WordPress Vulnerability Report — January 24, 2024

In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you're a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Sarah Ulmer

Published:Jan 24, 2024

Filed Under:WordPress Security

Reading Time:18 min.

In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. Free Online Training Event! TODAY! Register Now!
2. WordPress Core
3. WordPress Plugins — 28 Patched / 59 Unpatched

3.1 Ninja Tables – Best Data Table Plugin for WordPress
3.2 Ninja Tables – Best Data Table Plugin for WordPress
3.3 Booking for Appointments and Events Calendar – Amelia
3.4 Contact Form builder with drag & drop for WordPress – Kali Forms
3.5 PDF Viewer & 3D PDF Flipbook – DearPDF
3.6 Browser Theme Color
3.7 FreshMail For WordPress
3.8 Albo Pretorio On line
3.9 Albo Pretorio On line
3.10 CBX Map for Google Map & OpenStreetMap
3.11 Posts List Designer by Category – List Category Posts Or Recent Posts
3.12 12 Step Meeting List
3.13 WP To Do
3.14 BA Plus
3.15 Better Anchor Links
3.16 CformsII
3.17 Custom Dashboard Widgets
3.18 Delhivery Logistics Courier
3.19 enigma chart.js
3.20 enigma chart.js
3.21 Frontpage Manager
3.22 Image Tag Manager
3.23 lasTunes
3.24 Post views Stats
3.25 SimpleMap Store Locator
3.26 Splashscreen
3.27 Unlimited Addons for WPBakery Page Builder
3.28 WP Smart Editor
3.29 Advanced Custom Fields (ACF)
3.30 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
3.31 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
3.32 Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
3.33 Migration, Backup, Staging – WPvivid
3.34 PDF Invoices & Packing Slips for WooCommerce
3.35 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
3.36 Orbit Fox by ThemeIsle
3.37 Burst Statistics – Privacy-Friendly Analytics for WordPress
3.38 FileBird – WordPress Media Library Folders & File Manager
3.39 GiveWP – Donation Plugin and Fundraising Platform
3.40 Schema & Structured Data for WP & AMP
3.41 Product Import Export for WooCommerce
3.42 Import and export users and customers
3.43 VK Block Patterns
3.44 Advanced Woo Search
3.45 Booking for Appointments and Events Calendar – Amelia
3.46 Getwid – Gutenberg Blocks
3.47 Getwid – Gutenberg Blocks
3.48 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
3.49 Photo Gallery, Images, Slider in Rbs Image Gallery
3.50 Simple Membership
3.51 WP Recipe Maker
3.52 WP Recipe Maker
3.53 WP Recipe Maker
3.54 WP Recipe Maker
3.55 WP Recipe Maker
3.56 WP Recipe Maker
3.57 WP Recipe Maker
3.58 Shield Security – Smart Bot Blocking & Intrusion Prevention Security
3.59 IP2Location Country Blocker
3.60 Asgaros Forum
3.61 Cryptocurrency Widgets – Price Ticker & Coins List
3.62 Author Box, Guest Author and Co-Authors for Your Posts – Molongui
3.63 Stripe Payment Plugin for WooCommerce
3.64 Portfolio & Image Gallery for WordPress | PowerFolio
3.65 BP Profile Search
3.66 HD Quiz
3.67 WOLF – WordPress Posts Bulk Editor and Manager Professional
3.68 ChatBot with AI
3.69 Slider by Supsystic
3.70 FastDup – Fastest WordPress Migration & Duplicator
3.71 Formzu WP
3.72 WP-Lister Lite for eBay
3.73 WP Spell Check
3.74 WPZOOM Shortcodes
3.75 InstaWP Connect – 1-click WP Staging & Migration
3.76 Display custom fields in the frontend – Post and User Profile Fields
3.77 Display custom fields in the frontend – Post and User Profile Fields
3.78 Display custom fields in the frontend – Post and User Profile Fields
3.79 Stock Locations for WooCommerce
3.80 Advanced Custom Fields PRO
3.81 GeneratePress Premium
3.82 PeepSo Core: Photos
3.83 SalesKing
3.84 SalesKing
3.85 SalesKing
3.86 WooCommerce Subscriptions
3.87 WPForms Pro

4. WordPress Themes — 1 Patched / 0 Unpatched

4.1 ColorMag

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

Free Online Training Event! TODAY! Register Now!

TODAY! January 24, 2024 @ 1:00 PM – 2:00 PM (CST)

Not all WordPress threats and vulnerabilities are “created equal.” Some require more immediate attention and pose a greater risk than others. Even with preventive tools in place, such as Solid Security Pro with Patchstack, you need to understand how to assess and respond to threats and vulnerabilities.

This livestream will help you understand what needs your attention first, how to use Security tools like Solid Security Pro to view, rank, and respond to threats, and how to harden your site moving forward.

Can’t make the live event? Go ahead and register, and we’ll email you the replay. See webinar time in your time zone.

WordPress Core

WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.

WordPress Plugins — 28 Patched / 59 Unpatched

Plugin:: Ninja Tables – Best Data Table Plugin for WordPress
Plugin Slug:: ninja-tables
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23504

Plugin:: Ninja Tables – Best Data Table Plugin for WordPress
Plugin Slug:: ninja-tables
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23503

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22298

Plugin:: Contact Form builder with drag & drop for WordPress – Kali Forms
Plugin Slug:: kali-forms
Installations: 30,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22305

Plugin:: PDF Viewer & 3D PDF Flipbook – DearPDF
Plugin Slug:: dearpdf-lite
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23505

Plugin:: Browser Theme Color
Plugin Slug:: browser-theme-color
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22291

Plugin:: FreshMail For WordPress
Plugin Slug:: freshmail-integration
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22304

Plugin:: Albo Pretorio On line
Plugin Slug:: albo-pretorio-on-line
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22302

Plugin:: Albo Pretorio On line
Plugin Slug:: albo-pretorio-on-line
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22301

Plugin:: CBX Map for Google Map & OpenStreetMap
Plugin Slug:: cbxgooglemap
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22297

Plugin:: Posts List Designer by Category – List Category Posts Or Recent Posts
Plugin Slug:: post-list-designer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23502

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22296

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22292

Plugin:: BA Plus
Plugin Slug:: ba-plus-before-after-image-slider-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22286

Plugin:: Better Anchor Links
Plugin Slug:: better-anchor-links
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22287

Plugin:: CformsII
Plugin Slug:: cforms2
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22149

Plugin:: Custom Dashboard Widgets
Plugin Slug:: custom-dashboard-widgets
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22290

Plugin:: Delhivery Logistics Courier
Plugin Slug:: delhivery-logistics-courier
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22283

Plugin:: enigma chart.js
Plugin Slug:: enigma-chartjs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6081

Plugin:: enigma chart.js
Plugin Slug:: enigma-chartjs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6082

Plugin:: Frontpage Manager
Plugin Slug:: frontpage-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22285

Plugin:: Image Tag Manager
Plugin Slug:: image-tag-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22160

Plugin:: lasTunes
Plugin Slug:: lastunes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6499

Plugin:: Post views Stats
Plugin Slug:: post-views-stats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22289

Plugin:: SimpleMap Store Locator
Plugin Slug:: simplemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22282

Plugin:: Splashscreen
Plugin Slug:: splashscreen
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6501

Plugin:: Unlimited Addons for WPBakery Page Builder
Plugin Slug:: unlimited-addons-for-wpbakery-page-builder
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6925

Plugin:: WP Smart Editor
Plugin Slug:: wp-smart-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-22148

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.2.5
Severity Score:: Medium

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.5
Severity Score:: Medium
CVE:: 2024-0585

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.5
Severity Score:: Medium
CVE:: 2024-0586

Plugin:: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2024-0618

Plugin:: Migration, Backup, Staging – WPvivid
Plugin Slug:: wpvivid-backuprestore
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.95
Severity Score:: Medium
CVE:: 2023-4637

Plugin:: PDF Invoices & Packing Slips for WooCommerce
Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.6
Severity Score:: High
CVE:: 2024-22147

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.8.20
Severity Score:: Critical
CVE:: 2024-0221

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.28
Severity Score:: Medium
CVE:: 2024-0508

Plugin:: Burst Statistics – Privacy-Friendly Analytics for WordPress
Plugin Slug:: burst-statistics
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-0405

Plugin:: FileBird – WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-0691

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2023-51415

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26
Severity Score:: Medium
CVE:: 2024-22146

Plugin:: Product Import Export for WooCommerce
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.3.8
Severity Score:: High
CVE:: 2024-22152

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.24.7
Severity Score:: Medium
CVE:: 2024-22151

Plugin:: VK Block Patterns
Plugin Slug:: vk-block-patterns
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.31.2.0
Severity Score:: Medium
CVE:: 2024-0623

Plugin:: Advanced Woo Search
Plugin Slug:: advanced-woo-search
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.97
Severity Score:: High
CVE:: 2024-0251

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.94
Severity Score:: Medium
CVE:: 2023-6808

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2023-6963

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2023-6959

Plugin:: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.10.9
Severity Score:: High
CVE:: 2024-0324

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.18
Severity Score:: Medium
CVE:: 2024-22295

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 50,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.4.2
Severity Score:: Low
CVE:: 2024-22308

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0381

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Path Traversal
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0380

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0255

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: High
CVE:: 2023-6970

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0384

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2023-6958

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0382

Plugin:: Shield Security – Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 18.5.8
Severity Score:: High
CVE:: 2024-22163

Plugin:: IP2Location Country Blocker
Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.33.4
Severity Score:: Medium
CVE:: 2024-22294

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.8.0
Severity Score:: High
CVE:: 2024-22284

Plugin:: Cryptocurrency Widgets – Price Ticker & Coins List
Plugin Slug:: cryptocurrency-price-ticker-widget
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.6
Severity Score:: Critical
CVE:: 2024-0709

Plugin:: Author Box, Guest Author and Co-Authors for Your Posts – Molongui
Plugin Slug:: molongui-authorship
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.7.5
Severity Score:: Medium
CVE:: 2023-7014

Plugin:: Stripe Payment Plugin for WooCommerce
Plugin Slug:: payment-gateway-stripe-and-woocommerce-integration
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.8.0
Severity Score:: Critical
CVE:: 2024-0705

Plugin:: Portfolio & Image Gallery for WordPress | PowerFolio
Plugin Slug:: portfolio-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2024-22150

Plugin:: BP Profile Search
Plugin Slug:: bp-profile-search
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6
Severity Score:: High
CVE:: 2024-22293

Plugin:: HD Quiz
Plugin Slug:: hd-quiz
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.12
Severity Score:: Medium
CVE:: 2024-22161

Plugin:: WOLF – WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.1
Severity Score:: High
CVE:: 2024-22159

Plugin:: ChatBot with AI
Plugin Slug:: chatbot
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.1.1
Severity Score:: High
CVE:: 2024-22309

Plugin:: Slider by Supsystic
Plugin Slug:: slider-by-supsystic
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2024-22303

Plugin:: FastDup – Fastest WordPress Migration & Duplicator
Plugin Slug:: fastdup
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.0
Severity Score:: Critical
CVE:: 2023-6592

Plugin:: Formzu WP
Plugin Slug:: formzu-wp
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-22310

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.8
Severity Score:: High
CVE:: 2024-22307

Plugin:: WP Spell Check
Plugin Slug:: wp-spell-check
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.18
Severity Score:: Medium
CVE:: 2024-22143

Plugin:: WPZOOM Shortcodes
Plugin Slug:: wpzoom-shortcodes
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: High
CVE:: 2024-22162

Plugin:: InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 0.1.0.9
Severity Score:: High
CVE:: 2024-22145

Plugin:: Display custom fields in the frontend – Post and User Profile Fields
Plugin Slug:: shortcode-to-display-post-and-user-data
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2023-6982

Plugin:: Display custom fields in the frontend – Post and User Profile Fields
Plugin Slug:: shortcode-to-display-post-and-user-data
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2023-6983

Plugin:: Display custom fields in the frontend – Post and User Profile Fields
Plugin Slug:: shortcode-to-display-post-and-user-data
Installations: 1,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2023-6996

Plugin:: Stock Locations for WooCommerce
Plugin Slug:: stock-locations-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-22153

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.2.5
Severity Score:: Medium

Plugin:: GeneratePress Premium
Plugin Slug:: generatepress-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2023-6807

Plugin:: PeepSo Core: Photos
Plugin Slug:: peepso-photos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.1.0
Severity Score:: Medium
CVE:: 2024-22158

Plugin:: SalesKing
Plugin Slug:: salesking
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.30
Severity Score:: Critical
CVE:: 2024-22157

Plugin:: SalesKing
Plugin Slug:: salesking
Vulnerability:: Settings Change
Patched in Version:: 1.6.30
Severity Score:: Medium
CVE:: 2024-22156

Plugin:: SalesKing
Plugin Slug:: salesking
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.30
Severity Score:: High
CVE:: 2024-22154

Plugin:: WooCommerce Subscriptions
Plugin Slug:: woocommerce-subscriptions
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2023-50850

Plugin:: WPForms Pro
Plugin Slug:: wpforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5.4
Severity Score:: High
CVE:: 2023-7063

WordPress Themes — 1 Patched / 0 Unpatched

Theme:: ColorMag
Theme Slug:: colormag
Downloads: 3,787,317
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-0679

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

Free Online Training Event! TODAY! Register Now!

WordPress Core

WordPress Plugins — 28 Patched / 59 Unpatched

WordPress Themes — 1 Patched / 0 Unpatched

Author:

Join us for the next Solid Academy Webinar!

What is a WordPress Phishing Attack?

Website Protection: 5 Ways to Keep Your Website Safe

23 Ideas To Grow Your WordPress Business in 2023

Author:

Sign up now — Get SolidWP updates and valuable content straight to your inbox

Sign up

Related Posts

WordPress Vulnerability Report — April 24, 2024

Solid Security Pro Feature Spotlight – Password Requirements

WordPress Vulnerability Report — April 17, 2024

WordPress Vulnerability Report — April 10, 2024