Since our last report, 109 new vulnerabilities have been publicly disclosed in WordPress plugins.1 Security patches for 79 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, version management has already warned you and updated these plugins if you’ve activated this feature in your settings.
Additionally, there are 30 vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.
WordPress Plugins — 79 Patched / 30 Unpatched
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress
- Plugin Slug:
- url-shortify
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5605
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
- Plugin Slug:
- finale-woocommerce-sales-countdown-timer-discount
- Installations:
- 7,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47180
Comments Ratings
- Plugin:
- Comments Ratings
- Plugin Slug:
- comments-ratings
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-23702
WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
- Plugin Slug:
- wp-travel
- Installations:
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47224
Linker
- Plugin:
- Linker
- Plugin Slug:
- linker
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47177
Short URL
- Plugin:
- Short URL
- Plugin Slug:
- shorten-url
- Installations:
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47225
Login Screen Manager
- Plugin:
- Login Screen Manager
- Plugin Slug:
- login-screen-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5243
Login Screen Manager
- Plugin:
- Login Screen Manager
- Plugin Slug:
- login-screen-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47182
Post Sliders & Post Grids
- Plugin:
- Post Sliders & Post Grids
- Plugin Slug:
- post-slider-carousel
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47226
Top 25 Social Icons
- Plugin:
- Top 25 Social Icons
- Plugin Slug:
- top-25-social-icons
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47229
WP MapIt
- Plugin:
- WP MapIt
- Plugin Slug:
- wp-mapit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5658
wp-bitly
- Plugin:
- wp-bitly
- Plugin Slug:
- wp-bitly
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5577
WD WidgetTwitter
- Plugin:
- WD WidgetTwitter
- Plugin Slug:
- widget-twitter
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5709
Telephone Number Linker
- Plugin:
- Telephone Number Linker
- Plugin Slug:
- telephone-number-linker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5743
Layer Slider
- Plugin:
- Layer Slider
- Plugin Slug:
- slider-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47228
ShortCodes UI
- Plugin:
- ShortCodes UI
- Plugin Slug:
- shortcodes-ui
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47231
Shortcode Menu
- Plugin:
- Shortcode Menu
- Plugin Slug:
- shortcode-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5565
QR Code Tag
- Plugin:
- QR Code Tag
- Plugin Slug:
- qr-code-tag
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5567
Live updates from Excel
- Plugin:
- Live updates from Excel
- Plugin Slug:
- ipushpull
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5116
ImageMapper
- Plugin:
- ImageMapper
- Plugin Slug:
- imagemapper
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5506
ImageMapper
- Plugin:
- ImageMapper
- Plugin Slug:
- imagemapper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5507
ImageMapper
- Plugin:
- ImageMapper
- Plugin Slug:
- imagemapper
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5532
iframe forms
- Plugin:
- iframe forms
- Plugin Slug:
- iframe-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5073
idbbee
- Plugin:
- idbbee
- Plugin Slug:
- idbbee
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5114
Grid Plus
- Plugin:
- Grid Plus
- Plugin Slug:
- grid-plus
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-34014
Featured Image Caption
- Plugin:
- Featured Image Caption
- Plugin Slug:
- featured-image-caption
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5669
WooODT Lite
- Plugin:
- WooODT Lite
- Plugin Slug:
- byconsole-woo-order-delivery-time
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-47179
Ads by datafeedr.com
- Plugin:
- Ads by datafeedr.com
- Plugin Slug:
- ads-by-datafeedrcom
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2023-5843
Social Feed | All social media in one place
- Plugin:
- Social Feed | All social media in one place
- Plugin Slug:
- add-facebook
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-47227
Social Feed | All social media in one place
- Plugin:
- Social Feed | All social media in one place
- Plugin Slug:
- add-facebook
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5661
Solid Security – Password, Two Factor Authentication, and Brute Force Protection
- Plugin Slug:
- better-wp-security
- Installations:
- 900,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 9.0.1
- Severity Score:
- Medium
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
- Plugin Slug:
- ninja-forms
- Installations:
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.34
- Severity Score:
- Medium
- CVE:
- 2023-5530
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.33.4
- Severity Score:
- Medium
- CVE:
- 2023-4248
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.33.4
- Severity Score:
- Medium
- CVE:
- 2023-4246
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.33.4
- Severity Score:
- Medium
- CVE:
- 2023-4247
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.33.2
- Severity Score:
- Medium
- CVE:
- 2023-47183
Kadence WooCommerce Email Designer
- Plugin Slug:
- kadence-woocommerce-email-designer
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.12
- Severity Score:
- Medium
- CVE:
- 2023-47186
WP Meta and Date Remover
- Plugin:
- WP Meta and Date Remover
- Plugin Slug:
- wp-meta-and-date-remover
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2023-4823
Defender Security – Malware Scanner, Login Security & Firewall
- Plugin Slug:
- defender-security
- Installations:
- 90,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2023-47189
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.12
- Severity Score:
- High
- CVE:
- 2023-47185
User Registration – Custom Registration Form, Login Form And User Profile For WordPress
- Plugin Slug:
- user-registration
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.4.2
- Severity Score:
- Medium
- CVE:
- 2023-5228
Drag and Drop Multiple File Upload – Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations:
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.7.4
- Severity Score:
- High
- CVE:
- 2023-5822
Apollo13 Framework Extensions
- Plugin Slug:
- apollo13-framework-extensions
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2023-47190
Email Templates Customizer and Designer for WordPress and WooCommerce
- Plugin Slug:
- email-templates
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2022-47181
Social Sharing Plugin – Social Warfare
- Plugin Slug:
- social-warfare
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.4
- Severity Score:
- Medium
- CVE:
- 2023-4842
WP Customer Reviews
- Plugin:
- WP Customer Reviews
- Plugin Slug:
- wp-customer-reviews
- Installations:
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.6.7
- Severity Score:
- Medium
- CVE:
- 2023-4686
Popup box
Responsive Pricing Table
- Plugin:
- Responsive Pricing Table
- Plugin Slug:
- dk-pricr-responsive-pricing-table
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.8
- Severity Score:
- Medium
- CVE:
- 2023-4810
Simple Like Page Plugin
- Plugin:
- Simple Like Page Plugin
- Plugin Slug:
- simple-facebook-plugin
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.2
- Severity Score:
- Medium
- CVE:
- 2023-4888
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.10.6
- Severity Score:
- Medium
- CVE:
- 2023-47188
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 6.1.5
- Severity Score:
- High
- CVE:
- 2023-5355
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.5
- Severity Score:
- High
- CVE:
- 2023-5354
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.5
- Severity Score:
- Medium
- CVE:
- 2023-5352
E2Pdf – Export To Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.20.20
- Severity Score:
- Medium
- CVE:
- 2023-5229
Image Regenerate & Select Crop
- Plugin Slug:
- image-regenerate-select-crop
- Installations:
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.3.1
- Severity Score:
- Medium
- CVE:
- 2023-46820
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
- Plugin:
- Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
- Plugin Slug:
- woocommerce-exporter
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2.1
- Severity Score:
- High
- CVE:
- 2023-46822
FareHarbor for WordPress
- Plugin:
- FareHarbor for WordPress
- Plugin Slug:
- fareharbor
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.8
- Severity Score:
- Medium
- CVE:
- 2023-5252
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin:
- Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin Slug:
- youzify
- Installations:
- 9,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2023-47191
Front End PM
- Plugin:
- Front End PM
- Plugin Slug:
- front-end-pm
- Installations:
- 8,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 11.4.3
- Severity Score:
- High
- CVE:
- 2023-4930
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.7
- Severity Score:
- Medium
- CVE:
- 2023-5606
Garden Gnome Package
- Plugin:
- Garden Gnome Package
- Plugin Slug:
- garden-gnome-package
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2023-5664
Image horizontal reel scroll slideshow
- Plugin Slug:
- image-horizontal-reel-scroll-slideshow
- Installations:
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.3
- Severity Score:
- High
- CVE:
- 2023-5412
Admin Bar & Dashboard Access Control
- Plugin Slug:
- admin-bar-dashboard-control
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.9
- Severity Score:
- Medium
- CVE:
- 2023-47184
MStore API
- Plugin:
- MStore API
- Plugin Slug:
- mstore-api
- Installations:
- 4,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.10.8
- Severity Score:
- Critical
- CVE:
- 2023-3277
SEO Slider
- Plugin:
- SEO Slider
- Plugin Slug:
- seo-slider
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2023-5707
Slick Popup: Contact Form 7 Popup Plugin
- Plugin Slug:
- slick-popup
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.15
- Severity Score:
- Medium
- CVE:
- 2023-46824
Vertical marquee plugin
- Plugin:
- Vertical marquee plugin
- Plugin Slug:
- vertical-marquee-plugin
- Installations:
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.2
- Severity Score:
- High
- CVE:
- 2023-5436
WP Affiliate Disclosure
- Plugin:
- WP Affiliate Disclosure
- Plugin Slug:
- wp-affiliate-disclosure
- Installations:
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2023-47232
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- High
- CVE:
- 2023-4250
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2023-4251
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations:
- 2,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2023-5238
GD Security Headers
- Plugin:
- GD Security Headers
- Plugin Slug:
- gd-security-headers
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2023-46821
ImageLinks Interactive Image Builder for WordPress
- Plugin Slug:
- imagelinks-interactive-image-builder-lite
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2023-46823
iPages Flipbook For WordPress
- Plugin Slug:
- ipages-flipbook
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
- 2023-47236
Popup with fancybox
- Plugin:
- Popup with fancybox
- Plugin Slug:
- popup-with-fancybox
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6
- Severity Score:
- High
- CVE:
- 2023-5465
Advance Menu Manager
- Plugin:
- Advance Menu Manager
- Plugin Slug:
- advance-menu-manager
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
Advance Menu Manager
- Plugin:
- Advance Menu Manager
- Plugin Slug:
- advance-menu-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
WordPress Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.1
- Severity Score:
- Medium
- CVE:
- 2023-47230
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
- Plugin Slug:
- contest-gallery
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.2.8.1
- Severity Score:
- High
- CVE:
- 2023-5307
Animated Rotating Words (Interchanging Random Words in a Sentence)
- Plugin Slug:
- css3-rotating-words
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.5
- Severity Score:
- Medium
- CVE:
- 2023-47187
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin:
- Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin Slug:
- funnelforms-free
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-5383
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin:
- Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin Slug:
- funnelforms-free
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-5382
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin:
- Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin Slug:
- funnelforms-free
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2023-5385
Icons Font Loader
- Plugin:
- Icons Font Loader
- Plugin Slug:
- icons-font-loader
- Installations:
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2023-5860
IdeaPush
- Plugin:
- IdeaPush
- Plugin Slug:
- ideapush
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.53
- Severity Score:
- Medium
- CVE:
- 2023-47181
WordPress File Sharing Plugin
- Plugin Slug:
- user-private-files
- Installations:
- 1,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2023-4836
video carousel slider with lightbox
- Plugin Slug:
- wp-responsive-video-gallery-with-lightbox
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2023-5945
Basic Interactive World Map
- Plugin:
- Basic Interactive World Map
- Plugin Slug:
- basic-interactive-world-map
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7
- Severity Score:
- Medium
- CVE:
- 2023-47223
Image vertical reel scroll slideshow
- Plugin Slug:
- image-vertical-reel-scroll-slideshow
- Installations:
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.1
- Severity Score:
- High
- CVE:
- 2023-5428
Jquery news ticker
- Plugin:
- Jquery news ticker
- Plugin Slug:
- jquery-news-ticker
- Installations:
- 700+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2023-5430
Memberlite Shortcodes
- Plugin:
- Memberlite Shortcodes
- Plugin Slug:
- memberlite-shortcodes
- Installations:
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.9
- Severity Score:
- Medium
- CVE:
- 2023-5237
Information Reel
- Plugin:
- Information Reel
- Plugin Slug:
- information-reel
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 10.1
- Severity Score:
- High
- CVE:
- 2023-5429
Message ticker
- Plugin:
- Message ticker
- Plugin Slug:
- message-ticker
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.3
- Severity Score:
- High
- CVE:
- 2023-5433
WP fade in text news
- Plugin:
- WP fade in text news
- Plugin Slug:
- wp-fade-in-text-news
- Installations:
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5437
WP Discord Invite
- Plugin:
- WP Discord Invite
- Plugin Slug:
- wp-discord-invite
- Installations:
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.2
- Severity Score:
- Medium
- CVE:
- 2023-5181
WP Discord Invite
- Plugin:
- WP Discord Invite
- Plugin Slug:
- wp-discord-invite
- Installations:
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.1
- Severity Score:
- Medium
- CVE:
- 2023-5006
Wp anything slider
- Plugin:
- Wp anything slider
- Plugin Slug:
- wp-anything-slider
- Installations:
- 400+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.2
- Severity Score:
- High
- CVE:
- 2023-5466
Superb slideshow gallery
- Plugin:
- Superb slideshow gallery
- Plugin Slug:
- superb-slideshow-gallery
- Installations:
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.2
- Severity Score:
- High
- CVE:
- 2023-5434
wp image slideshow
- Plugin:
- wp image slideshow
- Plugin Slug:
- wp-image-slideshow
- Installations:
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5438
Ziteboard Online Whiteboard
- Plugin:
- Ziteboard Online Whiteboard
- Plugin Slug:
- ziteboard-online-whiteboard
- Installations:
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2023-5076
Left right image slideshow gallery
- Plugin Slug:
- left-right-image-slideshow-gallery
- Installations:
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5431
Wp photo text slider 50
- Plugin:
- Wp photo text slider 50
- Plugin Slug:
- wp-photo-text-slider-50
- Installations:
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.1
- Severity Score:
- High
- CVE:
- 2023-5439
Jquery accordion slideshow
- Plugin:
- Jquery accordion slideshow
- Plugin Slug:
- jquery-accordion-slideshow
- Installations:
- 80+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.2
- Severity Score:
- High
- CVE:
- 2023-5464
Up down image slideshow gallery
- Plugin Slug:
- up-down-image-slideshow-gallery
- Installations:
- 30+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 12.1
- Severity Score:
- High
- CVE:
- 2023-5435
Digirisk
The Plus Addons for Elementor Pro
- Plugin:
- The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.2.9
- Severity Score:
- High
- CVE:
- 2023-47178
HTML filter and csv-file search
- Plugin:
- HTML filter and csv-file search
- Plugin Slug:
- hk-filter-and-search
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.8
- Severity Score:
- High
- CVE:
- 2023-5099
HTML filter and csv-file search
- Plugin:
- HTML filter and csv-file search
- Plugin Slug:
- hk-filter-and-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8
- Severity Score:
- Medium
- CVE:
- 2023-5096
Advanced Booking Calendar
- Plugin:
- Advanced Booking Calendar
- Plugin Slug:
- advanced-booking-calendar
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.12
- Severity Score:
- High
WordPress Themes — 0 Patched / 0 Unpatched
Notes
- This report comes out on Wednesdays and covers the last seven days of public disclosures in the Patchstack vulnerability database from the beginning of the previous week to the beginning of the current week — from last Monday to this Monday. This period intentionally excludes any vulnerabilities added to the database in the last 48 hours. However, that up-to-the-minute Patchstack vulnerability data powers Solid Security Pro for our customers who have purchased Solid Suite or Solid Security Pro. Using Patchstack’s virtual patches, Solid Security Pro automatically protects WordPress sites from active exploits aimed at unpatched vulnerabilities.
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed