WordPress Vulnerability Report — January 10, 2024
In this report, 106 new vulnerabilities have been publicly disclosed. Security patches for 61 of these plugins and one theme are available now, so run those updates as soon as possible. If you're a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
In this report, 106 new vulnerabilities have been publicly disclosed. Security patches for 61 of these plugins and one theme are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 44 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.
WordPress Plugins — 61 Patched / 44 Unpatched
Nginx Helper
- Plugin:
- Nginx Helper
- Plugin Slug:
- nginx-helper
- Installations:
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-44992
Contact Form 7 Extension For Mailchimp
- Plugin Slug:
- contact-form-7-mailchimp-extension
- Installations:
- 90,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22134
WooCommerce Conversion Tracking
- Plugin Slug:
- woocommerce-conversion-tracking
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52217
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building
- Plugin:
- Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building
- Plugin Slug:
- icegram
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21748
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations:
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22138
MailerLite – WooCommerce integration
- Plugin Slug:
- woo-mailerlite
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52227
MailerLite – WooCommerce integration
- Plugin Slug:
- woo-mailerlite
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52223
WP Ultimate Review
- Plugin:
- WP Ultimate Review
- Plugin Slug:
- wp-ultimate-review
- Installations:
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21746
Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
- Plugin Slug:
- droit-elementor-addons
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22136
RabbitLoader
- Plugin:
- RabbitLoader
- Plugin Slug:
- rabbit-loader
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21751
Revolut Gateway for WooCommerce
- Plugin Slug:
- revolut-gateway-for-woocommerce
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52224
Word Replacer Pro
- Plugin:
- Word Replacer Pro
- Plugin Slug:
- word-replacer-ultra
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52229
Beds24 Online Booking
- Plugin:
- Beds24 Online Booking
- Plugin Slug:
- beds24-online-booking
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52228
JS & CSS Script Optimizer
- Plugin:
- JS & CSS Script Optimizer
- Plugin Slug:
- js-css-script-optimizer
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52216
Advanced Flamingo
- Plugin:
- Advanced Flamingo
- Plugin Slug:
- advanced-flamingo
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52226
Laybuy Payment Extension for WooCommerce
- Plugin Slug:
- laybuy-gateway-for-woocommerce
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21745
Mapster WP Maps
- Plugin:
- Mapster WP Maps
- Plugin Slug:
- mapster-wp-maps
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21744
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
- Plugin Slug:
- taggbox-widget
- Installations:
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52225
HTML5 MP3 Player with Playlist Free
- Plugin Slug:
- html5-mp3-player-with-playlist
- Installations:
- 600+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52207
HTML5 SoundCloud Player with Playlist Free
- Plugin Slug:
- html5-soundcloud-player-with-playlist
- Installations:
- 300+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52205
Woocommerce Tranzila Payment Gateway
- Plugin Slug:
- woo-tranzila-gateway
- Installations:
- 300+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52218
Gecka Terms Thumbnails
- Plugin:
- Gecka Terms Thumbnails
- Plugin Slug:
- gecka-terms-thumbnails
- Installations:
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52219
HTML5 MP3 Player with Folder Feedburner Playlist Free
- Plugin Slug:
- html5-mp3-player-with-mp3-folder-feedburner-playlist
- Installations:
- 90+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-52202
Ads Invalid Click Protection
- Plugin:
- Ads Invalid Click Protection
- Plugin Slug:
- ads-invalid-click-protection
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52197
CformsII
- Plugin:
- CformsII
- Plugin Slug:
- cforms2
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52203
Coupon Referral Program
- Plugin:
- Coupon Referral Program
- Plugin Slug:
- coupon-referral-program
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-52190
CPT Bootstrap Carousel
- Plugin:
- CPT Bootstrap Carousel
- Plugin Slug:
- cpt-bootstrap-carousel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-52196
Easy SVG Allow
- Plugin:
- Easy SVG Allow
- Plugin Slug:
- easy-svg-image-allow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7089
1 click disable all
- Plugin:
- 1 click disable all
- Plugin Slug:
- first-graders-toolbox
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-21749
Footer Putter
- Plugin:
- Footer Putter
- Plugin Slug:
- footer-putter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52188
Ideal Interactive Map
- Plugin:
- Ideal Interactive Map
- Plugin Slug:
- ideal-interactive-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52189
Infogram
- Plugin:
- Infogram
- Plugin Slug:
- infogram
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52191
Keap Official Opt-in Forms
- Plugin:
- Keap Official Opt-in Forms
- Plugin Slug:
- infusionsoft-official-opt-in-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52192
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-52206
oEmbed Gist
- Plugin:
- oEmbed Gist
- Plugin Slug:
- oembed-gist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52194
Posts to Page
- Plugin:
- Posts to Page
- Plugin Slug:
- posts-to-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52195
Private Google Calendars
- Plugin:
- Private Google Calendars
- Plugin Slug:
- private-google-calendars
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-52198
pTypeConverter
- Plugin:
- pTypeConverter
- Plugin Slug:
- ptypeconverter
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-52201
Randomize
- Plugin:
- Randomize
- Plugin Slug:
- randomize
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-52204
Site Notes
- Plugin:
- Site Notes
- Plugin Slug:
- site-notes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6633
TJ Shortcodes
- Plugin:
- TJ Shortcodes
- Plugin Slug:
- theme-junkie-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6530
WordPress Users
- Plugin:
- WordPress Users
- Plugin Slug:
- wordpress-users
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6390
WP Plugin Lister
- Plugin:
- WP Plugin Lister
- Plugin Slug:
- wp-plugin-lister
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6503
WP Social Bookmark Menu
- Plugin:
- WP Social Bookmark Menu
- Plugin Slug:
- wp-social-bookmark-menu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7074
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations:
- 5,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.3.0
- Severity Score:
- Medium
- CVE:
- 2023-52222
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)
- Plugin Slug:
- google-analytics-for-wordpress
- Installations:
- 3,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.22.0
- Severity Score:
- Medium
- CVE:
- 2023-52220
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations:
- 1,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.4
- Severity Score:
- Medium
- CVE:
- 2023-6582
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations:
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.3
- Severity Score:
- Medium
- CVE:
- 2023-7044
Hostinger
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
- Plugin Slug:
- wp-maintenance-mode
- Installations:
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2023-7019
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations:
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.0
- Severity Score:
- Medium
- CVE:
- 2023-6632
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.
- Plugin Slug:
- host-webfonts-local
- Installations:
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.10
- Severity Score:
- High
- CVE:
- 2023-6600
Metform Elementor Contact Form Builder
- Plugin Slug:
- metform
- Installations:
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.2
- Severity Score:
- Medium
- CVE:
- 2023-6788
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
- Plugin Slug:
- post-smtp
- Installations:
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.7
- Severity Score:
- High
- CVE:
- 2023-52233
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
- Plugin Slug:
- post-smtp
- Installations:
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.8
- Severity Score:
- High
- CVE:
- 2023-7027
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
- Plugin Slug:
- post-smtp
- Installations:
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.7
- Severity Score:
- High
- CVE:
- 2023-6629
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.27
- Severity Score:
- Medium
- CVE:
- 2023-6781
Download Monitor
- Plugin:
- Download Monitor
- Plugin Slug:
- download-monitor
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.9.5
- Severity Score:
- High
Gallery Plugin for WordPress – Envira Photo Gallery
- Plugin Slug:
- envira-gallery-lite
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.7.3
- Severity Score:
- Medium
- CVE:
- 2023-6742
Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu)
- Plugin Slug:
- mystickymenu
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.7
- Severity Score:
- Low
- CVE:
- 2023-7048
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.14
- Severity Score:
- Medium
- CVE:
- 2023-6984
WP Job Manager
- Plugin:
- WP Job Manager
- Plugin Slug:
- wp-job-manager
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2023-52212
WP Job Manager
- Plugin:
- WP Job Manager
- Plugin Slug:
- wp-job-manager
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2023-52211
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations:
- 90,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.2.5.8
- Severity Score:
- High
- CVE:
- 2023-6634
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations:
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.2.5.8
- Severity Score:
- Medium
- CVE:
- 2023-6223
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations:
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.2.5.8
- Severity Score:
- Critical
- CVE:
- 2023-6567
Ajax Search Lite
- Plugin:
- Ajax Search Lite
- Plugin Slug:
- ajax-search-lite
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.11.5
- Severity Score:
- High
- CVE:
- 2024-21752
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider
- Plugin Slug:
- depicter
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.7
- Severity Score:
- Medium
- CVE:
- 2023-6493
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.6
- Severity Score:
- Medium
- CVE:
- 2023-6986
3D FlipBook – PDF Flipbook WordPress
- Plugin Slug:
- interactive-3d-flipbook-powered-physics-engine
- Installations:
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.3
- Severity Score:
- Medium
- CVE:
- 2023-6776
AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!
- Plugin Slug:
- ai-engine
- Installations:
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.9.99
- Severity Score:
- Critical
- CVE:
- 2023-51409
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.3
- Severity Score:
- Low
- CVE:
- 2023-6798
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.3
- Severity Score:
- Medium
- CVE:
- 2023-6801
MapPress Maps for WordPress
- Plugin:
- MapPress Maps for WordPress
- Plugin Slug:
- mappress-google-maps-for-wordpress
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.88.14
- Severity Score:
- Medium
- CVE:
- 2023-6524
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
- Plugin Slug:
- print-invoices-packing-slip-labels-for-woocommerce
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- CVE:
- 2023-7068
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations:
- 50,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.10.8
- Severity Score:
- Medium
- CVE:
- 2023-6504
WP 2FA – Two-factor authentication for WordPress
- Plugin Slug:
- wp-2fa
- Installations:
- 50,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2023-6506
WP 2FA – Two-factor authentication for WordPress
- Plugin Slug:
- wp-2fa
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2023-6520
Void Contact Form 7 Widget For Elementor Page Builder
- Plugin Slug:
- cf7-widget-elementor
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4
- Severity Score:
- Medium
- CVE:
- 2023-52214
Constant Contact Forms
- Plugin:
- Constant Contact Forms
- Plugin Slug:
- constant-contact-forms
- Installations:
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.3
- Severity Score:
- Medium
- CVE:
- 2023-52208
OneClick Chat to Order
- Plugin:
- OneClick Chat to Order
- Plugin Slug:
- oneclick-whatsapp-order
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
Quiz Maker
- Plugin:
- Quiz Maker
- Plugin Slug:
- quiz-maker
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.1.2
- Severity Score:
- Medium
- CVE:
- 2024-21743
Swift SMTP (formerly Welcome Email Editor)
- Plugin Slug:
- welcome-email-editor
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.0.7
- Severity Score:
- Medium
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.5.1
- Severity Score:
- Medium
- CVE:
- 2023-6980
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations:
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.5.1
- Severity Score:
- High
- CVE:
- 2023-6981
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin Slug:
- erp
- Installations:
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.12.9
- Severity Score:
- High
- CVE:
- 2024-21747
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.0.23
- Severity Score:
- Critical
- CVE:
- 2023-52200
ActivityPub
- Plugin:
- ActivityPub
- Plugin Slug:
- activitypub
- Installations:
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
- 2023-52199
WordPress Live Chat Plugin for WooCommerce – LiveChat
- Plugin Slug:
- livechat-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.14
- Severity Score:
- Medium
WordPress Live Chat Plugin for WooCommerce – LiveChat
- Plugin Slug:
- livechat-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.17
- Severity Score:
- Medium
Product Delivery Date for WooCommerce – Lite
- Plugin Slug:
- product-delivery-date-for-woocommerce-lite
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.1
- Severity Score:
- Medium
- CVE:
- 2023-52210
Football Pool
- Plugin:
- Football Pool
- Plugin Slug:
- football-pool
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.4
- Severity Score:
- Medium
GD Rating System
- Plugin:
- GD Rating System
- Plugin Slug:
- gd-rating-system
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.1
- Severity Score:
- Medium
TNC PDF viewer
- Plugin:
- TNC PDF viewer
- Plugin Slug:
- pdf-viewer-by-themencode
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
- Plugin:
- Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations:
- 800+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.5.2
- Severity Score:
- Critical
- CVE:
- 2023-52221
Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
- Plugin:
- Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations:
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.2
- Severity Score:
- Critical
- CVE:
- 2023-52215
Rate Star Review – AJAX Reviews for Content, with Star Ratings
- Plugin Slug:
- rate-star-review
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.2
- Severity Score:
- High
- CVE:
- 2023-52213
Booster Elite for WooCommerce
- Plugin:
- Booster Elite for WooCommerce
- Plugin Slug:
- booster-elite-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2023-52234
Booster Plus for WooCommerce
- Plugin:
- Booster Plus for WooCommerce
- Plugin Slug:
- booster-plus-for-woocommerce
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2023-52232
Booster Plus for WooCommerce
- Plugin:
- Booster Plus for WooCommerce
- Plugin Slug:
- booster-plus-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2023-52231
Booster Plus for WooCommerce
- Plugin:
- Booster Plus for WooCommerce
- Plugin Slug:
- booster-plus-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.1.3
- Severity Score:
- Medium
- CVE:
- 2023-52230
FooGallery Premium
- Plugin:
- FooGallery Premium
- Plugin Slug:
- foogallery-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2023-6747
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.24
- Severity Score:
- Medium
- CVE:
- 2023-52193
MaxButtons
- Plugin:
- MaxButtons
- Plugin Slug:
- maxbutton
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.7.6
- Severity Score:
- Medium
- CVE:
- 2023-6594
Oxygen Builder
- Plugin:
- Oxygen Builder
- Plugin Slug:
- oxygenbuilder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.1
- Severity Score:
- Medium
- CVE:
- 2023-6938
WordPress Themes — 1 Patched / 0 Unpatched
Weaver Xtreme
- Theme:
- Weaver Xtreme
- Theme Slug:
- weaver-xtreme
- Downloads:
- 494,749
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4
- Severity Score:
- Medium
- CVE:
- 2023-6990
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed