database Cleaner
- Plugin Slug:
- advanced-database-cleaner
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.3
- Severity Score:
- High
- CVE:
- 2023-49764
Burst Statistics – Privacy-Friendly Analytics for WordPress
- Plugin Slug:
- burst-statistics
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.0
- Severity Score:
- Critical
- CVE:
- 2023-5761
Shortcoder — Create Shortcodes for Anything
- Plugin Slug:
- shortcoder
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.1
- Severity Score:
- Medium
- CVE:
- 2023-49849
SpeedyCache – Cache, Optimization, Performance
- Plugin Slug:
- speedycache
- Installations:
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2023-49746
Backup Migration
- Plugin:
- Backup Migration
- Plugin Slug:
- backup-backup
- Installations:
- 90,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.3.8
- Severity Score:
- Critical
- CVE:
- 2023-6553
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.24.4
- Severity Score:
- Medium
- CVE:
- 2023-6624
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations:
- 80,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.24.3
- Severity Score:
- Medium
- CVE:
- 2023-6583
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-49829
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.41
- Severity Score:
- Medium
- CVE:
- 2023-6446
Site Reviews
- Plugin:
- Site Reviews
- Plugin Slug:
- site-reviews
- Installations:
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.10.3
- Severity Score:
- Medium
- CVE:
- 2023-49832
Ultimate Dashboard – Custom WordPress Dashboard
- Plugin Slug:
- ultimate-dashboard
- Installations:
- 60,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.7.11
- Severity Score:
- Low
- CVE:
- 2023-49822
FOX – Currency Switcher Professional for WooCommerce
- Plugin Slug:
- woocommerce-currency-switcher
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.1.5
- Severity Score:
- Medium
- CVE:
- 2023-49834
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
- CVE:
- 2023-49823
Ultimate Addons for Contact Form 7
- Plugin Slug:
- ultimate-addons-for-contact-form-7
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.1
- Severity Score:
- High
- CVE:
- 2023-49766
Ibtana – WordPress Website Builder
- Plugin Slug:
- ibtana-visual-editor
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2.1
- Severity Score:
- Medium
- CVE:
- 2023-6684
Rate my Post – WP Rating System
- Plugin Slug:
- rate-my-post
- Installations:
- 20,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-49765
Code Embed
- Plugin:
- Code Embed
- Plugin Slug:
- simple-embed-code
- Installations:
- 20,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 2.3.7
- Severity Score:
- Medium
- CVE:
- 2023-49837
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations:
- 20,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.9.7
- Severity Score:
- Medium
- CVE:
- 2023-6120
WPBakery Page Builder Addons by Livemesh
- Plugin Slug:
- addons-for-visual-composer
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6
- Severity Score:
- Medium
- CVE:
- 2023-50370
Cookie Bar
- Plugin:
- Cookie Bar
- Plugin Slug:
- cookie-bar
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2023-49836
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.3.1
- Severity Score:
- High
- CVE:
- 2023-49831
WP Booking System – Booking Calendar
- Plugin Slug:
- wp-booking-system
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.19.3
- Severity Score:
- Medium
- CVE:
- 2023-49758
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations:
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.85
- Severity Score:
- High
- CVE:
- 2023-49856
Product Catalog Feed by PixelYourSite
- Plugin Slug:
- product-catalog-feed
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2023-49824
Guest Author
- Plugin:
- Guest Author
- Plugin Slug:
- guest-author
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4
- Severity Score:
- Medium
- CVE:
- 2023-49747
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!
- Plugin Slug:
- suretriggers
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.24
- Severity Score:
- Medium
- CVE:
- 2023-49749
Dashboard Widgets Suite
- Plugin:
- Dashboard Widgets Suite
- Plugin Slug:
- dashboard-widgets-suite
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-49743
Gift Up Gift Cards for WordPress and WooCommerce
- Plugin Slug:
- gift-up
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.22
- Severity Score:
- Medium
- CVE:
- 2023-49744
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site
- Plugin Slug:
- integrate-google-drive
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2023-49769
Caddy – Smart Side Cart for WooCommerce
- Plugin Slug:
- caddy
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9.8
- Severity Score:
- Medium
- CVE:
- 2023-49854
Email Subscription Popup
- Plugin:
- Email Subscription Popup
- Plugin Slug:
- email-subscribe
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.19
- Severity Score:
- High
- CVE:
- 2023-6527
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.6
- Severity Score:
- Medium
- CVE:
- 2023-49745
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations:
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-5713
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations:
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-5711
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations:
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-5712
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations:
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-5714
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations:
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-5710
ArtPlacer Widget
- Plugin:
- ArtPlacer Widget
- Plugin Slug:
- artplacer-widget
- Installations:
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.20.7
- Severity Score:
- High
- CVE:
- 2023-6373
Couponis Demo
- Plugin:
- Couponis Demo
- Plugin Slug:
- couponis-demo
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.2
- Severity Score:
- Critical
- CVE:
- 2023-49750
Burst Statistics Pro
- Plugin:
- Burst Statistics Pro
- Plugin Slug:
- burst-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.1
- Severity Score:
- Critical
- CVE:
- 2023-5761
Astra Pro
- Plugin:
- Astra Pro
- Plugin Slug:
- astra-addon
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.3.2
- Severity Score:
- Critical
- CVE:
- 2023-49830
Adifier System
- Plugin:
- Adifier System
- Plugin Slug:
- adifier-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.4
- Severity Score:
- Critical
- CVE:
- 2023-49752
Adifier System
- Plugin:
- Adifier System
- Plugin Slug:
- adifier-system
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.1.4
- Severity Score:
- High
- CVE:
- 2023-49753
WordPress Themes — 0 Patched / 0 Unpatched
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
