Since our last report, 138 new vulnerabilities have been publicly disclosed. Security patches for 49 plugins and one theme are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 89 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins — 49 Patched / # Unpatched
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations:
- 200,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-5360
Theme Editor
- Plugin:
- Theme Editor
- Plugin Slug:
- theme-editor
- Installations:
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6091
Captcha Code
- Plugin:
- Captcha Code
- Plugin Slug:
- captcha-code-authentication
- Installations:
- 30,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48745
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
- Plugin:
- Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
- Plugin Slug:
- happyforms
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48752
Mail Bank – #1 Mail SMTP Plugin for WordPress
- Plugin Slug:
- wp-mail-bank
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48332
Maspik – Spam Blacklist
- Plugin:
- Maspik – Spam Blacklist
- Plugin Slug:
- contact-forms-anti-spam
- Installations:
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48271
Restricted Site Access
- Plugin:
- Restricted Site Access
- Plugin Slug:
- restricted-site-access
- Installations:
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48753
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47870
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47869
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
- Plugin Slug:
- mycred
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47853
WP Child Theme Generator
- Plugin:
- WP Child Theme Generator
- Plugin Slug:
- wp-child-theme-generator
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47873
SoundCloud Shortcode
- Plugin:
- SoundCloud Shortcode
- Plugin Slug:
- soundcloud-shortcode
- Installations:
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-34018
Simply Exclude
- Plugin:
- Simply Exclude
- Plugin Slug:
- simply-exclude
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48743
WP Forms Puzzle Captcha
- Plugin:
- WP Forms Puzzle Captcha
- Plugin Slug:
- wp-forms-puzzle-captcha
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48278
WP Forms Puzzle Captcha
- Plugin:
- WP Forms Puzzle Captcha
- Plugin Slug:
- wp-forms-puzzle-captcha
- Installations:
- 7,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48276
Campaign Monitor for WordPress
- Plugin Slug:
- forms-for-campaign-monitor
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-38474
Parallax Image
- Plugin:
- Parallax Image
- Plugin Slug:
- parallax-image
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47854
SpiderVPlayer
- Plugin:
- SpiderVPlayer
- Plugin Slug:
- player
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48320
Bulk Comment Remove
- Plugin:
- Bulk Comment Remove
- Plugin Slug:
- bulk-comment-remove
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48330
Contact Form to Any API
- Plugin:
- Contact Form to Any API
- Plugin Slug:
- contact-form-to-any-api
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47871
League Table
- Plugin:
- League Table
- Plugin Slug:
- league-table-lite
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48334
MyBookTable Bookstore by Stormhill Media
- Plugin Slug:
- mybooktable
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48331
Availability Calendar
- Plugin:
- Availability Calendar
- Plugin Slug:
- availability-calendar
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48744
Broken Link Checker for YouTube
- Plugin Slug:
- broken-link-checker-for-youtube
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48281
Bootstrap Shortcodes Ultimate
- Plugin Slug:
- bs-shortcode-ultimate
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47851
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations:
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6136
Delete Post Revisions In WordPress
- Plugin Slug:
- delete-post-revisions-on-single-click
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48754
Frontier Post
- Plugin:
- Frontier Post
- Plugin Slug:
- frontier-post
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6137
Seraphinite Post .DOCX Source
- Plugin Slug:
- seraphinite-post-docx-source
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48279
Simple Testimonials Showcase
- Plugin:
- Simple Testimonials Showcase
- Plugin Slug:
- simple-testimonials-showcase
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48283
Taxonomy filter
- Plugin:
- Taxonomy filter
- Plugin Slug:
- taxonomy-filter
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48282
TriPay Payment Gateway
- Plugin:
- TriPay Payment Gateway
- Plugin Slug:
- tripay-payment-gateway
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48737
Display Custom Post
- Plugin:
- Display Custom Post
- Plugin Slug:
- display-custom-post
- Installations:
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48317
TextMe SMS
- Plugin:
- TextMe SMS
- Plugin Slug:
- textme-sms-integration
- Installations:
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48287
eDoc Employee Job Application – Best WordPress Job Manager for Employees
- Plugin Slug:
- edoc-employee-application
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48322
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
- Plugin Slug:
- evergreen-content-poster
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-41127
Simple Long Form
- Plugin:
- Simple Long Form
- Plugin Slug:
- simple-long-form
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-41136
Fast Custom Social Share by CodeBard
- Plugin Slug:
- fast-custom-social-share-by-codebard
- Installations:
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-48329
WP Githuber MD
- Plugin:
- WP Githuber MD
- Plugin Slug:
- wp-githuber-md
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47846
Video PopUp
- Plugin:
- Video PopUp
- Plugin Slug:
- video-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4962
Grab & Save
- Plugin:
- Grab & Save
- Plugin Slug:
- save-grab
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47844
Grab & Save
- Plugin:
- Grab & Save
- Plugin Slug:
- save-grab
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47845
PayTR Taksit Tablosu
- Plugin:
- PayTR Taksit Tablosu
- Plugin Slug:
- paytr-taksit-tablosu-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47847
Hide login page
- Plugin:
- Hide login page
- Plugin Slug:
- hide-login-page
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2023-48335
Consensu.io
- Plugin:
- Consensu.io
- Plugin Slug:
- consensu-io
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-48280
CataBlog
- Plugin:
- CataBlog
- Plugin Slug:
- catablog
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-47842
CataBlog
- Plugin:
- CataBlog
- Plugin Slug:
- catablog
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47843
Audio Merchant
- Plugin:
- Audio Merchant
- Plugin Slug:
- audio-merchant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-6196
Audio Merchant
- Plugin:
- Audio Merchant
- Plugin Slug:
- audio-merchant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6197
Yoast SEO
- Plugin:
- Yoast SEO
- Plugin Slug:
- wordpress-seo
- Installations:
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.1
- Severity Score:
- Medium
- CVE:
- 2023-40680
Antispam Bee
- Plugin:
- Antispam Bee
- Plugin Slug:
- antispam-bee
- Installations:
- 700,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.11.4
- Severity Score:
- Medium
- CVE:
- 2023-41134
BackWPup – WordPress Backup Plugin
- Plugin Slug:
- backwpup
- Installations:
- 600,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 4.0.2
- Severity Score:
- High
- CVE:
- 2023-5504
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations:
- 600,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2023-6226
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations:
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2023-6225
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations:
- 500,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.39
- Severity Score:
- Medium
- CVE:
- 2023-48328
Widgets for Google Reviews
- Plugin:
- Widgets for Google Reviews
- Plugin Slug:
- wp-reviews-plugin-for-google
- Installations:
- 300,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.1
- Severity Score:
- High
- CVE:
- 2023-48275
AMP for WP – Accelerated Mobile Pages
- Plugin Slug:
- accelerated-mobile-pages
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.89
- Severity Score:
- Medium
- CVE:
- 2023-48321
Mollie Payments for WooCommerce
- Plugin Slug:
- mollie-payments-for-woocommerce
- Installations:
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.3.12
- Severity Score:
- Critical
- CVE:
- 2023-6090
HUSKY – Products Filter for WooCommerce Professional
- Plugin Slug:
- woocommerce-products-filter
- Installations:
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.4.3
- Severity Score:
- Critical
- CVE:
- 2023-40010
HUSKY – Products Filter for WooCommerce Professional
- Plugin Slug:
- woocommerce-products-filter
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.4.3
- Severity Score:
- Medium
- CVE:
- 2023-40334
Events Manager
- Plugin:
- Events Manager
- Plugin Slug:
- events-manager
- Installations:
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.6
- Severity Score:
- High
- CVE:
- 2023-48326
Export any WordPress data to XML/CSV
- Plugin Slug:
- wp-all-export
- Installations:
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.1
- Severity Score:
- Critical
- CVE:
- 2023-5882
Export any WordPress data to XML/CSV
- Plugin Slug:
- wp-all-export
- Installations:
- 90,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.4.0
- Severity Score:
- Critical
- CVE:
- 2023-4724
Export any WordPress data to XML/CSV
- Plugin Slug:
- wp-all-export
- Installations:
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.1
- Severity Score:
- Critical
- CVE:
- 2023-5886
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations:
- 60,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.15.21
- Severity Score:
- Medium
- CVE:
- 2023-48290
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations:
- 60,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 7.1.3
- Severity Score:
- Medium
- CVE:
- 2023-48747
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations:
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2023-48333
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.2
- Severity Score:
- Medium
- CVE:
- 2023-48740
Super Progressive Web Apps
- Plugin:
- Super Progressive Web Apps
- Plugin Slug:
- super-progressive-web-apps
- Installations:
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.22
- Severity Score:
- Medium
- CVE:
- 2023-48277
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- Plugin Slug:
- wp-analytify
- Installations:
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2023-47841
BlossomThemes Email Newsletter
- Plugin Slug:
- blossomthemes-email-newsletter
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2023-47849
Easy Social Icons
- Plugin:
- Easy Social Icons
- Plugin Slug:
- easy-social-icons
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.5
- Severity Score:
- Medium
- CVE:
- 2023-48336
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations:
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.6.6
- Severity Score:
- High
- CVE:
- 2023-47852
Accept Stripe Payments
- Plugin:
- Accept Stripe Payments
- Plugin Slug:
- stripe-payments
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.80
- Severity Score:
- High
- CVE:
- 2023-48286
Accept Stripe Payments
- Plugin:
- Accept Stripe Payments
- Plugin Slug:
- stripe-payments
- Installations:
- 30,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.0.80
- Severity Score:
- Medium
- CVE:
- 2023-48285
Maspik – Spam Blacklist
- Plugin:
- Maspik – Spam Blacklist
- Plugin Slug:
- contact-forms-anti-spam
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.3
- Severity Score:
- High
- CVE:
- 2023-48272
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2023-47872
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations:
- 20,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.2.4
- Severity Score:
- High
- CVE:
- 2023-47868
YASR – Yet Another Star Rating Plugin for WordPress
- Plugin Slug:
- yet-another-stars-rating
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.4
- Severity Score:
- Medium
- CVE:
- 2023-39305
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.5
- Severity Score:
- Medium
- CVE:
- 2023-48324
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.1.5
- Severity Score:
- Medium
- CVE:
- 2023-48323
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
- Plugin Slug:
- bookingpress-appointment-booking
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.77
- Severity Score:
- Medium
- CVE:
- 2023-6219
Contact Form Email
- Plugin:
- Contact Form Email
- Plugin Slug:
- contact-form-to-email
- Installations:
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.3.42
- Severity Score:
- Medium
- CVE:
- 2023-48318
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-47645
Decorator – WooCommerce Email Customizer
- Plugin Slug:
- decorator-woocommerce-email-customizer
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2023-48284
Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages
- Plugin Slug:
- page-builder-add
- Installations:
- 10,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 1.5.1.6
- Severity Score:
- Medium
- CVE:
- 2023-48325
Participants Database
- Plugin:
- Participants Database
- Plugin Slug:
- participants-database
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- CVE:
- 2023-48751
Qode Essential Addons
- Plugin:
- Qode Essential Addons
- Plugin Slug:
- qode-essential-addons
- Installations:
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.5.3
- Severity Score:
- Critical
- CVE:
- 2023-47840
Quttera Web Malware Scanner
- Plugin:
- Quttera Web Malware Scanner
- Plugin Slug:
- quttera-web-malware-scanner
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-6222
Quttera Web Malware Scanner
- Plugin:
- Quttera Web Malware Scanner
- Plugin Slug:
- quttera-web-malware-scanner
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-6065
WP Mail Log
- Plugin:
- WP Mail Log
- Plugin Slug:
- wp-mail-log
- Installations:
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.3
- Severity Score:
- High
WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors
- Plugin Slug:
- wc-vendors
- Installations:
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.7.1
- Severity Score:
- High
- CVE:
- 2023-48327
Drop Shadow Boxes
- Plugin:
- Drop Shadow Boxes
- Plugin Slug:
- drop-shadow-boxes
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.14
- Severity Score:
- Medium
- CVE:
- 2023-5469
Event Single Page Builder For The Event Calendar
- Plugin Slug:
- event-page-templates-addon-for-the-events-calendar
- Installations:
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.2.8.1
- Severity Score:
- Medium
License Manager for WooCommerce
- Plugin Slug:
- license-manager-for-woocommerce
- Installations:
- 6,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.2.11
- Severity Score:
- High
- CVE:
- 2023-48742
Salon booking system
- Plugin:
- Salon booking system
- Plugin Slug:
- salon-booking-system
- Installations:
- 6,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 8.7
- Severity Score:
- Medium
- CVE:
- 2023-48319
Void Elementor Post Grid Addon for Elementor Page builder
- Plugin Slug:
- void-elementor-post-grid-addon-for-elementor-page-builder
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2023-48750
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.7.9
- Severity Score:
- High
- CVE:
- 2023-48741
Auto Affiliate Links
- Plugin:
- Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.4.2.6
- Severity Score:
- Medium
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.7.0
- Severity Score:
- High
- CVE:
- 2023-48746
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-47850
UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping
- Plugin Slug:
- wc-multishipping
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.6
- Severity Score:
- Medium
- CVE:
- 2023-48274
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.3
- Severity Score:
- Medium
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout
- Plugin Slug:
- gs-pinterest-portfolio
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
Autocomplete Location field Contact Form 7
- Plugin Slug:
- autocomplete-location-field-contact-form-7
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2023-5005
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
- Plugin:
- Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
- Plugin Slug:
- gs-team-members
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
Import Spreadsheets from Microsoft Excel
- Plugin Slug:
- import-spreadsheets-from-microsoft-excel
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.1.4
- Severity Score:
- Medium
- CVE:
- 2023-48289
Preloader for Website
- Plugin:
- Preloader for Website
- Plugin Slug:
- preloader-for-website
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3
- Severity Score:
- Medium
- CVE:
- 2023-48273
Tainacan
- Plugin:
- Tainacan
- Plugin Slug:
- tainacan
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.20.5
- Severity Score:
- High
- CVE:
- 2023-47848
12 Step Meeting List
- Plugin:
- 12 Step Meeting List
- Plugin Slug:
- 12-step-meeting-list
- Installations:
- 900+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.14.25
- Severity Score:
- Medium
- CVE:
- 2023-46641
Post Meta Data Manager
- Plugin:
- Post Meta Data Manager
- Plugin Slug:
- post-meta-data-manager
- Installations:
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2023-5776
WordPress Job Board and Recruitment Plugin – JobWP
- Plugin Slug:
- jobwp
- Installations:
- 400+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2
- Severity Score:
- High
- CVE:
- 2023-48288
WP Roadmap – Product Feedback Board
- Plugin Slug:
- wp-roadmap
- Installations:
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
- 2023-41128
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.6
- Severity Score:
- Critical
- CVE:
- 2023-5886
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.8.6
- Severity Score:
- Critical
- CVE:
- 2023-4724
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.6
- Severity Score:
- Critical
- CVE:
- 2023-5882
WCFM Marketplace
- Plugin:
- WCFM Marketplace
- Plugin Slug:
- wc-multivendor-marketplace
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2023-4960
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.1.2
- Severity Score:
- Critical
- CVE:
- 2023-2449
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.1.2
- Severity Score:
- Medium
- CVE:
- 2023-2446
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.5
- Severity Score:
- Medium
- CVE:
- 2023-2448
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.1.2
- Severity Score:
- Critical
- CVE:
- 2023-2437
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.1.5
- Severity Score:
- High
- CVE:
- 2023-6009
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.1
- Severity Score:
- Medium
- CVE:
- 2023-2438
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.2
- Severity Score:
- Medium
- CVE:
- 2023-2447
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.2
- Severity Score:
- High
- CVE:
- 2023-2440
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.2
- Severity Score:
- High
- CVE:
- 2023-6007
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.1
- Severity Score:
- High
- CVE:
- 2023-2497
Userpro
- Plugin:
- Userpro
- Plugin Slug:
- userpro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.2
- Severity Score:
- Medium
- CVE:
- 2023-6008
Theme My Login 2FA
- Plugin:
- Theme My Login 2FA
- Plugin Slug:
- tml-2fa
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2023-6272
Salient Core
- Plugin:
- Salient Core
- Plugin Slug:
- salient-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- High
- CVE:
- 2023-48748
Salient Core
- Plugin:
- Salient Core
- Plugin Slug:
- salient-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2023-48749
Porto Theme – Functionality
- Plugin:
- Porto Theme – Functionality
- Plugin Slug:
- porto-functionality
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.12.1
- Severity Score:
- Critical
- CVE:
- 2023-48738
Porto Theme – Functionality
- Plugin:
- Porto Theme – Functionality
- Plugin Slug:
- porto-functionality
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.12.1
- Severity Score:
- Medium
- CVE:
- 2023-48739
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2023-47874
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2023-47875
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- High
- CVE:
- 2023-47876
Perfmatters
- Plugin:
- Perfmatters
- Plugin Slug:
- perfmatters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2023-47877
collectchat
- Plugin:
- collectchat
- Plugin Slug:
- collectchat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2023-5691
WordPress Themes — 1 Patched / 0 Unpatched
Enfold
- Theme:
- Enfold
- Theme Slug:
- enfold
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.5
- Severity Score:
- High
- CVE:
- 2023-38400
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed