WordPress Vulnerability Report — November 22, 2023
Since our last report, 141 new vulnerabilities have been publicly disclosed, including three in Jetpack and others in WooCommerce, EWW Image Optimizer, WP Fastest Cache, and Forminator. Security patches are available for them now, along with 77 other plugins, so run those updates as soon as possible!
Since our last report, 141 new vulnerabilities have been publicly disclosed, including three in Jetpack and others in WooCommerce, EWW Image Optimizer, WP Fastest Cache, and Forminator. Security patches are available for them now, along with 77 other plugins, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 57 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins — 84 Patched / 57 Unpatched
Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Installations:
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-37888
Conditional Fields for Contact Form 7
- Plugin Slug:
- cf7-conditional-fields
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47838
Premium Portfolio Features for Phlox theme
- Plugin Slug:
- auxin-portfolio
- Installations:
- 50,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-38399
Theme Editor
- Plugin:
- Theme Editor
- Plugin Slug:
- theme-editor
- Installations:
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6091
Pz-LinkCard
- Plugin:
- Pz-LinkCard
- Plugin Slug:
- pz-linkcard
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47790
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47870
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47869
Multi Step Form
- Plugin:
- Multi Step Form
- Plugin Slug:
- multi-step-form
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47758
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
- Plugin Slug:
- mycred
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47853
Welcome Email Editor
- Plugin:
- Welcome Email Editor
- Plugin Slug:
- welcome-email-editor
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47756
WP Child Theme Generator
- Plugin:
- WP Child Theme Generator
- Plugin Slug:
- wp-child-theme-generator
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47873
Footer Putter
- Plugin:
- Footer Putter
- Plugin Slug:
- footer-putter
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47768
WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
- Plugin:
- WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation
- Plugin Slug:
- wp-cafe
- Installations:
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47805
Acme Fix Images
- Plugin:
- Acme Fix Images
- Plugin Slug:
- acme-fix-images
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47793
EasyAzon – Amazon Associates Affiliate Plugin
- Plugin Slug:
- easyazon
- Installations:
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47780
Disable User Login
- Plugin:
- Disable User Login
- Plugin Slug:
- disable-user-login
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47806
Parallax Image
- Plugin:
- Parallax Image
- Plugin Slug:
- parallax-image
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47854
Permalinks Customizer
- Plugin:
- Permalinks Customizer
- Plugin Slug:
- permalinks-customizer
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47773
Contact Form to Any API
- Plugin:
- Contact Form to Any API
- Plugin Slug:
- contact-form-to-any-api
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47871
CodeBard's Patron Button and Widgets for Patreon
- Plugin Slug:
- patron-button-and-widgets-by-codebard
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47765
SearchIQ – The Search Solution
- Plugin Slug:
- searchiq
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47832
Bootstrap Shortcodes Ultimate
- Plugin Slug:
- bs-shortcode-ultimate
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47851
Interactive World Map
- Plugin:
- Interactive World Map
- Plugin Slug:
- interactive-world-map
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47767
Theater for WordPress
- Plugin:
- Theater for WordPress
- Plugin Slug:
- theatre
- Installations:
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47833
Simply Excerpts
- Plugin:
- Simply Excerpts
- Plugin Slug:
- simply-excerpts
- Installations:
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5137
wpMandrill
- Plugin:
- wpMandrill
- Plugin Slug:
- wpmandrill
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47828
WP Not Login Hide
- Plugin:
- WP Not Login Hide
- Plugin Slug:
- wp-not-login-hide-wpnlh
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5940
WP Like Button
- Plugin:
- WP Like Button
- Plugin Slug:
- wp-like-button
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47820
WP Githuber MD
- Plugin:
- WP Githuber MD
- Plugin Slug:
- wp-githuber-md
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47846
10WebAnalytics
- Plugin:
- 10WebAnalytics
- Plugin Slug:
- wd-google-analytics
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47807
Tainacan
- Plugin:
- Tainacan
- Plugin Slug:
- tainacan
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47848
Grab & Save
- Plugin:
- Grab & Save
- Plugin Slug:
- save-grab
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47844
Grab & Save
- Plugin:
- Grab & Save
- Plugin Slug:
- save-grab
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47845
Quick Call Button
- Plugin:
- Quick Call Button
- Plugin Slug:
- quick-call-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47829
WooCommerce Product Carousel Slider
- Plugin:
- WooCommerce Product Carousel Slider
- Plugin Slug:
- product-carousel-slider-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47755
PayTR Taksit Tablosu
- Plugin:
- PayTR Taksit Tablosu
- Plugin Slug:
- paytr-taksit-tablosu-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47847
LuckyWP Scripts Control
- Plugin:
- LuckyWP Scripts Control
- Plugin Slug:
- luckywp-scripts-contro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47778
Leadster
- Plugin:
- Leadster
- Plugin Slug:
- leadster-marketing-conversaciona
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47791
ElementsKit Pro
- Plugin:
- ElementsKit Pro
- Plugin Slug:
- elementskit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-39993
Easy Call Now by ThikShare
- Plugin:
- Easy Call Now by ThikShare
- Plugin Slug:
- easy-call-now
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47819
DrawIt (draw.io)
- Plugin:
- DrawIt (draw.io)
- Plugin Slug:
- drawit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47831
Live Preview for Contact Form 7
- Plugin:
- Live Preview for Contact Form 7
- Plugin Slug:
- cf7-live-preview
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47830
Integration for Contact Form 7 and Constant Contact
- Plugin:
- Integration for Contact Form 7 and Constant Contact
- Plugin Slug:
- cf7-constant-contact
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47779
CataBlog
- Plugin:
- CataBlog
- Plugin Slug:
- catablog
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47842
CataBlog
- Plugin:
- CataBlog
- Plugin Slug:
- catablog
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47843
BSK Contact Form 7 Blacklist
- Plugin:
- BSK Contact Form 7 Blacklist
- Plugin Slug:
- bsk-contact-form-7-blacklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5141
BP Profile Shortcodes Extra
- Plugin:
- BP Profile Shortcodes Extra
- Plugin Slug:
- bp-profile-shortcodes-extra
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47815
BMI Calculator Plugin
- Plugin:
- BMI Calculator Plugin
- Plugin Slug:
- bmi-calculator-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47814
Better RSS Widget
- Plugin:
- Better RSS Widget
- Plugin Slug:
- better-rss-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47813
Bamboo Columns
- Plugin:
- Bamboo Columns
- Plugin Slug:
- bamboo-columns
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47812
Phlox Shop
- Plugin:
- Phlox Shop
- Plugin Slug:
- auxin-shop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-39163
Audio Merchant
- Plugin:
- Audio Merchant
- Plugin Slug:
- audio-merchant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6196
Audio Merchant
- Plugin:
- Audio Merchant
- Plugin Slug:
- audio-merchant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6197
Anywhere Flash Embed
- Plugin:
- Anywhere Flash Embed
- Plugin Slug:
- anywhere-flash-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47811
AMP+ Plus
- Plugin:
- AMP+ Plus
- Plugin Slug:
- amp-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5210
Ajax Domain Checker
- Plugin:
- Ajax Domain Checker
- Plugin Slug:
- ajax-domain-checker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47810
Add Widgets to Page
- Plugin:
- Add Widgets to Page
- Plugin Slug:
- add-widgets-to-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47808
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations:
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 12.7
- Severity Score:
- Medium
- CVE:
- 2023-47788
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations:
- 5,000,000+
- Vulnerability:
- Clickjacking
- Patched in Version:
- 12.7
- Severity Score:
- Medium
- CVE:
- 2023-47774
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations:
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.8-a.3
- Severity Score:
- Medium
- CVE:
- 2023-45050
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations:
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.2.0
- Severity Score:
- Medium
- CVE:
- 2023-47777
EWWW Image Optimizer
- Plugin:
- EWWW Image Optimizer
- Plugin Slug:
- ewww-image-optimizer
- Installations:
- 1,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- CVE:
- 2023-40600
WP Fastest Cache
- Plugin:
- WP Fastest Cache
- Plugin Slug:
- wp-fastest-cache
- Installations:
- 1,000,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.2
- Severity Score:
- Critical
- CVE:
- 2023-6063
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations:
- 400,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.28.0
- Severity Score:
- Medium
- CVE:
- 2023-6133
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
- Plugin Slug:
- chaty
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2023-47759
Simple 301 Redirects by BetterLinks
- Plugin Slug:
- simple-301-redirects
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2023-47761
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.12.8
- Severity Score:
- Medium
- CVE:
- 2023-4689
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.8
- Severity Score:
- Medium
- CVE:
- 2023-5381
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.12.8
- Severity Score:
- Medium
- CVE:
- 2023-4723
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.12.8
- Severity Score:
- Medium
- CVE:
- 2023-4690
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-47760
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
- Plugin Slug:
- mailin
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.61
- Severity Score:
- High
- CVE:
- 2023-2472
WooCommerce Blocks
- Plugin:
- WooCommerce Blocks
- Plugin Slug:
- woo-gutenberg-products-block
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.1.2
- Severity Score:
- Medium
- CVE:
- 2023-47777
WP Meta and Date Remover
- Plugin:
- WP Meta and Date Remover
- Plugin Slug:
- wp-meta-and-date-remover
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2023-47836
Email Encoder – Protect Email Addresses and Phone Numbers
- Plugin Slug:
- email-encoder-bundle
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.9
- Severity Score:
- Medium
- CVE:
- 2023-47821
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.2
- Severity Score:
- High
Big File Uploads – Increase Maximum File Upload Size
- Plugin Slug:
- tuxedo-big-file-uploads
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.2
- Severity Score:
- Medium
- CVE:
- 2023-47792
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.6.12
- Severity Score:
- Medium
- CVE:
- 2023-47775
Ultimate Dashboard – Custom WordPress Dashboard
- Plugin Slug:
- ultimate-dashboard
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.8
- Severity Score:
- Medium
- CVE:
- 2023-4726
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.25
- Severity Score:
- Medium
- CVE:
- 2023-47764
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
- Plugin Slug:
- quiz-master-next
- Installations:
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.1.14
- Severity Score:
- Medium
- CVE:
- 2023-47834
Slider – Ultimate Responsive Image Slider
- Plugin Slug:
- ultimate-responsive-image-slider
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.12
- Severity Score:
- Medium
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- Plugin Slug:
- wp-analytify
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2023-47841
WP Maintenance
- Plugin:
- WP Maintenance
- Plugin Slug:
- wp-maintenance
- Installations:
- 40,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 6.1.4
- Severity Score:
- Low
- CVE:
- 2023-47769
BetterDocs – Best Documentation & Knowledge Base Plugin
- Plugin Slug:
- betterdocs
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2023-47762
BlossomThemes Email Newsletter
- Plugin Slug:
- blossomthemes-email-newsletter
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2023-47849
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations:
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.6.6
- Severity Score:
- High
- CVE:
- 2023-47852
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
- Plugin Slug:
- shareaholic
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.7.9
- Severity Score:
- Medium
- CVE:
- 2023-4889
WP Custom Admin Interface
- Plugin:
- WP Custom Admin Interface
- Plugin Slug:
- wp-custom-admin-interface
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.32
- Severity Score:
- Medium
- CVE:
- 2023-47763
Delete Duplicate Posts
- Plugin:
- Delete Duplicate Posts
- Plugin Slug:
- delete-duplicate-posts
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9
- Severity Score:
- Medium
- CVE:
- 2023-47754
MP3 Audio Player for Music, Radio & Podcast by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.10.1
- Severity Score:
- Medium
- CVE:
- 2023-47822
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations:
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.9.6
- Severity Score:
- Medium
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations:
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.9.5
- Severity Score:
- High
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2023-47872
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.2.4
- Severity Score:
- High
- CVE:
- 2023-47868
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
- Plugin Slug:
- aweber-web-form-widget
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.3.10
- Severity Score:
- Medium
- CVE:
- 2023-47757
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Plugin Slug:
- charitable
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.0.14
- Severity Score:
- Medium
- CVE:
- 2023-47816
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.27
- Severity Score:
- Medium
- CVE:
- 2023-47839
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.3.26
- Severity Score:
- Medium
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
- Plugin Slug:
- legal-pages
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.9
- Severity Score:
- Medium
- CVE:
- 2023-47824
LWS Hide Login
- Plugin:
- LWS Hide Login
- Plugin Slug:
- lws-hide-login
- Installations:
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.1.9
- Severity Score:
- Low
- CVE:
- 2023-47818
WP EXtra
- Plugin:
- WP EXtra
- Plugin Slug:
- wp-extra
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.5
- Severity Score:
- Medium
- CVE:
- 2023-47825
WP Mail Log
- Plugin:
- WP Mail Log
- Plugin Slug:
- wp-mail-log
- Installations:
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.3
- Severity Score:
- High
YOP Poll
Events Addon for Elementor
- Plugin:
- Events Addon for Elementor
- Plugin Slug:
- events-addon-for-elementor
- Installations:
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2023-47827
Drop Shadow Boxes
- Plugin:
- Drop Shadow Boxes
- Plugin Slug:
- drop-shadow-boxes
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.14
- Severity Score:
- Medium
- CVE:
- 2023-5469
Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
- Plugin Slug:
- miniorange-otp-verification
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2023-47776
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations:
- 5,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 4.0.11
- Severity Score:
- High
- CVE:
- 2023-47837
Auto Affiliate Links
- Plugin:
- Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.4.2.6
- Severity Score:
- Medium
FormCraft – Contact Form Builder for WordPress
- Plugin Slug:
- formcraft-form-builder
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2023-47823
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-47850
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.2.0.0
- Severity Score:
- Medium
- CVE:
- 2023-39925
ARI Stream Quiz – WordPress Quizzes Builder
- Plugin Slug:
- ari-stream-quiz
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2023-47835
Hreflang Manager
- Plugin:
- Hreflang Manager
- Plugin Slug:
- hreflang-manager-lite
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
Accordion
- Plugin:
- Accordion
- Plugin Slug:
- accordions-wp
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7
- Severity Score:
- Medium
- CVE:
- 2023-47809
Restaurant & Cafe Addon for Elementor
- Plugin Slug:
- restaurant-cafe-addon-for-elementor
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
- 2023-47826
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress
- Plugin Slug:
- sprout-invoices
- Installations:
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 20.5.4
- Severity Score:
- Medium
avalex – Automatisch sichere Rechtstexte
- Plugin Slug:
- avalex
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
Daily Prayer Time
- Plugin:
- Daily Prayer Time
- Plugin Slug:
- daily-prayer-time-for-mosques
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2023.10.21
- Severity Score:
- Medium
- CVE:
- 2023-47817
Frontend File Manager Plugin
- Plugin:
- Frontend File Manager Plugin
- Plugin Slug:
- nmedia-user-file-uploader
- Installations:
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 22.6
- Severity Score:
- Critical
- CVE:
- 2023-5105
Website Optimization – Plerdy
- Plugin Slug:
- plerdy-heatmap
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2023-5715
Post Status Notifier Lite
- Plugin:
- Post Status Notifier Lite
- Plugin Slug:
- post-status-notifier-lite
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.1
- Severity Score:
- High
- CVE:
- 2023-47766
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin
- Plugin Slug:
- bus-ticket-booking-with-seat-reservation
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.6
- Severity Score:
- High
- CVE:
- 2023-30496
Post Meta Data Manager
- Plugin:
- Post Meta Data Manager
- Plugin Slug:
- post-meta-data-manager
- Installations:
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2023-5776
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin:
- WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
- Plugin Slug:
- wp-courses
- Installations:
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- High
Namaste! LMS
- Plugin:
- Namaste! LMS
- Plugin Slug:
- namaste-lms
- Installations:
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.1.2
- Severity Score:
- High
- CVE:
- 2023-4602
Image Compressor & Optimizer – iLoveIMG
- Plugin Slug:
- iloveimg
- Installations:
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
WooCommerce Canada Post Shipping
- Plugin:
- WooCommerce Canada Post Shipping
- Plugin Slug:
- woocommerce-shipping-canada-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
- 2023-47789
WooCommerce Bookings
- Plugin:
- WooCommerce Bookings
- Plugin Slug:
- woocommerce-bookings
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2023-47787
Star CloudPRNT for WooCommerce
- Plugin:
- Star CloudPRNT for WooCommerce
- Plugin Slug:
- star-cloudprnt-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.4
- Severity Score:
- High
- CVE:
- 2023-4603
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.15
- Severity Score:
- Medium
- CVE:
- 2023-47772
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 6.6.16
- Severity Score:
- High
- CVE:
- 2023-47784
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2023-47874
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2023-47875
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- High
- CVE:
- 2023-47876
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2023-47877
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.7.10
- Severity Score:
- High
- CVE:
- 2023-47785
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.7.10
- Severity Score:
- Medium
- CVE:
- 2023-47786
Essential Grid
- Plugin:
- Essential Grid
- Plugin Slug:
- essential-grid
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.19
- Severity Score:
- High
- CVE:
- 2023-47771
WordPress Themes — 0 Patched / 0 Unpatched
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed