WordPress Security

WordPress Vulnerability Report — December 6, 2023

Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user and have activated version management, any vulnerable plugins with security updates available may have had them applied automatically.

Dan Knauss

Updated:Dec 8, 2023
Published:Dec 5, 2023

Filed Under:WordPress Security

Reading Time:2 min.

Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user and have activated version management, any vulnerable plugins with security updates available may have had them applied automatically.

Additionally, there are 80 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our weekly WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core — Security Update!

WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.

WordPress 6.4.1 was released on November 8, 2023, as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.

WordPress 6.4 was released on November 7, 2023, as the third major release of the year. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.

WordPress Plugins — 124 Patched / 80 Unpatched

Nested Pages

Plugin:
Nested Pages
Plugin Slug:
wp-nested-pages
Installations:
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49195
The vulnerability has not been patched. You should deactivate the plugin.

Aruba HiSpeed Cache

Plugin:
Aruba HiSpeed Cache
Plugin Slug:
aruba-hispeed-cache
Installations:
90,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-44983
The vulnerability has not been patched. You should deactivate the plugin.

Simple Calendar – Google Calendar Plugin

Plugin:
Simple Calendar – Google Calendar Plugin
Plugin Slug:
google-calendar-events
Installations:
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49151
The vulnerability has not been patched. You should deactivate the plugin.

Enhanced Text Widget

Plugin:
Enhanced Text Widget
Plugin Slug:
enhanced-text-widget
Installations:
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49192
The vulnerability has not been patched. You should deactivate the plugin.

Grow Social

Plugin:
Grow Social
Plugin Slug:
social-pug
Installations:
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49193
The vulnerability has not been patched. You should deactivate the plugin.

Site Offline Or Coming Soon Or Maintenance Mode

Plugin:
Site Offline Or Coming Soon Or Maintenance Mode
Plugin Slug:
site-offline
Installations:
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49190
The vulnerability has not been patched. You should deactivate the plugin.

GoDaddy Email Marketing

Plugin:
GoDaddy Email Marketing
Plugin Slug:
godaddy-email-marketing-sign-up-forms
Installations:
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49156
The vulnerability has not been patched. You should deactivate the plugin.

Restricted Site Access

Plugin:
Restricted Site Access
Plugin Slug:
restricted-site-access
Installations:
20,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48753
The vulnerability has not been patched. You should deactivate the plugin.

Elementor Timeline Widget

Plugin:
Elementor Timeline Widget
Plugin Slug:
3r-elementor-timeline-widget
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49755
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Support – WordPress HelpDesk & Support Plugin

Plugin:
Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:
awesome-support
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49757
The vulnerability has not been patched. You should deactivate the plugin.

Forms by CaptainForm – Form Builder for WordPress

Plugin:
Forms by CaptainForm – Form Builder for WordPress
Plugin Slug:
captainform
Installations:
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49170
The vulnerability has not been patched. You should deactivate the plugin.

Coming soon and Maintenance mode

Plugin:
Coming soon and Maintenance mode
Plugin Slug:
coming-soon-page
Installations:
10,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
No Fix
Severity Score:
Low
CVE:
2023-49741
The vulnerability has not been patched. You should deactivate the plugin.

Quantity Plus Minus Button for WooCommerce by CodeAstrology

Plugin:
Quantity Plus Minus Button for WooCommerce by CodeAstrology
Plugin Slug:
wc-quantity-plus-minus-button
Installations:
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48768
The vulnerability has not been patched. You should deactivate the plugin.

MkRapel Regiones y Ciudades de Chile para WC

Plugin:
MkRapel Regiones y Ciudades de Chile para WC
Plugin Slug:
wc-ciudades-y-regiones-de-chile
Installations:
8,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48781
The vulnerability has not been patched. You should deactivate the plugin.

SoundCloud Shortcode

Plugin:
SoundCloud Shortcode
Plugin Slug:
soundcloud-shortcode
Installations:
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-34018
The vulnerability has not been patched. You should deactivate the plugin.

Button Generator – easily Button Builder

Plugin:
Button Generator – easily Button Builder
Plugin Slug:
button-generation
Installations:
6,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49155
The vulnerability has not been patched. You should deactivate the plugin.

Button Generator – easily Button Builder

Plugin:
Button Generator – easily Button Builder
Plugin Slug:
button-generation
Installations:
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49154
The vulnerability has not been patched. You should deactivate the plugin.

Ads by datafeedr.com

Plugin:
Ads by datafeedr.com
Plugin Slug:
ads-by-datafeedrcom
Installations:
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49169
The vulnerability has not been patched. You should deactivate the plugin.

Aparat

Plugin:
Aparat
Plugin Slug:
aparat
Installations:
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48770
The vulnerability has not been patched. You should deactivate the plugin.

Social Share Buttons & Analytics Plugin – GetSocial.io

Plugin:
Social Share Buttons & Analytics Plugin – GetSocial.io
Plugin Slug:
wp-share-buttons-analytics-by-getsocial
Installations:
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49189
The vulnerability has not been patched. You should deactivate the plugin.

Client Dash

Plugin:
Client Dash
Plugin Slug:
client-dash
Installations:
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49165
The vulnerability has not been patched. You should deactivate the plugin.

CommentLuv

Plugin:
CommentLuv
Plugin Slug:
commentluv
Installations:
4,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49159
The vulnerability has not been patched. You should deactivate the plugin.

Campaign Monitor for WordPress

Plugin:
Campaign Monitor for WordPress
Plugin Slug:
forms-for-campaign-monitor
Installations:
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-38474
The vulnerability has not been patched. You should deactivate the plugin.

Product Size Chart For WooCommerce

Plugin:
Product Size Chart For WooCommerce
Plugin Slug:
product-size-chart-for-woo
Installations:
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48778
The vulnerability has not been patched. You should deactivate the plugin.

which template file

Plugin:
which template file
Plugin Slug:
which-template-file
Installations:
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49177
The vulnerability has not been patched. You should deactivate the plugin.

Database for CF7

Plugin:
Database for CF7
Plugin Slug:
database-for-cf7
Installations:
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49167
The vulnerability has not been patched. You should deactivate the plugin.

Formzu WP

Plugin:
Formzu WP
Plugin Slug:
formzu-wp
Installations:
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49160
The vulnerability has not been patched. You should deactivate the plugin.

Add to Cart Text Changer and Customize Button, Add Custom Icon

Plugin:
Add to Cart Text Changer and Customize Button, Add Custom Icon
Plugin Slug:
woo-add-to-cart-text-change
Installations:
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49153
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Login Redirect

Plugin:
WooCommerce Login Redirect
Plugin Slug:
woo-login-redirect
Installations:
3,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48773
The vulnerability has not been patched. You should deactivate the plugin.

Crypto Converter ? Widget

Plugin:
Crypto Converter ? Widget
Plugin Slug:
crypto-converter-widget
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49150
The vulnerability has not been patched. You should deactivate the plugin.

Doofinder WP & WooCommerce Search

Plugin:
Doofinder WP & WooCommerce Search
Plugin Slug:
doofinder-for-woocommerce
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49185
The vulnerability has not been patched. You should deactivate the plugin.

File Gallery

Plugin:
File Gallery
Plugin Slug:
file-gallery
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-48771
The vulnerability has not been patched. You should deactivate the plugin.

Product Enquiry for WooCommerce

Plugin:
Product Enquiry for WooCommerce
Plugin Slug:
gm-woocommerce-quote-popup
Installations:
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49761
The vulnerability has not been patched. You should deactivate the plugin.

Multiple Post Passwords

Plugin:
Multiple Post Passwords
Plugin Slug:
multiple-post-passwords
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49157
The vulnerability has not been patched. You should deactivate the plugin.

Sign In Scheduling Online Appointment Booking System

Plugin:
Sign In Scheduling Online Appointment Booking System
Plugin Slug:
10to8-online-booking
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49173
The vulnerability has not been patched. You should deactivate the plugin.

360 Javascript Viewer

Plugin:
360 Javascript Viewer
Plugin Slug:
360deg-javascript-viewer
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48779
The vulnerability has not been patched. You should deactivate the plugin.

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Plugin:
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:
adfoxly
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-46617
The vulnerability has not been patched. You should deactivate the plugin.

Automatic Youtube Video Posts Plugin

Plugin:
Automatic Youtube Video Posts Plugin
Plugin Slug:
automatic-youtube-video-posts
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49180
The vulnerability has not been patched. You should deactivate the plugin.

Block for Font Awesome

Plugin:
Block for Font Awesome
Plugin Slug:
block-for-font-awesome
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49751
The vulnerability has not been patched. You should deactivate the plugin.

Bulk Edit Post Titles

Plugin:
Bulk Edit Post Titles
Plugin Slug:
bulk-edit-post-titles
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49754
The vulnerability has not been patched. You should deactivate the plugin.

canvasio3D Light

Plugin:
canvasio3D Light
Plugin Slug:
canvasio3d-light
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48776
The vulnerability has not been patched. You should deactivate the plugin.

Credit Tracker

Plugin:
Credit Tracker
Plugin Slug:
credit-tracker
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49152
The vulnerability has not been patched. You should deactivate the plugin.

Currency Converter Calculator

Plugin:
Currency Converter Calculator
Plugin Slug:
currency-converter-calculator
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49149
The vulnerability has not been patched. You should deactivate the plugin.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49179
The vulnerability has not been patched. You should deactivate the plugin.

KP Fastest Tawk.to Chat

Plugin:
KP Fastest Tawk.to Chat
Plugin Slug:
kp-fastest-tawk-to-chat
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49175
The vulnerability has not been patched. You should deactivate the plugin.

List all posts by Authors, nested Categories and Titles

Plugin:
List all posts by Authors, nested Categories and Titles
Plugin Slug:
list-all-posts-by-authors-nested-categories-and-titles
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49182
The vulnerability has not been patched. You should deactivate the plugin.

Parallax Slider Block

Plugin:
Parallax Slider Block
Plugin Slug:
parallax-slider-block
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49184
The vulnerability has not been patched. You should deactivate the plugin.

Prevent Landscape Rotation

Plugin:
Prevent Landscape Rotation
Plugin Slug:
prevent-landscape-rotation
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48772
The vulnerability has not been patched. You should deactivate the plugin.

SVGator – Add Animated SVG Easily

Plugin:
SVGator – Add Animated SVG Easily
Plugin Slug:
svgator
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48766
The vulnerability has not been patched. You should deactivate the plugin.

WP Catalogue

Plugin:
WP Catalogue
Plugin Slug:
wp-catalogue
Installations:
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48780
The vulnerability has not been patched. You should deactivate the plugin.

WP CleanFix

Plugin:
WP CleanFix
Plugin Slug:
wp-cleanfix
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48775
The vulnerability has not been patched. You should deactivate the plugin.

WPsoonOnlinePage

Plugin:
WPsoonOnlinePage
Plugin Slug:
wp-soononline-page
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49760
The vulnerability has not been patched. You should deactivate the plugin.

BigCommerce For WordPress

Plugin:
BigCommerce For WordPress
Plugin Slug:
bigcommerce
Installations:
900+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49162
The vulnerability has not been patched. You should deactivate the plugin.

HDW Player Plugin (Video Player & Video Gallery)

Plugin:
HDW Player Plugin (Video Player & Video Gallery)
Plugin Slug:
hdw-player-video-player-video-gallery
Installations:
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49178
The vulnerability has not been patched. You should deactivate the plugin.

Track Geolocation Of Users Using Contact Form 7

Plugin:
Track Geolocation Of Users Using Contact Form 7
Plugin Slug:
track-geolocation-of-users-using-contact-form-7
Installations:
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49188
The vulnerability has not been patched. You should deactivate the plugin.

Bravo Translate

Plugin:
Bravo Translate
Plugin Slug:
bravo-translate
Installations:
500+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49161
The vulnerability has not been patched. You should deactivate the plugin.

GDPR Cookie Consent by Supsystic

Plugin:
GDPR Cookie Consent by Supsystic
Plugin Slug:
gdpr-compliance-by-supsystic
Installations:
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49191
The vulnerability has not been patched. You should deactivate the plugin.

Simple Long Form

Plugin:
Simple Long Form
Plugin Slug:
simple-long-form
Installations:
90+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-41136
The vulnerability has not been patched. You should deactivate the plugin.

WP Pocket URLs

Plugin:
WP Pocket URLs
Plugin Slug:
wp-pocket-urls
Installations:
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49176
The vulnerability has not been patched. You should deactivate the plugin.

BrainCert – HTML5 Virtual Classroom

Plugin:
BrainCert – HTML5 Virtual Classroom
Plugin Slug:
html5-virtual-classroom
Installations:
70+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49172
The vulnerability has not been patched. You should deactivate the plugin.

MSync

Plugin:
MSync
Plugin Slug:
msync
Installations:
10+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49166
The vulnerability has not been patched. You should deactivate the plugin.

MyTube PlayList

Plugin:
MyTube PlayList
Plugin Slug:
mytube
Installations:
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-48767
The vulnerability has not been patched. You should deactivate the plugin.

WooDiscuz – WooCommerce Comments

Plugin:
WooDiscuz – WooCommerce Comments
Plugin Slug:
woodiscuz-woocommerce-comments
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49759
The vulnerability has not been patched. You should deactivate the plugin.

Powr Pack

Plugin:
Powr Pack
Plugin Slug:
powr-pack
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-45609
The vulnerability has not been patched. You should deactivate the plugin.

Machic Core

Plugin:
Machic Core
Plugin Slug:
machic-core
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2023-49186
The vulnerability has not been patched. You should deactivate the plugin.

Delete Post Revisions In WordPress

Plugin:
Delete Post Revisions In WordPress
Plugin Slug:
delete-post-revisions-on-single-click
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-48754
The vulnerability has not been patched. You should deactivate the plugin.

CSprite

Plugin:
CSprite
Plugin Slug:
csprite
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-49763
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7

Plugin:
Contact Form 7
Plugin Slug:
contact-form-7
Installations:
5,000,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
5.8.4
Severity Score:
Medium
CVE:
2023-6449
The vulnerability has been patched, so you should update to version 5.8.4.

Antispam Bee

Plugin:
Antispam Bee
Plugin Slug:
antispam-bee
Installations:
700,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
2.11.4
Severity Score:
Medium
CVE:
2023-41134
The vulnerability has been patched, so you should update to version 2.11.4.

Ocean Extra

Plugin:
Ocean Extra
Plugin Slug:
ocean-extra
Installations:
700,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.3
Severity Score:
Medium
CVE:
2023-49164
The vulnerability has been patched, so you should update to version 2.2.3.

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin:
WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:
shortcodes-ultimate
Installations:
600,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
7.0.0
Severity Score:
Medium
CVE:
2023-6226
The vulnerability has been patched, so you should update to version 7.0.0.

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin:
WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:
shortcodes-ultimate
Installations:
600,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.0.0
Severity Score:
Medium
CVE:
2023-6225
The vulnerability has been patched, so you should update to version 7.0.0.

SiteOrigin Widgets Bundle

Plugin:
SiteOrigin Widgets Bundle
Plugin Slug:
so-widgets-bundle
Installations:
600,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.51.0
Severity Score:
High
CVE:
2023-6295
The vulnerability has been patched, so you should update to version 1.51.0.

MW WP Form

Plugin:
MW WP Form
Plugin Slug:
mw-wp-form
Installations:
200,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
5.0.2
Severity Score:
Critical
CVE:
2023-6316
The vulnerability has been patched, so you should update to version 5.0.2.

Responsive Lightbox & Gallery

Plugin:
Responsive Lightbox & Gallery
Plugin Slug:
responsive-lightbox
Installations:
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.6
Severity Score:
Medium
CVE:
2023-49174
The vulnerability has been patched, so you should update to version 2.4.6.

Advanced Database Cleaner

Plugin:
Advanced Database Cleaner
Plugin Slug:
advanced-database-cleaner
Installations:
100,000+
Vulnerability:
SQL Injection
Patched in Version:
3.1.3
Severity Score:
High
CVE:
2023-49764
The vulnerability has been patched, so you should update to version 3.1.3.

Email Address Encoder

Plugin:
Email Address Encoder
Plugin Slug:
email-address-encoder
Installations:
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.23
Severity Score:
Medium
CVE:
2023-48765
The vulnerability has been patched, so you should update to version 1.0.23.

SpeedyCache – Cache, Optimization, Performance

Plugin:
SpeedyCache – Cache, Optimization, Performance
Plugin Slug:
speedycache
Installations:
100,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.1.3
Severity Score:
Medium
CVE:
2023-49746
The vulnerability has been patched, so you should update to version 1.1.3.

HUSKY – Products Filter for WooCommerce Professional

Plugin:
HUSKY – Products Filter for WooCommerce Professional
Plugin Slug:
woocommerce-products-filter
Installations:
100,000+
Vulnerability:
SQL Injection
Patched in Version:
1.3.4.3
Severity Score:
Critical
CVE:
2023-40010
The vulnerability has been patched, so you should update to version 1.3.4.3.

Backup Migration

Plugin:
Backup Migration
Plugin Slug:
backup-backup
Installations:
90,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.3.7
Severity Score:
High
CVE:
2023-6266
The vulnerability has been patched, so you should update to version 1.3.7.

NextScripts: Social Networks Auto-Poster

Plugin:
NextScripts: Social Networks Auto-Poster
Plugin Slug:
social-networks-auto-poster-facebook-twitter-g
Installations:
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.4.3
Severity Score:
High
CVE:
2023-49183
The vulnerability has been patched, so you should update to version 4.4.3.

Razorpay for WooCommerce

Plugin:
Razorpay for WooCommerce
Plugin Slug:
woo-razorpay
Installations:
60,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.5.7
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 4.5.7.

Razorpay for WooCommerce

Plugin:
Razorpay for WooCommerce
Plugin Slug:
woo-razorpay
Installations:
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.5.7
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 4.5.7.

CF7 Google Sheets Connector

Plugin:
CF7 Google Sheets Connector
Plugin Slug:
cf7-google-sheets-connector
Installations:
40,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.0.6
Severity Score:
High
CVE:
2023-44989
The vulnerability has been patched, so you should update to version 5.0.6.

JetFormBuilder — Dynamic Blocks Form Builder

Plugin:
JetFormBuilder — Dynamic Blocks Form Builder
Plugin Slug:
jetformbuilder
Installations:
40,000+
Vulnerability:
Content Injection
Patched in Version:
3.1.5
Severity Score:
Medium
CVE:
2023-48763
The vulnerability has been patched, so you should update to version 3.1.5.

Media File Renamer: Rename Files (Manual, Auto & AI)

Plugin:
Media File Renamer: Rename Files (Manual, Auto & AI)
Plugin Slug:
media-file-renamer
Installations:
40,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.7.0
Severity Score:
Medium
CVE:
2023-44991
The vulnerability has been patched, so you should update to version 5.7.0.

Ultimate Addons for Contact Form 7

Plugin:
Ultimate Addons for Contact Form 7
Plugin Slug:
ultimate-addons-for-contact-form-7
Installations:
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.1
Severity Score:
High
CVE:
2023-49766
The vulnerability has been patched, so you should update to version 3.2.1.

Abandoned Cart Lite for WooCommerce

Plugin:
Abandoned Cart Lite for WooCommerce
Plugin Slug:
woocommerce-abandoned-cart
Installations:
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.16.2
Severity Score:
Medium
CVE:
2023-41671
The vulnerability has been patched, so you should update to version 5.16.2.

Rate my Post – WP Rating System

Plugin:
Rate my Post – WP Rating System
Plugin Slug:
rate-my-post
Installations:
20,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
3.4.2
Severity Score:
Medium
CVE:
2023-49765
The vulnerability has been patched, so you should update to version 3.4.2.

Seraphinite Accelerator

Plugin:
Seraphinite Accelerator
Plugin Slug:
seraphinite-accelerator
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.20.29
Severity Score:
High
CVE:
2023-49740
The vulnerability has been patched, so you should update to version 2.20.29.

Video PopUp

Plugin:
Video PopUp
Plugin Slug:
video-popup
Installations:
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.4
Severity Score:
Medium
CVE:
2023-4962
The vulnerability has been patched, so you should update to version 1.1.4.

YASR – Yet Another Star Rating Plugin for WordPress

Plugin:
YASR – Yet Another Star Rating Plugin for WordPress
Plugin Slug:
yet-another-stars-rating
Installations:
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.4.4
Severity Score:
Medium
CVE:
2023-39305
The vulnerability has been patched, so you should update to version 3.4.4.

Participants Database

Plugin:
Participants Database
Plugin Slug:
participants-database
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.5.6
Severity Score:
Medium
CVE:
2023-48751
The vulnerability has been patched, so you should update to version 2.5.6.

Qode Essential Addons

Plugin:
Qode Essential Addons
Plugin Slug:
qode-essential-addons
Installations:
10,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
1.5.3
Severity Score:
Critical
CVE:
2023-47840
The vulnerability has been patched, so you should update to version 1.5.3.

WP Tripadvisor Review Widgets

Plugin:
WP Tripadvisor Review Widgets
Plugin Slug:
review-widgets-for-tripadvisor
Installations:
10,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Swift Performance Lite

Plugin:
Swift Performance Lite
Plugin Slug:
swift-performance-lite
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.3.6.15
Severity Score:
Medium
CVE:
2023-6289
The vulnerability has been patched, so you should update to version 2.3.6.15.

WP Booking System – Booking Calendar

Plugin:
WP Booking System – Booking Calendar
Plugin Slug:
wp-booking-system
Installations:
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.19.3
Severity Score:
Medium
CVE:
2023-49758
The vulnerability has been patched, so you should update to version 2.0.19.3.

Chatbot for WordPress ??

Plugin:
Chatbot for WordPress ??
Plugin Slug:
collectchat
Installations:
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.0
Severity Score:
Medium
CVE:
2023-5691
The vulnerability has been patched, so you should update to version 2.4.0.

Widgets for Reviews & Recommendations

Plugin:
Widgets for Reviews & Recommendations
Plugin Slug:
free-facebook-reviews-and-recommendations-widgets
Installations:
7,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Guest Author

Plugin:
Guest Author
Plugin Slug:
guest-author
Installations:
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4
Severity Score:
Medium
CVE:
2023-49747
The vulnerability has been patched, so you should update to version 2.4.

Export WP Page to Static HTML/CSS

Plugin:
Export WP Page to Static HTML/CSS
Plugin Slug:
export-wp-page-to-static-html
Installations:
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2023-6369
The vulnerability has been patched, so you should update to version 2.2.0.

Void Elementor Post Grid Addon for Elementor Page builder

Plugin:
Void Elementor Post Grid Addon for Elementor Page builder
Plugin Slug:
void-elementor-post-grid-addon-for-elementor-page-builder
Installations:
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2
Severity Score:
Medium
CVE:
2023-48750
The vulnerability has been patched, so you should update to version 2.2.

Dashboard Widgets Suite

Plugin:
Dashboard Widgets Suite
Plugin Slug:
dashboard-widgets-suite
Installations:
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.2
Severity Score:
Medium
CVE:
2023-49743
The vulnerability has been patched, so you should update to version 3.4.2.

Gift Up Gift Cards for WordPress and WooCommerce

Plugin:
Gift Up Gift Cards for WordPress and WooCommerce
Plugin Slug:
gift-up
Installations:
5,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.22
Severity Score:
Medium
CVE:
2023-49744
The vulnerability has been patched, so you should update to version 2.22.

Widgets for Booking.com Reviews

Plugin:
Widgets for Booking.com Reviews
Plugin Slug:
review-widgets-for-booking-com
Installations:
5,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Airbnb Reviews

Plugin:
Widgets for Airbnb Reviews
Plugin Slug:
review-widgets-for-airbnb
Installations:
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Spiffy Calendar

Plugin:
Spiffy Calendar
Plugin Slug:
spiffy-calendar
Installations:
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.6
Severity Score:
Medium
CVE:
2023-49745
The vulnerability has been patched, so you should update to version 4.9.6.

UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping

Plugin:
UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping
Plugin Slug:
wc-multishipping
Installations:
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.3.8
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 2.3.8.

affiliate-toolkit – WordPress Affiliate Plugin

Plugin:
affiliate-toolkit – WordPress Affiliate Plugin
Plugin Slug:
affiliate-toolkit-starter
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.4
Severity Score:
High
CVE:
2023-46086
The vulnerability has been patched, so you should update to version 3.4.4.

BSK Forms Blacklist

Plugin:
BSK Forms Blacklist
Plugin Slug:
bsk-gravityforms-blacklist
Installations:
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7
Severity Score:
Medium
CVE:
2023-5980
The vulnerability has been patched, so you should update to version 3.7.

Customer Reviews Collector for WooCommerce

Plugin:
Customer Reviews Collector for WooCommerce
Plugin Slug:
customer-reviews-collector-for-woocommerce
Installations:
2,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
4.0
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 4.0.

DoFollow Case by Case

Plugin:
DoFollow Case by Case
Plugin Slug:
dofollow-case-by-case
Installations:
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.5.0
Severity Score:
Medium
CVE:
2023-49197
The vulnerability has been patched, so you should update to version 3.5.0.

teachPress

Plugin:
teachPress
Plugin Slug:
teachpress
Installations:
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
9.0.6
Severity Score:
Medium
CVE:
2023-49163
The vulnerability has been patched, so you should update to version 9.0.6.

teachPress

Plugin:
teachPress
Plugin Slug:
teachpress
Installations:
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
9.0.5
Severity Score:
Medium
CVE:
2023-48755
The vulnerability has been patched, so you should update to version 9.0.5.

Debug Log Manager

Plugin:
Debug Log Manager
Plugin Slug:
debug-log-manager
Installations:
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.2
Severity Score:
Medium
CVE:
2023-5772
The vulnerability has been patched, so you should update to version 2.2.2.

IdeaPush

Plugin:
IdeaPush
Plugin Slug:
ideapush
Installations:
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
8.58
Severity Score:
Medium
CVE:
2023-48774
The vulnerability has been patched, so you should update to version 8.58.

Widgets for Amazon Reviews

Plugin:
Widgets for Amazon Reviews
Plugin Slug:
review-widgets-for-amazon
Installations:
1,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

12 Step Meeting List

Plugin:
12 Step Meeting List
Plugin Slug:
12-step-meeting-list
Installations:
900+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
3.14.25
Severity Score:
Medium
CVE:
2023-46641
The vulnerability has been patched, so you should update to version 3.14.25.

Widgets for Yelp Reviews

Plugin:
Widgets for Yelp Reviews
Plugin Slug:
reviews-widgets-for-yelp
Installations:
800+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Best Chart Plugin – Chartify

Plugin:
Best Chart Plugin – Chartify
Plugin Slug:
chart-builder
Installations:
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9.7
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 1.9.7.

Widgets for Thumbtack Reviews

Plugin:
Widgets for Thumbtack Reviews
Plugin Slug:
widgets-for-thumbtack-reviews
Installations:
300+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Ebay Reviews

Plugin:
Widgets for Ebay Reviews
Plugin Slug:
widgets-for-ebay-reviews
Installations:
200+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Capterra Reviews

Plugin:
Widgets for Capterra Reviews
Plugin Slug:
review-widgets-for-capterra
Installations:
100+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Zillow Reviews

Plugin:
Widgets for Zillow Reviews
Plugin Slug:
widgets-for-zillow-reviews
Installations:
100+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for WordPress Reviews

Plugin:
Widgets for WordPress Reviews
Plugin Slug:
reviews-widgets
Installations:
50+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Expedia Reviews

Plugin:
Widgets for Expedia Reviews
Plugin Slug:
widgets-for-expedia-reviews
Installations:
40+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Opentable Reviews

Plugin:
Widgets for Opentable Reviews
Plugin Slug:
review-widgets-for-opentable
Installations:
30+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Hotels.com Reviews

Plugin:
Widgets for Hotels.com Reviews
Plugin Slug:
review-widgets-for-hotels-com
Installations:
20+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Árukeres? Reviews

Plugin:
Widgets for Árukeres? Reviews
Plugin Slug:
review-widgets-for-arukereso
Installations:
10+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Foursquare Reviews

Plugin:
Widgets for Foursquare Reviews
Plugin Slug:
review-widgets-for-foursquare
Installations:
10+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Review Widgets for Szallas.hu

Plugin:
Review Widgets for Szallas.hu
Plugin Slug:
review-widgets-for-szallas-hu
Installations:
10+
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for SourceForge Reviews

Plugin:
Widgets for SourceForge Reviews
Plugin Slug:
widgets-for-sourceforge-reviews
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for AliExpress Reviews

Plugin:
Widgets for AliExpress Reviews
Plugin Slug:
widgets-for-aliexpress-reviews
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Alibaba Reviews

Plugin:
Widgets for Alibaba Reviews
Plugin Slug:
widgets-for-alibaba-reviews
Vulnerability:
Arbitrary File Upload
Patched in Version:
11.1
Severity Score:
High
CVE:
2023-48275
The vulnerability has been patched, so you should update to version 11.1.

Theme My Login 2FA

Plugin:
Theme My Login 2FA
Plugin Slug:
tml-2fa
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.2
Severity Score:
Medium
CVE:
2023-6272
The vulnerability has been patched, so you should update to version 1.2.

PowerPack Pro for Elementor

Plugin:
PowerPack Pro for Elementor
Plugin Slug:
powerpack-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.9.24
Severity Score:
High
CVE:
2023-49739
The vulnerability has been patched, so you should update to version 2.9.24.

JetProductGallery

Plugin:
JetProductGallery
Plugin Slug:
jet-woo-product-gallery
Vulnerability:
Broken Access Control
Patched in Version:
2.1.13.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetProductGallery

Plugin:
JetProductGallery
Plugin Slug:
jet-woo-product-gallery
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.13.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetProductGallery

Plugin:
JetProductGallery
Plugin Slug:
jet-woo-product-gallery
Vulnerability:
Broken Access Control
Patched in Version:
2.1.13.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetWooBuilder

Plugin:
JetWooBuilder
Plugin Slug:
jet-woo-builder
Vulnerability:
Broken Access Control
Patched in Version:
2.1.7.3
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetWooBuilder

Plugin:
JetWooBuilder
Plugin Slug:
jet-woo-builder
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.7.3
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetWooBuilder

Plugin:
JetWooBuilder
Plugin Slug:
jet-woo-builder
Vulnerability:
Broken Access Control
Patched in Version:
2.1.7.3
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetTricks

Plugin:
JetTricks
Plugin Slug:
jet-tricks
Vulnerability:
Broken Access Control
Patched in Version:
1.4.6.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetTricks

Plugin:
JetTricks
Plugin Slug:
jet-tricks
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.4.6.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetTricks

Plugin:
JetTricks
Plugin Slug:
jet-tricks
Vulnerability:
Broken Access Control
Patched in Version:
1.4.6.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetThemeCore

Plugin:
JetThemeCore
Plugin Slug:
jet-theme-core
Vulnerability:
Broken Access Control
Patched in Version:
2.1.2.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetThemeCore

Plugin:
JetThemeCore
Plugin Slug:
jet-theme-core
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.2.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetThemeCore

Plugin:
JetThemeCore
Plugin Slug:
jet-theme-core
Vulnerability:
Broken Access Control
Patched in Version:
2.1.2.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetTabs

Plugin:
JetTabs
Plugin Slug:
jet-tabs
Vulnerability:
Broken Access Control
Patched in Version:
2.1.25.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetTabs

Plugin:
JetTabs
Plugin Slug:
jet-tabs
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.25.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetTabs

Plugin:
JetTabs
Plugin Slug:
jet-tabs
Vulnerability:
Broken Access Control
Patched in Version:
2.1.25.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetSmartFilters

Plugin:
JetSmartFilters
Plugin Slug:
jet-smart-filters
Vulnerability:
Broken Access Control
Patched in Version:
3.2.2.1
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSmartFilters

Plugin:
JetSmartFilters
Plugin Slug:
jet-smart-filters
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.2.2.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSmartFilters

Plugin:
JetSmartFilters
Plugin Slug:
jet-smart-filters
Vulnerability:
Broken Access Control
Patched in Version:
3.2.2.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSearch

Plugin:
JetSearch
Plugin Slug:
jet-search
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.1.2.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 3.1.2.1.

JetSearch

Plugin:
JetSearch
Plugin Slug:
jet-search
Vulnerability:
Broken Access Control
Patched in Version:
3.1.2.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 3.1.2.1.

JetReviews

Plugin:
JetReviews
Plugin Slug:
jet-reviews
Vulnerability:
Broken Access Control
Patched in Version:
2.3.2.1
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetReviews

Plugin:
JetReviews
Plugin Slug:
jet-reviews
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.3.2.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetReviews

Plugin:
JetReviews
Plugin Slug:
jet-reviews
Vulnerability:
Broken Access Control
Patched in Version:
2.3.2.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetPopup

Plugin:
JetPopup
Plugin Slug:
jet-popup
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.0.2.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.0.2.1.

JetPopup

Plugin:
JetPopup
Plugin Slug:
jet-popup
Vulnerability:
Broken Access Control
Patched in Version:
2.0.2.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.0.2.1.

JetMenu

Plugin:
JetMenu
Plugin Slug:
jet-menu
Vulnerability:
Broken Access Control
Patched in Version:
2.4.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.4.2.

JetMenu

Plugin:
JetMenu
Plugin Slug:
jet-menu
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.4.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.4.2.

JetMenu

Plugin:
JetMenu
Plugin Slug:
jet-menu
Vulnerability:
Broken Access Control
Patched in Version:
2.4.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.4.2.

JetEngine

Plugin:
JetEngine
Plugin Slug:
jet-engine
Vulnerability:
Privilege Escalation
Patched in Version:
3.2.5
Severity Score:
High
CVE:
2023-48757
The vulnerability has been patched, so you should update to version 3.2.5.

JetEngine

Plugin:
JetEngine
Plugin Slug:
jet-engine
Vulnerability:
Broken Access Control
Patched in Version:
3.2.5
Severity Score:
High
CVE:
2023-48758
The vulnerability has been patched, so you should update to version 3.2.5.

JetEngine

Plugin:
JetEngine
Plugin Slug:
jet-engine
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.2.5.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 3.2.5.2.

JetEngine

Plugin:
JetEngine
Plugin Slug:
jet-engine
Vulnerability:
Broken Access Control
Patched in Version:
3.2.5.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 3.2.5.2.

JetElements For Elementor

Plugin:
JetElements For Elementor
Plugin Slug:
jet-elements
Vulnerability:
Arbitrary File Download
Patched in Version:
2.6.13.1
Severity Score:
High
CVE:
2023-48759
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:
JetElements For Elementor
Plugin Slug:
jet-elements
Vulnerability:
Broken Access Control
Patched in Version:
2.6.13.1
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:
JetElements For Elementor
Plugin Slug:
jet-elements
Vulnerability:
Broken Access Control
Patched in Version:
2.6.13.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:
JetElements For Elementor
Plugin Slug:
jet-elements
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.6.13.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetCompareWishlist

Plugin:
JetCompareWishlist
Plugin Slug:
jet-compare-wishlist
Vulnerability:
Broken Access Control
Patched in Version:
1.5.5.2
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 1.5.5.2.

JetCompareWishlist

Plugin:
JetCompareWishlist
Plugin Slug:
jet-compare-wishlist
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.5.2
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 1.5.5.2.

JetCompareWishlist

Plugin:
JetCompareWishlist
Plugin Slug:
jet-compare-wishlist
Vulnerability:
Broken Access Control
Patched in Version:
1.5.5.2
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 1.5.5.2.

JetBlog

Plugin:
JetBlog
Plugin Slug:
jet-blog
Vulnerability:
Broken Access Control
Patched in Version:
2.3.5.1
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlog

Plugin:
JetBlog
Plugin Slug:
jet-blog
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.3.5.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlog

Plugin:
JetBlog
Plugin Slug:
jet-blog
Vulnerability:
Broken Access Control
Patched in Version:
2.3.5.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlocks For Elementor

Plugin:
JetBlocks For Elementor
Plugin Slug:
jet-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8.1
Severity Score:
High
CVE:
2023-48756
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:
JetBlocks For Elementor
Plugin Slug:
jet-blocks
Vulnerability:
Broken Access Control
Patched in Version:
1.3.8.1
Severity Score:
High
CVE:
2023-48760
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:
JetBlocks For Elementor
Plugin Slug:
jet-blocks
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.8.1
Severity Score:
Medium
CVE:
2023-48762
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:
JetBlocks For Elementor
Plugin Slug:
jet-blocks
Vulnerability:
Broken Access Control
Patched in Version:
1.3.8.1
Severity Score:
Medium
CVE:
2023-48761
The vulnerability has been patched, so you should update to version 1.3.8.1.

WordPress Themes — 0 Patched / 0 Unpatched

No new theme vulnerabilities were disclosed this week.

Author:

Dan Knauss

Dan Knauss has worked for and written about agencies and product companies in the WordPress space since 2015. He’s been involved in WordPress and open source web development since their beginning.

Browse all of Dan's articles

Did you like this article? Spread the word:

Author:

Dan Knauss

Dan Knauss has worked for and written about agencies and product companies in the WordPress space since 2015. He’s been involved in WordPress and open source web development since their beginning.

Browse all of Dan's articles