WordPress Vulnerability Report — December 6, 2023
Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user and have activated version management, any vulnerable plugins with security updates available may have had them applied automatically.
Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user and have activated version management, any vulnerable plugins with security updates available may have had them applied automatically.
Additionally, there are 80 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core — Security Update!
WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.
WordPress 6.4.1 was released on November 8, 2023, as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7, 2023, as the third major release of the year. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins — 124 Patched / 80 Unpatched
Nested Pages
- Plugin:
- Nested Pages
- Plugin Slug:
- wp-nested-pages
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49195
Aruba HiSpeed Cache
- Plugin:
- Aruba HiSpeed Cache
- Plugin Slug:
- aruba-hispeed-cache
- Installations:
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-44983
Simple Calendar – Google Calendar Plugin
- Plugin Slug:
- google-calendar-events
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49151
Enhanced Text Widget
- Plugin:
- Enhanced Text Widget
- Plugin Slug:
- enhanced-text-widget
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49192
Grow Social
- Plugin:
- Grow Social
- Plugin Slug:
- social-pug
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49193
Site Offline Or Coming Soon Or Maintenance Mode
- Plugin Slug:
- site-offline
- Installations:
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49190
GoDaddy Email Marketing
- Plugin:
- GoDaddy Email Marketing
- Plugin Slug:
- godaddy-email-marketing-sign-up-forms
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49156
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
- Plugin:
- Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
- Plugin Slug:
- happyforms
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48752
Restricted Site Access
- Plugin:
- Restricted Site Access
- Plugin Slug:
- restricted-site-access
- Installations:
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48753
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
- Plugin Slug:
- wp-event-manager
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49181
Elementor Timeline Widget
- Plugin:
- Elementor Timeline Widget
- Plugin Slug:
- 3r-elementor-timeline-widget
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49755
AppMySite – Create an app with the Best Mobile App Builder
- Plugin Slug:
- appmysite
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49762
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49757
Business Directory Plugin – Easy Listing Directories for WordPress
- Plugin Slug:
- business-directory-plugin
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5803
Forms by CaptainForm – Form Builder for WordPress
- Plugin Slug:
- captainform
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49170
Coming soon and Maintenance mode
- Plugin Slug:
- coming-soon-page
- Installations:
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2023-49741
Quantity Plus Minus Button for WooCommerce by CodeAstrology
- Plugin Slug:
- wc-quantity-plus-minus-button
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48768
Event Manager, Event Calendar, Event Tickets for WooCommerce – Eventin
- Plugin Slug:
- wp-event-solution
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49756
MkRapel Regiones y Ciudades de Chile para WC
- Plugin Slug:
- wc-ciudades-y-regiones-de-chile
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48781
SoundCloud Shortcode
- Plugin:
- SoundCloud Shortcode
- Plugin Slug:
- soundcloud-shortcode
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-34018
Button Generator – easily Button Builder
- Plugin Slug:
- button-generation
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49155
Button Generator – easily Button Builder
- Plugin Slug:
- button-generation
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49154
Ads by datafeedr.com
- Plugin:
- Ads by datafeedr.com
- Plugin Slug:
- ads-by-datafeedrcom
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49169
Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates
- Plugin Slug:
- affiliatebooster-blocks
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49148
Aparat
- Plugin:
- Aparat
- Plugin Slug:
- aparat
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48770
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…
- Plugin Slug:
- ladipage
- Installations:
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49158
Social Share Buttons & Analytics Plugin – GetSocial.io
- Plugin Slug:
- wp-share-buttons-analytics-by-getsocial
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49189
Client Dash
- Plugin:
- Client Dash
- Plugin Slug:
- client-dash
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49165
CommentLuv
- Plugin:
- CommentLuv
- Plugin Slug:
- commentluv
- Installations:
- 4,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49159
Campaign Monitor for WordPress
- Plugin Slug:
- forms-for-campaign-monitor
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-38474
Product Size Chart For WooCommerce
- Plugin Slug:
- product-size-chart-for-woo
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48778
which template file
- Plugin:
- which template file
- Plugin Slug:
- which-template-file
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49177
Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
- Plugin:
- Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
- Plugin Slug:
- chat-bubble
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48769
Database for CF7
- Plugin:
- Database for CF7
- Plugin Slug:
- database-for-cf7
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49167
Formzu WP
- Plugin:
- Formzu WP
- Plugin Slug:
- formzu-wp
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49160
Add to Cart Text Changer and Customize Button, Add Custom Icon
- Plugin Slug:
- woo-add-to-cart-text-change
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49153
WooCommerce Login Redirect
- Plugin:
- WooCommerce Login Redirect
- Plugin Slug:
- woo-login-redirect
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48773
Crypto Converter ? Widget
- Plugin:
- Crypto Converter ? Widget
- Plugin Slug:
- crypto-converter-widget
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49150
Doofinder WP & WooCommerce Search
- Plugin Slug:
- doofinder-for-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49185
File Gallery
- Plugin:
- File Gallery
- Plugin Slug:
- file-gallery
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48771
Product Enquiry for WooCommerce
- Plugin Slug:
- gm-woocommerce-quote-popup
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49761
WordPress Brute Force Protection – Stop Brute Force Attacks
- Plugin Slug:
- guardgiant
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48764
Multiple Post Passwords
- Plugin:
- Multiple Post Passwords
- Plugin Slug:
- multiple-post-passwords
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49157
Sign In Scheduling Online Appointment Booking System
- Plugin Slug:
- 10to8-online-booking
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49173
360 Javascript Viewer
- Plugin:
- 360 Javascript Viewer
- Plugin Slug:
- 360deg-javascript-viewer
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48779
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
- Plugin Slug:
- adfoxly
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46617
Automatic Youtube Video Posts Plugin
- Plugin Slug:
- automatic-youtube-video-posts
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49180
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
- Plugin Slug:
- biteship
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49767
Block for Font Awesome
- Plugin:
- Block for Font Awesome
- Plugin Slug:
- block-for-font-awesome
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49751
Bulk Edit Post Titles
- Plugin:
- Bulk Edit Post Titles
- Plugin Slug:
- bulk-edit-post-titles
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49754
canvasio3D Light
- Plugin:
- canvasio3D Light
- Plugin Slug:
- canvasio3d-light
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48776
Credit Tracker
- Plugin:
- Credit Tracker
- Plugin Slug:
- credit-tracker
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49152
Currency Converter Calculator
- Plugin Slug:
- currency-converter-calculator
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49149
Event post
- Plugin:
- Event post
- Plugin Slug:
- event-post
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49179
Importify – Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More
- Plugin:
- Importify – Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More
- Plugin Slug:
- importify
- Installations:
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49194
KP Fastest Tawk.to Chat
- Plugin:
- KP Fastest Tawk.to Chat
- Plugin Slug:
- kp-fastest-tawk-to-chat
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49175
List all posts by Authors, nested Categories and Titles
- Plugin Slug:
- list-all-posts-by-authors-nested-categories-and-titles
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49182
Parallax Slider Block
- Plugin:
- Parallax Slider Block
- Plugin Slug:
- parallax-slider-block
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49184
Prevent Landscape Rotation
- Plugin:
- Prevent Landscape Rotation
- Plugin Slug:
- prevent-landscape-rotation
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48772
SVGator – Add Animated SVG Easily
- Plugin Slug:
- svgator
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48766
WP Catalogue
- Plugin:
- WP Catalogue
- Plugin Slug:
- wp-catalogue
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48780
WP CleanFix
- Plugin:
- WP CleanFix
- Plugin Slug:
- wp-cleanfix
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48775
WPsoonOnlinePage
- Plugin:
- WPsoonOnlinePage
- Plugin Slug:
- wp-soononline-page
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49760
BigCommerce For WordPress
- Plugin:
- BigCommerce For WordPress
- Plugin Slug:
- bigcommerce
- Installations:
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49162
HDW Player Plugin (Video Player & Video Gallery)
- Plugin Slug:
- hdw-player-video-player-video-gallery
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49178
Track Geolocation Of Users Using Contact Form 7
- Plugin Slug:
- track-geolocation-of-users-using-contact-form-7
- Installations:
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49188
Bravo Translate
- Plugin:
- Bravo Translate
- Plugin Slug:
- bravo-translate
- Installations:
- 500+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49161
GDPR Cookie Consent by Supsystic
- Plugin Slug:
- gdpr-compliance-by-supsystic
- Installations:
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49191
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
- Plugin Slug:
- evergreen-content-poster
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-41127
Innovs HR – Complete Human Resource Management System for Your Business
- Plugin Slug:
- innovs-hr-manager
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49171
Simple Long Form
- Plugin:
- Simple Long Form
- Plugin Slug:
- simple-long-form
- Installations:
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-41136
WP Pocket URLs
- Plugin:
- WP Pocket URLs
- Plugin Slug:
- wp-pocket-urls
- Installations:
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49176
BrainCert – HTML5 Virtual Classroom
- Plugin Slug:
- html5-virtual-classroom
- Installations:
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49172
MSync
- Plugin:
- MSync
- Plugin Slug:
- msync
- Installations:
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49166
MyTube PlayList
- Plugin:
- MyTube PlayList
- Plugin Slug:
- mytube
- Installations:
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48767
WooDiscuz – WooCommerce Comments
- Plugin:
- WooDiscuz – WooCommerce Comments
- Plugin Slug:
- woodiscuz-woocommerce-comments
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49759
Powr Pack
- Plugin:
- Powr Pack
- Plugin Slug:
- powr-pack
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-45609
Machic Core
- Plugin:
- Machic Core
- Plugin Slug:
- machic-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-49186
Delete Post Revisions In WordPress
- Plugin:
- Delete Post Revisions In WordPress
- Plugin Slug:
- delete-post-revisions-on-single-click
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48754
CSprite
- Plugin:
- CSprite
- Plugin Slug:
- csprite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-49763
Contact Form 7
- Plugin:
- Contact Form 7
- Plugin Slug:
- contact-form-7
- Installations:
- 5,000,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.8.4
- Severity Score:
- Medium
- CVE:
- 2023-6449
Antispam Bee
- Plugin:
- Antispam Bee
- Plugin Slug:
- antispam-bee
- Installations:
- 700,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.11.4
- Severity Score:
- Medium
- CVE:
- 2023-41134
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations:
- 700,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2023-49164
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations:
- 600,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2023-6226
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations:
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2023-6225
SiteOrigin Widgets Bundle
- Plugin:
- SiteOrigin Widgets Bundle
- Plugin Slug:
- so-widgets-bundle
- Installations:
- 600,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.51.0
- Severity Score:
- High
- CVE:
- 2023-6295
MW WP Form
- Plugin:
- MW WP Form
- Plugin Slug:
- mw-wp-form
- Installations:
- 200,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.0.2
- Severity Score:
- Critical
- CVE:
- 2023-6316
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2023-49196
Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2023-49174
Advanced Database Cleaner
- Plugin:
- Advanced Database Cleaner
- Plugin Slug:
- advanced-database-cleaner
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.3
- Severity Score:
- High
- CVE:
- 2023-49764
Email Address Encoder
- Plugin:
- Email Address Encoder
- Plugin Slug:
- email-address-encoder
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
- 2023-48765
SpeedyCache – Cache, Optimization, Performance
- Plugin Slug:
- speedycache
- Installations:
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2023-49746
HUSKY – Products Filter for WooCommerce Professional
- Plugin Slug:
- woocommerce-products-filter
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.4.3
- Severity Score:
- Critical
- CVE:
- 2023-40010
Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina)
- Plugin Slug:
- wp-retina-2x
- Installations:
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.4.6
- Severity Score:
- Medium
- CVE:
- 2023-44982
Backup Migration
- Plugin:
- Backup Migration
- Plugin Slug:
- backup-backup
- Installations:
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.7
- Severity Score:
- High
- CVE:
- 2023-6266
NextScripts: Social Networks Auto-Poster
- Plugin Slug:
- social-networks-auto-poster-facebook-twitter-g
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- High
- CVE:
- 2023-49183
Razorpay for WooCommerce
- Plugin:
- Razorpay for WooCommerce
- Plugin Slug:
- woo-razorpay
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.5.7
- Severity Score:
- Medium
Razorpay for WooCommerce
- Plugin:
- Razorpay for WooCommerce
- Plugin Slug:
- woo-razorpay
- Installations:
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.7
- Severity Score:
- Medium
CF7 Google Sheets Connector
- Plugin:
- CF7 Google Sheets Connector
- Plugin Slug:
- cf7-google-sheets-connector
- Installations:
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.0.6
- Severity Score:
- High
- CVE:
- 2023-44989
JetFormBuilder — Dynamic Blocks Form Builder
- Plugin Slug:
- jetformbuilder
- Installations:
- 40,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.1.5
- Severity Score:
- Medium
- CVE:
- 2023-48763
Media File Renamer: Rename Files (Manual, Auto & AI)
- Plugin Slug:
- media-file-renamer
- Installations:
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.7.0
- Severity Score:
- Medium
- CVE:
- 2023-44991
Ultimate Addons for Contact Form 7
- Plugin Slug:
- ultimate-addons-for-contact-form-7
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.1
- Severity Score:
- High
- CVE:
- 2023-49766
Abandoned Cart Lite for WooCommerce
- Plugin Slug:
- woocommerce-abandoned-cart
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.16.2
- Severity Score:
- Medium
- CVE:
- 2023-41671
Rate my Post – WP Rating System
- Plugin Slug:
- rate-my-post
- Installations:
- 20,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-49765
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.20.29
- Severity Score:
- High
- CVE:
- 2023-49740
Video PopUp
- Plugin:
- Video PopUp
- Plugin Slug:
- video-popup
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- CVE:
- 2023-4962
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce
- Plugin Slug:
- wc-multivendor-marketplace
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2023-4960
YASR – Yet Another Star Rating Plugin for WordPress
- Plugin Slug:
- yet-another-stars-rating
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.4
- Severity Score:
- Medium
- CVE:
- 2023-39305
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
- Plugin Slug:
- bookingpress-appointment-booking
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.77
- Severity Score:
- Medium
- CVE:
- 2023-6219
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2023-49168
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-47645
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
- Plugin Slug:
- molongui-authorship
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.20
- Severity Score:
- Medium
- CVE:
- 2023-39921
Participants Database
- Plugin:
- Participants Database
- Plugin Slug:
- participants-database
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- CVE:
- 2023-48751
Qode Essential Addons
- Plugin:
- Qode Essential Addons
- Plugin Slug:
- qode-essential-addons
- Installations:
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.5.3
- Severity Score:
- Critical
- CVE:
- 2023-47840
WP Tripadvisor Review Widgets
- Plugin Slug:
- review-widgets-for-tripadvisor
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Swift Performance Lite
- Plugin:
- Swift Performance Lite
- Plugin Slug:
- swift-performance-lite
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.6.15
- Severity Score:
- Medium
- CVE:
- 2023-6289
WP Booking System – Booking Calendar
- Plugin Slug:
- wp-booking-system
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.19.3
- Severity Score:
- Medium
- CVE:
- 2023-49758
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
- Plugin Slug:
- wp-scheduled-posts
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.5
- Severity Score:
- Medium
Chatbot for WordPress ??
- Plugin:
- Chatbot for WordPress ??
- Plugin Slug:
- collectchat
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2023-5691
Widgets for Reviews & Recommendations
- Plugin Slug:
- free-facebook-reviews-and-recommendations-widgets
- Installations:
- 7,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Guest Author
- Plugin:
- Guest Author
- Plugin Slug:
- guest-author
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4
- Severity Score:
- Medium
- CVE:
- 2023-49747
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!
- Plugin Slug:
- suretriggers
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.24
- Severity Score:
- Medium
- CVE:
- 2023-49749
Export WP Page to Static HTML/CSS
- Plugin Slug:
- export-wp-page-to-static-html
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2023-6369
Void Elementor Post Grid Addon for Elementor Page builder
- Plugin Slug:
- void-elementor-post-grid-addon-for-elementor-page-builder
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2023-48750
Dashboard Widgets Suite
- Plugin:
- Dashboard Widgets Suite
- Plugin Slug:
- dashboard-widgets-suite
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-49743
Gift Up Gift Cards for WordPress and WooCommerce
- Plugin Slug:
- gift-up
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.22
- Severity Score:
- Medium
- CVE:
- 2023-49744
Widgets for Booking.com Reviews
- Plugin Slug:
- review-widgets-for-booking-com
- Installations:
- 5,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Airbnb Reviews
- Plugin:
- Widgets for Airbnb Reviews
- Plugin Slug:
- review-widgets-for-airbnb
- Installations:
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.6
- Severity Score:
- Medium
- CVE:
- 2023-49745
UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping
- Plugin Slug:
- wc-multishipping
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
affiliate-toolkit – WordPress Affiliate Plugin
- Plugin Slug:
- affiliate-toolkit-starter
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.4
- Severity Score:
- High
- CVE:
- 2023-46086
BSK Forms Blacklist
- Plugin:
- BSK Forms Blacklist
- Plugin Slug:
- bsk-gravityforms-blacklist
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7
- Severity Score:
- Medium
- CVE:
- 2023-5980
Customer Reviews Collector for WooCommerce
- Plugin Slug:
- customer-reviews-collector-for-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.0
- Severity Score:
- High
- CVE:
- 2023-48275
DoFollow Case by Case
- Plugin:
- DoFollow Case by Case
- Plugin Slug:
- dofollow-case-by-case
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2023-49197
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.0.6
- Severity Score:
- Medium
- CVE:
- 2023-49163
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.0.5
- Severity Score:
- Medium
- CVE:
- 2023-48755
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2023-5772
IdeaPush
- Plugin:
- IdeaPush
- Plugin Slug:
- ideapush
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.58
- Severity Score:
- Medium
- CVE:
- 2023-48774
Widgets for Amazon Reviews
- Plugin:
- Widgets for Amazon Reviews
- Plugin Slug:
- review-widgets-for-amazon
- Installations:
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
12 Step Meeting List
- Plugin:
- 12 Step Meeting List
- Plugin Slug:
- 12-step-meeting-list
- Installations:
- 900+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.14.25
- Severity Score:
- Medium
- CVE:
- 2023-46641
Widgets for Yelp Reviews
- Plugin:
- Widgets for Yelp Reviews
- Plugin Slug:
- reviews-widgets-for-yelp
- Installations:
- 800+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Best Chart Plugin – Chartify
- Plugin:
- Best Chart Plugin – Chartify
- Plugin Slug:
- chart-builder
- Installations:
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.7
- Severity Score:
- Medium
Widgets for Thumbtack Reviews
- Plugin Slug:
- widgets-for-thumbtack-reviews
- Installations:
- 300+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Ebay Reviews
- Plugin:
- Widgets for Ebay Reviews
- Plugin Slug:
- widgets-for-ebay-reviews
- Installations:
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Capterra Reviews
- Plugin:
- Widgets for Capterra Reviews
- Plugin Slug:
- review-widgets-for-capterra
- Installations:
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Zillow Reviews
- Plugin:
- Widgets for Zillow Reviews
- Plugin Slug:
- widgets-for-zillow-reviews
- Installations:
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for WordPress Reviews
- Plugin Slug:
- reviews-widgets
- Installations:
- 50+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Expedia Reviews
- Plugin:
- Widgets for Expedia Reviews
- Plugin Slug:
- widgets-for-expedia-reviews
- Installations:
- 40+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Opentable Reviews
- Plugin Slug:
- review-widgets-for-opentable
- Installations:
- 30+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Hotels.com Reviews
- Plugin Slug:
- review-widgets-for-hotels-com
- Installations:
- 20+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Árukeres? Reviews
- Plugin Slug:
- review-widgets-for-arukereso
- Installations:
- 10+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Foursquare Reviews
- Plugin Slug:
- review-widgets-for-foursquare
- Installations:
- 10+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Review Widgets for Szallas.hu
- Plugin Slug:
- review-widgets-for-szallas-hu
- Installations:
- 10+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for SourceForge Reviews
- Plugin Slug:
- widgets-for-sourceforge-reviews
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for AliExpress Reviews
- Plugin Slug:
- widgets-for-aliexpress-reviews
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Widgets for Alibaba Reviews
- Plugin:
- Widgets for Alibaba Reviews
- Plugin Slug:
- widgets-for-alibaba-reviews
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
Theme My Login 2FA
- Plugin:
- Theme My Login 2FA
- Plugin Slug:
- tml-2fa
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2023-6272
PowerPack Pro for Elementor
- Plugin:
- PowerPack Pro for Elementor
- Plugin Slug:
- powerpack-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.24
- Severity Score:
- High
- CVE:
- 2023-49739
JetProductGallery
- Plugin:
- JetProductGallery
- Plugin Slug:
- jet-woo-product-gallery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.13.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetProductGallery
- Plugin:
- JetProductGallery
- Plugin Slug:
- jet-woo-product-gallery
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.13.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetProductGallery
- Plugin:
- JetProductGallery
- Plugin Slug:
- jet-woo-product-gallery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.13.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetWooBuilder
- Plugin:
- JetWooBuilder
- Plugin Slug:
- jet-woo-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.7.3
- Severity Score:
- High
- CVE:
- 2023-48760
JetWooBuilder
- Plugin:
- JetWooBuilder
- Plugin Slug:
- jet-woo-builder
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.7.3
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetWooBuilder
- Plugin:
- JetWooBuilder
- Plugin Slug:
- jet-woo-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.7.3
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetTricks
- Plugin:
- JetTricks
- Plugin Slug:
- jet-tricks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.6.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetTricks
- Plugin:
- JetTricks
- Plugin Slug:
- jet-tricks
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.6.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetTricks
- Plugin:
- JetTricks
- Plugin Slug:
- jet-tricks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.6.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetThemeCore
- Plugin:
- JetThemeCore
- Plugin Slug:
- jet-theme-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.2.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetThemeCore
- Plugin:
- JetThemeCore
- Plugin Slug:
- jet-theme-core
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.2.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetThemeCore
- Plugin:
- JetThemeCore
- Plugin Slug:
- jet-theme-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.2.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.25.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.25.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.25.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetSmartFilters
- Plugin:
- JetSmartFilters
- Plugin Slug:
- jet-smart-filters
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.2.1
- Severity Score:
- High
- CVE:
- 2023-48760
JetSmartFilters
- Plugin:
- JetSmartFilters
- Plugin Slug:
- jet-smart-filters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetSmartFilters
- Plugin:
- JetSmartFilters
- Plugin Slug:
- jet-smart-filters
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetSearch
- Plugin:
- JetSearch
- Plugin Slug:
- jet-search
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetSearch
- Plugin:
- JetSearch
- Plugin Slug:
- jet-search
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetReviews
- Plugin:
- JetReviews
- Plugin Slug:
- jet-reviews
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.2.1
- Severity Score:
- High
- CVE:
- 2023-48760
JetReviews
- Plugin:
- JetReviews
- Plugin Slug:
- jet-reviews
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetReviews
- Plugin:
- JetReviews
- Plugin Slug:
- jet-reviews
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetPopup
- Plugin:
- JetPopup
- Plugin Slug:
- jet-popup
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetPopup
- Plugin:
- JetPopup
- Plugin Slug:
- jet-popup
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.2.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetMenu
- Plugin:
- JetMenu
- Plugin Slug:
- jet-menu
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetMenu
- Plugin:
- JetMenu
- Plugin Slug:
- jet-menu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetMenu
- Plugin:
- JetMenu
- Plugin Slug:
- jet-menu
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.2.5
- Severity Score:
- High
- CVE:
- 2023-48757
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.5
- Severity Score:
- High
- CVE:
- 2023-48758
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.5.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.5.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.6.13.1
- Severity Score:
- High
- CVE:
- 2023-48759
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.13.1
- Severity Score:
- High
- CVE:
- 2023-48760
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.13.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.13.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetCompareWishlist
- Plugin:
- JetCompareWishlist
- Plugin Slug:
- jet-compare-wishlist
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.5.2
- Severity Score:
- High
- CVE:
- 2023-48760
JetCompareWishlist
- Plugin:
- JetCompareWishlist
- Plugin Slug:
- jet-compare-wishlist
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.5.2
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetCompareWishlist
- Plugin:
- JetCompareWishlist
- Plugin Slug:
- jet-compare-wishlist
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.5.2
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetBlog
- Plugin:
- JetBlog
- Plugin Slug:
- jet-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.5.1
- Severity Score:
- High
- CVE:
- 2023-48760
JetBlog
- Plugin:
- JetBlog
- Plugin Slug:
- jet-blog
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.5.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetBlog
- Plugin:
- JetBlog
- Plugin Slug:
- jet-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.5.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
JetBlocks For Elementor
- Plugin:
- JetBlocks For Elementor
- Plugin Slug:
- jet-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8.1
- Severity Score:
- High
- CVE:
- 2023-48756
JetBlocks For Elementor
- Plugin:
- JetBlocks For Elementor
- Plugin Slug:
- jet-blocks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.8.1
- Severity Score:
- High
- CVE:
- 2023-48760
JetBlocks For Elementor
- Plugin:
- JetBlocks For Elementor
- Plugin Slug:
- jet-blocks
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.8.1
- Severity Score:
- Medium
- CVE:
- 2023-48762
JetBlocks For Elementor
- Plugin:
- JetBlocks For Elementor
- Plugin Slug:
- jet-blocks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.8.1
- Severity Score:
- Medium
- CVE:
- 2023-48761
WordPress Themes — 0 Patched / 0 Unpatched
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed