Since our last report, 109 new vulnerabilities have been publicly disclosed. Security patches for 57 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there is one theme and 52 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are protected by the Solid Security firewall with virtual patches from Patchstack.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins — # Patched / # Unpatched
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47680
Popup Anything – Popup for opt-ins and Lead Generation Conversions
- Plugin Slug:
- popup-anything-on-click
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
WP Logo Showcase Responsive Slider and Carousel
- Plugin Slug:
- wp-logo-showcase-responsive-slider-slider
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
WP Maintenance
- Plugin:
- WP Maintenance
- Plugin Slug:
- wp-maintenance
- Installations:
- 40,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2023-47769
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)
- Plugin Slug:
- miniorange-login-openid
- Installations:
- 30,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47683
Pz-LinkCard
- Plugin:
- Pz-LinkCard
- Plugin Slug:
- pz-linkcard
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47790
WP Responsive Recent Post Slider/Carousel
- Plugin Slug:
- wp-responsive-recent-post-slider
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
- Plugin Slug:
- wp-event-manager
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47697
WP Slick Slider and Image Carousel
- Plugin Slug:
- wp-slick-slider-and-image-carousel
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
- Plugin Slug:
- aweber-web-form-widget
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47757
Flo Forms – Easy Drag & Drop Form Builder
- Plugin Slug:
- flo-forms
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47692
Multi Step Form
- Plugin:
- Multi Step Form
- Plugin Slug:
- multi-step-form
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47758
WP News and Scrolling Widgets
- Plugin Slug:
- sp-news-and-widget
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
Welcome Email Editor
- Plugin:
- Welcome Email Editor
- Plugin Slug:
- welcome-email-editor
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47756
WP Blog and Widgets
- Plugin:
- WP Blog and Widgets
- Plugin Slug:
- wp-blog-and-widgets
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
Footer Putter
- Plugin:
- Footer Putter
- Plugin Slug:
- footer-putter
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47768
Podlove Web Player
- Plugin:
- Podlove Web Player
- Plugin Slug:
- podlove-web-player
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47691
WP responsive FAQ with category plugin
- Plugin Slug:
- sp-faq
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
EasyAzon – Amazon Associates Affiliate Plugin
- Plugin Slug:
- easyazon
- Installations:
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47780
Animator – Scroll Triggered Animations
- Plugin Slug:
- scroll-triggered-animations
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47689
Shortcodes Finder
- Plugin:
- Shortcodes Finder
- Plugin Slug:
- shortcodes-finder
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47695
Korea SNS
- Plugin:
- Korea SNS
- Plugin Slug:
- korea-sns
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47670
Permalinks Customizer
- Plugin:
- Permalinks Customizer
- Plugin Slug:
- permalinks-customizer
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47773
Additional Order Filters for WooCommerce
- Plugin Slug:
- additional-order-filters-for-woocommerce
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47690
Featured Post Creative
- Plugin:
- Featured Post Creative
- Plugin Slug:
- featured-post-creative
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
Foyer – Digital Signage for WordPress
- Plugin Slug:
- foyer
- Installations:
- 2,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47663
Product Enquiry for WooCommerce
- Plugin Slug:
- gm-woocommerce-quote-popup
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47696
CodeBard's Patron Button and Widgets for Patreon
- Plugin Slug:
- patron-button-and-widgets-by-codebard
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47765
Plainview Protect Passwords
- Plugin:
- Plainview Protect Passwords
- Plugin Slug:
- plainview-protect-passwords
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47665
Plainview Protect Passwords
- Plugin:
- Plainview Protect Passwords
- Plugin Slug:
- plainview-protect-passwords
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47664
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
- Plugin Slug:
- cf7-constant-contact
- Installations:
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47779
Team Members Showcase
- Plugin:
- Team Members Showcase
- Plugin Slug:
- dazzlersoft-teams
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-32957
Interactive World Map
- Plugin:
- Interactive World Map
- Plugin Slug:
- interactive-world-map
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47767
Preloader Matrix
- Plugin:
- Preloader Matrix
- Plugin Slug:
- matrix-pre-loader
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47685
Post Pay Counter
- Plugin:
- Post Pay Counter
- Plugin Slug:
- post-pay-counter
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47673
Woo Custom and Sequential Order Number
- Plugin Slug:
- woo-custom-and-sequential-order-number
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47687
WooCommerce Product Enquiry
- Plugin:
- WooCommerce Product Enquiry
- Plugin Slug:
- woo-product-enquiry
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-32796
Youtube SpeedLoad
- Plugin:
- Youtube SpeedLoad
- Plugin Slug:
- youtube-speedload
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47688
Mini Cart Drawer For WooCommerce
- Plugin Slug:
- woo-mini-cart-drawer
- Installations:
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47694
Simply Excerpts
- Plugin:
- Simply Excerpts
- Plugin Slug:
- simply-excerpts
- Installations:
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5137
WP Not Login Hide
- Plugin:
- WP Not Login Hide
- Plugin Slug:
- wp-not-login-hide-wpnlh
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5940
WP Full Stripe Free
- Plugin:
- WP Full Stripe Free
- Plugin Slug:
- wp-full-stripe-free
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47667
WP Featured Content and Slider
- Plugin:
- WP Featured Content and Slider
- Plugin Slug:
- wp-featured-content-and-slide
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-40200
WP Category Post List Widget
- Plugin:
- WP Category Post List Widget
- Plugin Slug:
- wp-category-posts-list
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47672
Vertical scroll recent post
- Plugin:
- Vertical scroll recent post
- Plugin Slug:
- vertical-scroll-recent-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47671
WooCommerce Product Carousel Slider
- Plugin:
- WooCommerce Product Carousel Slider
- Plugin Slug:
- product-carousel-slider-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47755
LuckyWP Scripts Control
- Plugin:
- LuckyWP Scripts Control
- Plugin Slug:
- luckywp-scripts-contro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47778
Leadster
- Plugin:
- Leadster
- Plugin Slug:
- leadster-marketing-conversaciona
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47791
ElementsKit Pro
- Plugin:
- ElementsKit Pro
- Plugin Slug:
- elementskit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-39993
EasyRotator
- Plugin:
- EasyRotator
- Plugin Slug:
- easyrotator-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5742
BSK Contact Form 7 Blacklist
- Plugin:
- BSK Contact Form 7 Blacklist
- Plugin Slug:
- bsk-contact-form-7-blacklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5141
AMP+ Plus
- Plugin:
- AMP+ Plus
- Plugin Slug:
- amp-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5210
EWWW Image Optimizer
- Plugin:
- EWWW Image Optimizer
- Plugin Slug:
- ewww-image-optimizer
- Installations:
- 1,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- CVE:
- 2023-40600
WP Fastest Cache
- Plugin:
- WP Fastest Cache
- Plugin Slug:
- wp-fastest-cache
- Installations:
- 1,000,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.2
- Severity Score:
- Critical
- CVE:
- 2023-6063
Code Snippets
- Plugin:
- Code Snippets
- Plugin Slug:
- code-snippets
- Installations:
- 800,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2023-47666
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations:
- 400,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.28.0
- Severity Score:
- Medium
- CVE:
- 2023-6133
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
- Plugin Slug:
- chaty
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2023-47759
Simple 301 Redirects by BetterLinks
- Plugin Slug:
- simple-301-redirects
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2023-47761
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-47760
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations:
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.4
- Severity Score:
- Medium
- CVE:
- 2023-47679
Checkout Field Manager (Checkout Manager) for WooCommerce
- Plugin Slug:
- woocommerce-checkout-manager
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.3.1
- Severity Score:
- Medium
- CVE:
- 2023-47681
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.30
- Severity Score:
- High
Big File Uploads – Increase Maximum File Upload Size
- Plugin Slug:
- tuxedo-big-file-uploads
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.2
- Severity Score:
- Medium
- CVE:
- 2023-47792
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.6.12
- Severity Score:
- Medium
- CVE:
- 2023-47775
Ultimate Dashboard – Custom WordPress Dashboard
- Plugin Slug:
- ultimate-dashboard
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.8
- Severity Score:
- Medium
- CVE:
- 2023-4726
Solid Central – Site Management, Backups, Security, and Reporting
- Plugin Slug:
- ithemes-sync
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.10.4
- Severity Score:
- Medium
- CVE:
- 2023-47669
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.25
- Severity Score:
- Medium
- CVE:
- 2023-47764
BetterDocs – Best Documentation & Knowledge Base Plugin
- Plugin Slug:
- betterdocs
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2023-47762
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
- Plugin Slug:
- shareaholic
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.7.9
- Severity Score:
- Medium
- CVE:
- 2023-4889
Ultimate Addons for Contact Form 7
- Plugin Slug:
- ultimate-addons-for-contact-form-7
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.7
- Severity Score:
- High
- CVE:
- 2023-47693
WP Custom Admin Interface
- Plugin:
- WP Custom Admin Interface
- Plugin Slug:
- wp-custom-admin-interface
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.32
- Severity Score:
- Medium
- CVE:
- 2023-47763
Delete Duplicate Posts
- Plugin:
- Delete Duplicate Posts
- Plugin Slug:
- delete-duplicate-posts
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9
- Severity Score:
- Medium
- CVE:
- 2023-47754
Ecwid Ecommerce Shopping Cart
- Plugin Slug:
- ecwid-shopping-cart
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.12.4
- Severity Score:
- Medium
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
- Plugin Slug:
- mainwp
- Installations:
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.4.3.4
- Severity Score:
- High
- CVE:
- 2023-38519
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations:
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.9.5
- Severity Score:
- High
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
- Plugin Slug:
- wp-user-frontend
- Installations:
- 20,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.6.6
- Severity Score:
- High
- CVE:
- 2023-47682
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.3.26
- Severity Score:
- Medium
Membership Plugin – Restrict Content
- Plugin Slug:
- restrict-content
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.8
- Severity Score:
- Medium
- CVE:
- 2023-47668
Japanized For WooCommerce
- Plugin:
- Japanized For WooCommerce
- Plugin Slug:
- woocommerce-for-japan
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.5
- Severity Score:
- High
- CVE:
- 2023-47698
YOP Poll
Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
- Plugin Slug:
- miniorange-otp-verification
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2023-47776
Gift Up Gift Cards for WordPress and WooCommerce
- Plugin Slug:
- gift-up
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.20.2
- Severity Score:
- Medium
- CVE:
- 2023-5703
Hreflang Manager
- Plugin:
- Hreflang Manager
- Plugin Slug:
- hreflang-manager-lite
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
Job Manager & Career – Manage job board listings, and recruitments
- Plugin Slug:
- job-manager-career
- Installations:
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2023-5906
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress
- Plugin Slug:
- sprout-invoices
- Installations:
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 20.5.4
- Severity Score:
- Medium
avalex – Automatisch sichere Rechtstexte
- Plugin Slug:
- avalex
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
Arigato Autoresponder and Newsletter
- Plugin Slug:
- bft-autoresponder
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.2.3
- Severity Score:
- Medium
- CVE:
- 2023-47686
Martins Free & Easy SEO BackLink Link Building Network – Improve Rankings & Traffic
- Plugin Slug:
- martins-link-network
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.30
- Severity Score:
- High
- CVE:
- 2023-5641
Frontend File Manager Plugin
- Plugin:
- Frontend File Manager Plugin
- Plugin Slug:
- nmedia-user-file-uploader
- Installations:
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 22.6
- Severity Score:
- Critical
- CVE:
- 2023-5105
Website Optimization – Plerdy
- Plugin Slug:
- plerdy-heatmap
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2023-5715
Post Status Notifier Lite
- Plugin:
- Post Status Notifier Lite
- Plugin Slug:
- post-status-notifier-lite
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.1
- Severity Score:
- High
- CVE:
- 2023-47766
Product Catalog Simple
- Plugin:
- Product Catalog Simple
- Plugin Slug:
- post-type-x
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.6
- Severity Score:
- Medium
Bus Ticket Booking with Seat Reservation
- Plugin Slug:
- bus-ticket-booking-with-seat-reservation
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.6
- Severity Score:
- High
- CVE:
- 2023-30496
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- High
Namaste! LMS
- Plugin:
- Namaste! LMS
- Plugin Slug:
- namaste-lms
- Installations:
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.1.2
- Severity Score:
- High
- CVE:
- 2023-4602
Image Compressor & Optimizer – iLoveIMG
- Plugin Slug:
- iloveimg
- Installations:
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
WooCommerce Canada Post Shipping
- Plugin:
- WooCommerce Canada Post Shipping
- Plugin Slug:
- woocommerce-shipping-canada-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
- 2023-47789
WooCommerce Bookings
- Plugin:
- WooCommerce Bookings
- Plugin Slug:
- woocommerce-bookings
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2023-47787
Star CloudPRNT for WooCommerce
- Plugin:
- Star CloudPRNT for WooCommerce
- Plugin Slug:
- star-cloudprnt-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.4
- Severity Score:
- High
- CVE:
- 2023-4603
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.15
- Severity Score:
- Medium
- CVE:
- 2023-47772
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 6.6.16
- Severity Score:
- High
- CVE:
- 2023-47784
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.7.10
- Severity Score:
- High
- CVE:
- 2023-47785
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.7.10
- Severity Score:
- Medium
- CVE:
- 2023-47786
Essential Grid
- Plugin:
- Essential Grid
- Plugin Slug:
- essential-grid
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- High
- CVE:
- 2023-47684
Essential Grid
- Plugin:
- Essential Grid
- Plugin Slug:
- essential-grid
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.19
- Severity Score:
- High
- CVE:
- 2023-47771
WordPress Themes — # Patched / # Unpatched
Themify Ultra
- Theme:
- Themify Ultra
- Theme Slug:
- themify-ultra
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46146
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed