Since our last report, 136 new vulnerabilities have been publicly disclosed.1 They all affect WordPress plugins, so there are no theme vulnerabilities to report this week. Security patches for 64 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 72 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.3.2 is a Maintenance and Security release issued on October 12. It features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Because this is a security release, it is recommended that you apply it and update your sites to WordPress 6.3.2 as soon as possible. Backports are also available for older supported major WordPress releases from version 4.1 onward.
The next major release will be version 6.4, expected on 7 November 2023.
WordPress Plugins — 64 Patched / 72 Unpatched
WP Word Count
- Plugin:
- WP Word Count
- Plugin Slug:
- wp-word-count
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46628
Convertful – Your Ultimate On-Site Conversion Tool
- Plugin Slug:
- convertful
- Installations:
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46605
User Avatar
- Plugin:
- User Avatar
- Plugin Slug:
- user-avatar
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46621
Remove Add to Cart WooCommerce
- Plugin Slug:
- remove-add-to-cart-woocommerce
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46629
Export WP Page to Static HTML/CSS
- Plugin Slug:
- export-wp-page-to-static-html
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-31077
SAHU TikTok Pixel for E-Commerce
- Plugin Slug:
- sahu-tiktok-pixel
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46642
DeepL API translation plugin
- Plugin:
- DeepL API translation plugin
- Plugin Slug:
- wpdeepl
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46620
Custom My Account for Woocommerce
- Plugin Slug:
- custom-my-account-for-woocommerce
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46634
DoLogin Security
- Plugin:
- DoLogin Security
- Plugin Slug:
- dologin
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46608
FeedFocal
- Plugin:
- FeedFocal
- Plugin Slug:
- feedfocal
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46609
Product Recommendation Quiz for eCommerce
- Plugin Slug:
- product-recommendation-quiz-for-ecommerce
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46631
Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
- Plugin Slug:
- quillforms
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46610
Group Chat & Video Chat by AtomChat
- Plugin Slug:
- atomchat
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46606
Category SEO Meta Tags
- Plugin:
- Category SEO Meta Tags
- Plugin Slug:
- category-seo-meta-tags
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46618
Custom Header Images
- Plugin:
- Custom Header Images
- Plugin Slug:
- custom-header-images
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46636
Autolinks Manager
- Plugin:
- Autolinks Manager
- Plugin Slug:
- daext-autolinks-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46625
Generate Dummy Posts
- Plugin:
- Generate Dummy Posts
- Plugin Slug:
- generate-dummy-posts
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46637
My Shortcodes
- Plugin:
- My Shortcodes
- Plugin Slug:
- my-shortcodes
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46632
Simple User Listing
- Plugin:
- Simple User Listing
- Plugin Slug:
- simple-user-listing
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-32298
WDSocialWidgets
- Plugin:
- WDSocialWidgets
- Plugin Slug:
- spider-facebook
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46619
Parcel Pro
- Plugin:
- Parcel Pro
- Plugin Slug:
- woo-parcel-pro
- Installations:
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46624
WP Glossary
- Plugin:
- WP Glossary
- Plugin Slug:
- wp-glossary
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46633
WP iCal Availability
- Plugin:
- WP iCal Availability
- Plugin Slug:
- wp-ical-availability
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46607
WordPress Simple HTML Sitemap
- Plugin Slug:
- wp-simple-html-sitemap
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46627
FLOWFACT WP Connector
- Plugin:
- FLOWFACT WP Connector
- Plugin Slug:
- flowfact-wp-connector
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46626
Ni WooCommerce Sales Report
- Plugin:
- Ni WooCommerce Sales Report
- Plugin Slug:
- ni-woocommerce-sales-report
- Installations:
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-32299
WP Simple Galleries
- Plugin:
- WP Simple Galleries
- Plugin Slug:
- wp-simple-galleries
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5583
WP Post Popup
- Plugin:
- WP Post Popup
- Plugin Slug:
- wp-post-modal
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4808
WP Post Columns
- Plugin:
- WP Post Columns
- Plugin Slug:
- wp-post-columns
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5708
WP Knowledgebase
- Plugin:
- WP Knowledgebase
- Plugin Slug:
- wp-knowledgebase
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5802
Google Maps made Simple
- Plugin:
- Google Maps made Simple
- Plugin Slug:
- wp-gmappity-easy-google-maps
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5315
WP Font Awesome
- Plugin:
- WP Font Awesome
- Plugin Slug:
- wp-font-awesome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5127
NinjaTeam Live Chat (Messenger API)
- Plugin:
- NinjaTeam Live Chat (Messenger API)
- Plugin Slug:
- wp-facebook-messenger
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5740
Magic Embeds
- Plugin:
- Magic Embeds
- Plugin Slug:
- wp-embed-facebook
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4799
Related Products for WooCommerce
- Plugin:
- Related Products for WooCommerce
- Plugin Slug:
- woo-related-products-refresh-on-reload
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5234
WhatsApp Share Button
- Plugin:
- WhatsApp Share Button
- Plugin Slug:
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5668
Weather Atlas Widget
- Plugin:
- Weather Atlas Widget
- Plugin Slug:
- weather-atlas
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5163
WCP OpenWeather
- Plugin:
- WCP OpenWeather
- Plugin Slug:
- wcp-openweather
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46638
Theme Blvd Shortcodes
- Plugin:
- Theme Blvd Shortcodes
- Plugin Slug:
- theme-blvd-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5338
TCD Google Maps
- Plugin:
- TCD Google Maps
- Plugin Slug:
- tcd-google-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5128
Simple Shortcodes
- Plugin:
- Simple Shortcodes
- Plugin Slug:
- smpl-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5566
Shortcode Menu
- Plugin:
- Shortcode Menu
- Plugin Slug:
- shortcode-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5565
Reusable Text Blocks
- Plugin:
- Reusable Text Blocks
- Plugin Slug:
- reusable-text-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5745
PubyDoc
- Plugin:
- PubyDoc
- Plugin Slug:
- pubydoc-data-tables-and-charts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4970
PHP to Page
- Plugin:
- PHP to Page
- Plugin Slug:
- php-to-page
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-5199
Original texts Yandex WebMaster
- Plugin:
- Original texts Yandex WebMaster
- Plugin Slug:
- original-texts-yandex-webmaster
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46775
Mediabay
- Plugin:
- Mediabay
- Plugin Slug:
- mediabay-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46612
KD Coming Soon
- Plugin:
- KD Coming Soon
- Plugin Slug:
- kd-coming-soon
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46615
Live updates from Excel
- Plugin:
- Live updates from Excel
- Plugin Slug:
- ipushpull
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5116
iframe forms
- Plugin:
- iframe forms
- Plugin Slug:
- iframe-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5073
idbbee
- Plugin:
- idbbee
- Plugin Slug:
- idbbee
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5114
Grid Plus
- Plugin:
- Grid Plus
- Plugin Slug:
- grid-plus
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5250
Grid Plus
- Plugin:
- Grid Plus
- Plugin Slug:
- grid-plus
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-34014
Feather Login Page
- Plugin:
- Feather Login Page
- Plugin Slug:
- feather-login-page
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46777
FareHarbor for WordPress
- Plugin:
- FareHarbor for WordPress
- Plugin Slug:
- fareharbor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5252
EasyRecipe
- Plugin:
- EasyRecipe
- Plugin Slug:
- easyrecipe
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46779
WordPress CTA
- Plugin:
- WordPress CTA
- Plugin Slug:
- easy-sticky-sidebar
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46644
Delete Me
- Plugin:
- Delete Me
- Plugin Slug:
- delete-me
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5126
Deeper Comments
- Plugin:
- Deeper Comments
- Plugin Slug:
- deeper-comments
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
Current Menu Item for Custom Post Types
- Plugin:
- Current Menu Item for Custom Post Types
- Plugin Slug:
- current-menu-item-for-custom-post-types
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46781
CPO Shortcodes
- Plugin:
- CPO Shortcodes
- Plugin Slug:
- cpo-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5704
Form Builder
- Plugin:
- Form Builder
- Plugin Slug:
- contact-form-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5048
CloudNet360
- Plugin:
- CloudNet360
- Plugin Slug:
- cloudnet-sync
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46643
Buzzsprout Podcasting
- Plugin:
- Buzzsprout Podcasting
- Plugin Slug:
- buzzsprout-podcasting
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5335
BSK PDF Manager
- Plugin:
- BSK PDF Manager
- Plugin Slug:
- bsk-pdf-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5110
Bellows Accordion Menu
- Plugin:
- Bellows Accordion Menu
- Plugin Slug:
- bellows-accordion-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5164
Auto Limit Posts Reloaded
- Plugin:
- Auto Limit Posts Reloaded
- Plugin Slug:
- auto-limit-posts-reloaded
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46778
Auto Excerpt everywhere
- Plugin:
- Auto Excerpt everywhere
- Plugin Slug:
- auto-excerpt-everywhere
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46776
Article analytics
- Plugin:
- Article analytics
- Plugin Slug:
- article-analytics
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-5640
Alter
- Plugin:
- Alter
- Plugin Slug:
- alter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46780
Advanced Menu Widget
- Plugin:
- Advanced Menu Widget
- Plugin Slug:
- advanced-menu-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5085
Ads by datafeedr.com
- Plugin:
- Ads by datafeedr.com
- Plugin Slug:
- ads-by-datafeedrcom
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-5843
LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations:
- 4,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7
- Severity Score:
- Medium
- CVE:
- 2023-4372
kk Star Ratings
- Plugin:
- kk Star Ratings
- Plugin Slug:
- kk-star-ratings
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.6
- Severity Score:
- Medium
- CVE:
- 2023-46639
10Web Booster – Website speed optimization, Cache & Page Speed optimizer
- Plugin Slug:
- tenweb-speed-optimizer
- Installations:
- 80,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.24.18
- Severity Score:
- Medium
VK Blocks
News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)
- Plugin Slug:
- blog-designer-pack
- Installations:
- 30,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.4.2
- Severity Score:
- Critical
- CVE:
- 2023-5815
CallRail Phone Call Tracking
- Plugin:
- CallRail Phone Call Tracking
- Plugin Slug:
- callrail-phone-call-tracking
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.3
- Severity Score:
- Medium
- CVE:
- 2023-5051
Interactive Image Map Plugin – Draw Attention
- Plugin Slug:
- draw-attention
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.16
- Severity Score:
- Medium
- CVE:
- 2023-46616
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.2
- Severity Score:
- Medium
- CVE:
- 2023-5049
Security & Malware scan by CleanTalk
- Plugin Slug:
- security-malware-firewall
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.51
- Severity Score:
- High
- CVE:
- 2020-36698
YOP Poll
- Plugin:
- YOP Poll
- Plugin Slug:
- yop-poll
- Installations:
- 20,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.5.29
- Severity Score:
- Medium
- CVE:
- 2023-46611
404 Solution
- Plugin:
- 404 Solution
- Plugin Slug:
- 404-solution
- Installations:
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.34.0
- Severity Score:
- High
Admin and Site Enhancements (ASE)
- Plugin Slug:
- admin-site-enhancements
- Installations:
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
- 2023-46630
ICS Calendar
- Plugin:
- ICS Calendar
- Plugin Slug:
- ics-calendar
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 10.12.0.4
- Severity Score:
- High
- CVE:
- 2023-46784
Image Regenerate & Select Crop
- Plugin Slug:
- image-regenerate-select-crop
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.3.1
- Severity Score:
- Medium
- CVE:
- 2023-46820
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.20.32
- Severity Score:
- Medium
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.20.29
- Severity Score:
- High
- CVE:
- 2023-5609
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations:
- 10,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 2.20.29
- Severity Score:
- Medium
- CVE:
- 2023-5610
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
- Plugin:
- Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
- Plugin Slug:
- woocommerce-exporter
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2.1
- Severity Score:
- High
- CVE:
- 2023-46822
WP EXtra
WP EXtra
- Plugin:
- WP EXtra
- Plugin Slug:
- wp-extra
- Installations:
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 6.3
- Severity Score:
- Critical
- CVE:
- 2023-46623
YITH WooCommerce Product Add-Ons
- Plugin Slug:
- yith-woocommerce-product-add-ons
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-46635
Fathom Analytics for WP
- Plugin:
- Fathom Analytics for WP
- Plugin Slug:
- fathom-analytics
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
Pre-Orders for WooCommerce
- Plugin:
- Pre-Orders for WooCommerce
- Plugin Slug:
- pre-orders-for-woocommerce
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.14
- Severity Score:
- Medium
- CVE:
- 2023-46783
Image horizontal reel scroll slideshow
- Plugin Slug:
- image-horizontal-reel-scroll-slideshow
- Installations:
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.3
- Severity Score:
- High
- CVE:
- 2023-5412
VK Filter Search
- Plugin:
- VK Filter Search
- Plugin Slug:
- vk-filter-search
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.2
- Severity Score:
- Medium
- CVE:
- 2023-5705
Assistant – Every Day Productivity Apps
- Plugin Slug:
- assistant
- Installations:
- 4,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2023-5798
Very Simple Google Maps
- Plugin:
- Very Simple Google Maps
- Plugin Slug:
- very-simple-google-maps
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.1
- Severity Score:
- Medium
- CVE:
- 2023-5744
Slick Popup: Contact Form 7 Popup Plugin
- Plugin Slug:
- slick-popup
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.15
- Severity Score:
- Medium
- CVE:
- 2023-46824
Vertical marquee plugin
- Plugin:
- Vertical marquee plugin
- Plugin Slug:
- vertical-marquee-plugin
- Installations:
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.2
- Severity Score:
- High
- CVE:
- 2023-5436
Thumbnail carousel slider
- Plugin:
- Thumbnail carousel slider
- Plugin Slug:
- wp-responsive-thumbnail-slider
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2023-5821
Accordion
GD Security Headers
- Plugin:
- GD Security Headers
- Plugin Slug:
- gd-security-headers
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2023-46821
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
- Plugin Slug:
- groundhogg
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.11.11
- Severity Score:
- Medium
- CVE:
- 2023-40681
ImageLinks Interactive Image Builder for WordPress
- Plugin Slug:
- imagelinks-interactive-image-builder-lite
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2023-46823
Popup with fancybox
- Plugin:
- Popup with fancybox
- Plugin Slug:
- popup-with-fancybox
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6
- Severity Score:
- High
- CVE:
- 2023-5465
Tab Ultimate
- Plugin:
- Tab Ultimate
- Plugin Slug:
- tabs-pro
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2023-5667
TK Google Fonts GDPR Compliant
- Plugin Slug:
- tk-google-fonts
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.12
- Severity Score:
- Medium
- CVE:
- 2023-5823
WP Helper Premium
- Plugin:
- WP Helper Premium
- Plugin Slug:
- wp-helper-lite
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- CVE:
- 2023-46614
Zotpress
- Plugin:
- Zotpress
- Plugin Slug:
- zotpress
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.5
- Severity Score:
- High
- CVE:
- 2023-46313
Add to Calendar Button
- Plugin:
- Add to Calendar Button
- Plugin Slug:
- add-to-calendar-button
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2023-46613
MomentoPress for Momento360
- Plugin:
- MomentoPress for Momento360
- Plugin Slug:
- cmyee-momentopress
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2023-46782
Thumbnail Slider With Lightbox
- Plugin Slug:
- wp-responsive-slider-with-lightbox
- Installations:
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.1
- Severity Score:
- Critical
- CVE:
- 2023-5820
WPPizza – A Restaurant Plugin
- Plugin Slug:
- wppizza
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18.3
- Severity Score:
- High
- CVE:
- 2023-46622
Image vertical reel scroll slideshow
- Plugin Slug:
- image-vertical-reel-scroll-slideshow
- Installations:
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.1
- Severity Score:
- High
- CVE:
- 2023-5428
Animated Counters
- Plugin:
- Animated Counters
- Plugin Slug:
- animated-counters
- Installations:
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8
- Severity Score:
- Medium
- CVE:
- 2023-5774
Jquery news ticker
- Plugin:
- Jquery news ticker
- Plugin Slug:
- jquery-news-ticker
- Installations:
- 700+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2023-5430
Medialist
- Plugin:
- Medialist
- Plugin Slug:
- media-list
- Installations:
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2023-46640
Post Meta Data Manager
- Plugin:
- Post Meta Data Manager
- Plugin Slug:
- post-meta-data-manager
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2023-5426
Post Meta Data Manager
- Plugin:
- Post Meta Data Manager
- Plugin Slug:
- post-meta-data-manager
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2023-5425
Information Reel
- Plugin:
- Information Reel
- Plugin Slug:
- information-reel
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 10.1
- Severity Score:
- High
- CVE:
- 2023-5429
Message ticker
- Plugin:
- Message ticker
- Plugin Slug:
- message-ticker
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.3
- Severity Score:
- High
- CVE:
- 2023-5433
WP fade in text news
- Plugin:
- WP fade in text news
- Plugin Slug:
- wp-fade-in-text-news
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5437
Wp anything slider
- Plugin:
- Wp anything slider
- Plugin Slug:
- wp-anything-slider
- Installations:
- 400+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.2
- Severity Score:
- High
- CVE:
- 2023-5466
Neon text
Superb slideshow gallery
- Plugin:
- Superb slideshow gallery
- Plugin Slug:
- superb-slideshow-gallery
- Installations:
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.2
- Severity Score:
- High
- CVE:
- 2023-5434
wp image slideshow
- Plugin:
- wp image slideshow
- Plugin Slug:
- wp-image-slideshow
- Installations:
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5438
Left right image slideshow gallery
- Plugin Slug:
- left-right-image-slideshow-gallery
- Installations:
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5431
Wp photo text slider 50
- Plugin:
- Wp photo text slider 50
- Plugin Slug:
- wp-photo-text-slider-50
- Installations:
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.1
- Severity Score:
- High
- CVE:
- 2023-5439
Jquery accordion slideshow
- Plugin:
- Jquery accordion slideshow
- Plugin Slug:
- jquery-accordion-slideshow
- Installations:
- 70+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.2
- Severity Score:
- High
- CVE:
- 2023-5464
Up down image slideshow gallery
- Plugin Slug:
- up-down-image-slideshow-gallery
- Installations:
- 40+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5435
HTML filter and csv-file search
- Plugin:
- HTML filter and csv-file search
- Plugin Slug:
- hk-filter-and-search
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.8
- Severity Score:
- High
- CVE:
- 2023-5099
HTML filter and csv-file search
- Plugin:
- HTML filter and csv-file search
- Plugin Slug:
- hk-filter-and-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8
- Severity Score:
- Medium
- CVE:
- 2023-5096
Bonus for Woo
- Plugin:
- Bonus for Woo
- Plugin Slug:
- bonus-for-woo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.3
- Severity Score:
- High
- CVE:
- 2023-5140
Advanced Booking Calendar
- Plugin:
- Advanced Booking Calendar
- Plugin Slug:
- advanced-booking-calendar
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.12
- Severity Score:
- High
WordPress Themes — 0 Patched / 0 Unpatched
Notes
- This report comes out on Wednesdays and covers the last seven days of public disclosures in the Patchstack vulnerability database from the beginning of the previous week to the beginning of the current week — from last Monday to this Monday. This period intentionally excludes any vulnerabilities added to the database in the last 48 hours. However, that up-to-the-minute Patchstack vulnerability data powers Solid Security Pro for our customers who have purchased Solid Suite or Solid Security Pro. Using Patchstack’s virtual patches, Solid Security Pro automatically protects WordPress sites from active exploits aimed at unpatched vulnerabilities. ?
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed