WordPress Vulnerability Report — January 24, 2024
In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you're a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 59 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
Free Online Training Event! TODAY! Register Now!
TODAY! January 24, 2024 @ 1:00 PM – 2:00 PM (CST)
Not all WordPress threats and vulnerabilities are “created equal.” Some require more immediate attention and pose a greater risk than others. Even with preventive tools in place, such as Solid Security Pro with Patchstack, you need to understand how to assess and respond to threats and vulnerabilities.
This livestream will help you understand what needs your attention first, how to use Security tools like Solid Security Pro to view, rank, and respond to threats, and how to harden your site moving forward.
Can’t make the live event? Go ahead and register, and we’ll email you the replay. See webinar time in your time zone.
WordPress Core
WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.
WordPress Plugins — 28 Patched / 59 Unpatched
Ninja Tables – Best Data Table Plugin for WordPress
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-23504
Ninja Tables – Best Data Table Plugin for WordPress
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-23503
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22298
Contact Form builder with drag & drop for WordPress – Kali Forms
- Plugin Slug:
- kali-forms
- Installations
- 30,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22305
PDF Viewer & 3D PDF Flipbook – DearPDF
- Plugin Slug:
- dearpdf-lite
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-23505
Browser Theme Color
- Plugin:
- Browser Theme Color
- Plugin Slug:
- browser-theme-color
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22291
FreshMail For WordPress
- Plugin:
- FreshMail For WordPress
- Plugin Slug:
- freshmail-integration
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22304
Albo Pretorio On line
- Plugin:
- Albo Pretorio On line
- Plugin Slug:
- albo-pretorio-on-line
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22302
Albo Pretorio On line
- Plugin:
- Albo Pretorio On line
- Plugin Slug:
- albo-pretorio-on-line
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22301
CBX Map for Google Map & OpenStreetMap
- Plugin Slug:
- cbxgooglemap
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22297
Posts List Designer by Category – List Category Posts Or Recent Posts
- Plugin Slug:
- post-list-designer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-23502
12 Step Meeting List
- Plugin:
- 12 Step Meeting List
- Plugin Slug:
- 12-step-meeting-list
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22296
WP To Do
- Plugin:
- WP To Do
- Plugin Slug:
- wp-todo
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22292
BA Plus
- Plugin:
- BA Plus
- Plugin Slug:
- ba-plus-before-after-image-slider-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22286
Better Anchor Links
- Plugin:
- Better Anchor Links
- Plugin Slug:
- better-anchor-links
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22287
CformsII
- Plugin:
- CformsII
- Plugin Slug:
- cforms2
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22149
Custom Dashboard Widgets
- Plugin:
- Custom Dashboard Widgets
- Plugin Slug:
- custom-dashboard-widgets
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22290
Delhivery Logistics Courier
- Plugin:
- Delhivery Logistics Courier
- Plugin Slug:
- delhivery-logistics-courier
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22283
enigma chart.js
- Plugin:
- enigma chart.js
- Plugin Slug:
- enigma-chartjs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6081
enigma chart.js
- Plugin:
- enigma chart.js
- Plugin Slug:
- enigma-chartjs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6082
Frontpage Manager
- Plugin:
- Frontpage Manager
- Plugin Slug:
- frontpage-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22285
Image Tag Manager
- Plugin:
- Image Tag Manager
- Plugin Slug:
- image-tag-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22160
lasTunes
- Plugin:
- lasTunes
- Plugin Slug:
- lastunes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6499
Post views Stats
- Plugin:
- Post views Stats
- Plugin Slug:
- post-views-stats
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22289
SimpleMap Store Locator
- Plugin:
- SimpleMap Store Locator
- Plugin Slug:
- simplemap
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22282
Splashscreen
- Plugin:
- Splashscreen
- Plugin Slug:
- splashscreen
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6501
Unlimited Addons for WPBakery Page Builder
- Plugin:
- Unlimited Addons for WPBakery Page Builder
- Plugin Slug:
- unlimited-addons-for-wpbakery-page-builder
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6925
WP Smart Editor
- Plugin:
- WP Smart Editor
- Plugin Slug:
- wp-smart-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-22148
Advanced Custom Fields (ACF)
- Plugin:
- Advanced Custom Fields (ACF)
- Plugin Slug:
- advanced-custom-fields
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.5
- Severity Score:
- Medium
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.5
- Severity Score:
- Medium
- CVE:
- 2024-0585
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.5
- Severity Score:
- Medium
- CVE:
- 2024-0586
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.7
- Severity Score:
- Medium
- CVE:
- 2024-0618
Migration, Backup, Staging – WPvivid
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.9.95
- Severity Score:
- Medium
- CVE:
- 2023-4637
PDF Invoices & Packing Slips for WooCommerce
- Plugin Slug:
- woocommerce-pdf-invoices-packing-slips
- Installations
- 300,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.7.6
- Severity Score:
- High
- CVE:
- 2024-22147
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 1.8.20
- Severity Score:
- Critical
- CVE:
- 2024-0221
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.28
- Severity Score:
- Medium
- CVE:
- 2024-0508
Burst Statistics – Privacy-Friendly Analytics for WordPress
- Plugin Slug:
- burst-statistics
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2024-0405
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- CVE:
- 2024-0691
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.0
- Severity Score:
- Medium
- CVE:
- 2023-51415
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.26
- Severity Score:
- Medium
- CVE:
- 2024-22146
Product Import Export for WooCommerce
- Plugin Slug:
- product-import-export-for-woo
- Installations
- 90,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.3.8
- Severity Score:
- High
- CVE:
- 2024-22152
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.24.7
- Severity Score:
- Medium
- CVE:
- 2024-22151
VK Block Patterns
- Plugin:
- VK Block Patterns
- Plugin Slug:
- vk-block-patterns
- Installations
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.31.2.0
- Severity Score:
- Medium
- CVE:
- 2024-0623
Advanced Woo Search
- Plugin:
- Advanced Woo Search
- Plugin Slug:
- advanced-woo-search
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.97
- Severity Score:
- High
- CVE:
- 2024-0251
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.94
- Severity Score:
- Medium
- CVE:
- 2023-6808
Getwid – Gutenberg Blocks
- Plugin:
- Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 50,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2023-6963
Getwid – Gutenberg Blocks
- Plugin:
- Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2023-6959
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.10.9
- Severity Score:
- High
- CVE:
- 2024-0324
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.18
- Severity Score:
- Medium
- CVE:
- 2024-22295
Simple Membership
- Plugin:
- Simple Membership
- Plugin Slug:
- simple-membership
- Installations
- 50,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 4.4.2
- Severity Score:
- Low
- CVE:
- 2024-22308
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-0381
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-0380
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-0255
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- High
- CVE:
- 2023-6970
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-0384
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2023-6958
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-0382
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
- Plugin Slug:
- wp-simple-firewall
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 18.5.8
- Severity Score:
- High
- CVE:
- 2024-22163
IP2Location Country Blocker
- Plugin:
- IP2Location Country Blocker
- Plugin Slug:
- ip2location-country-blocker
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.33.4
- Severity Score:
- Medium
- CVE:
- 2024-22294
Asgaros Forum
- Plugin:
- Asgaros Forum
- Plugin Slug:
- asgaros-forum
- Installations
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.8.0
- Severity Score:
- High
- CVE:
- 2024-22284
Cryptocurrency Widgets – Price Ticker & Coins List
- Plugin Slug:
- cryptocurrency-price-ticker-widget
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.6
- Severity Score:
- Critical
- CVE:
- 2024-0709
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
- Plugin Slug:
- molongui-authorship
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.7.5
- Severity Score:
- Medium
- CVE:
- 2023-7014
Stripe Payment Plugin for WooCommerce
- Plugin Slug:
- payment-gateway-stripe-and-woocommerce-integration
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.8.0
- Severity Score:
- Critical
- CVE:
- 2024-0705
Portfolio & Image Gallery for WordPress | PowerFolio
- Plugin Slug:
- portfolio-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2024-22150
BP Profile Search
- Plugin:
- BP Profile Search
- Plugin Slug:
- bp-profile-search
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6
- Severity Score:
- High
- CVE:
- 2024-22293
HD Quiz
- Plugin:
- HD Quiz
- Plugin Slug:
- hd-quiz
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.12
- Severity Score:
- Medium
- CVE:
- 2024-22161
WOLF – WordPress Posts Bulk Editor and Manager Professional
- Plugin Slug:
- bulk-editor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8.1
- Severity Score:
- High
- CVE:
- 2024-22159
ChatBot with AI
- Plugin:
- ChatBot with AI
- Plugin Slug:
- chatbot
- Installations
- 5,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.1.1
- Severity Score:
- High
- CVE:
- 2024-22309
Slider by Supsystic
- Plugin:
- Slider by Supsystic
- Plugin Slug:
- slider-by-supsystic
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2024-22303
FastDup – Fastest WordPress Migration & Duplicator
- Plugin Slug:
- fastdup
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.0
- Severity Score:
- Critical
- CVE:
- 2023-6592
Formzu WP
- Plugin:
- Formzu WP
- Plugin Slug:
- formzu-wp
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
- 2024-22310
WP-Lister Lite for eBay
- Plugin:
- WP-Lister Lite for eBay
- Plugin Slug:
- wp-lister-for-ebay
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.8
- Severity Score:
- High
- CVE:
- 2024-22307
WP Spell Check
- Plugin:
- WP Spell Check
- Plugin Slug:
- wp-spell-check
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.18
- Severity Score:
- Medium
- CVE:
- 2024-22143
WPZOOM Shortcodes
- Plugin:
- WPZOOM Shortcodes
- Plugin Slug:
- wpzoom-shortcodes
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- High
- CVE:
- 2024-22162
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 0.1.0.9
- Severity Score:
- High
- CVE:
- 2024-22145
Display custom fields in the frontend – Post and User Profile Fields
- Plugin Slug:
- shortcode-to-display-post-and-user-data
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2023-6982
Display custom fields in the frontend – Post and User Profile Fields
- Plugin Slug:
- shortcode-to-display-post-and-user-data
- Installations
- 1,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2023-6983
Display custom fields in the frontend – Post and User Profile Fields
- Plugin Slug:
- shortcode-to-display-post-and-user-data
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.3.0
- Severity Score:
- High
- CVE:
- 2023-6996
Stock Locations for WooCommerce
- Plugin:
- Stock Locations for WooCommerce
- Plugin Slug:
- stock-locations-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2024-22153
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.5
- Severity Score:
- Medium
GeneratePress Premium
- Plugin:
- GeneratePress Premium
- Plugin Slug:
- generatepress-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2023-6807
PeepSo Core: Photos
- Plugin:
- PeepSo Core: Photos
- Plugin Slug:
- peepso-photos
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-22158
SalesKing
- Plugin:
- SalesKing
- Plugin Slug:
- salesking
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.6.30
- Severity Score:
- Critical
- CVE:
- 2024-22157
SalesKing
- Plugin:
- SalesKing
- Plugin Slug:
- salesking
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.6.30
- Severity Score:
- Medium
- CVE:
- 2024-22156
SalesKing
- Plugin:
- SalesKing
- Plugin Slug:
- salesking
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.30
- Severity Score:
- High
- CVE:
- 2024-22154
WooCommerce Subscriptions
- Plugin:
- WooCommerce Subscriptions
- Plugin Slug:
- woocommerce-subscriptions
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.0
- Severity Score:
- Medium
- CVE:
- 2023-50850
WPForms Pro
- Plugin:
- WPForms Pro
- Plugin Slug:
- wpforms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.5.4
- Severity Score:
- High
- CVE:
- 2023-7063
WordPress Themes — 1 Patched / 0 Unpatched
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed