Since our last report, 125 new vulnerabilities have been publicly disclosed.1 Security patches for 61 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 64 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall with virtual patches from Patchstack. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.3.2 is a Maintenance and Security release issued on October 12. It features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Because this is a security release, it is recommended that you apply it and update your sites to WordPress 6.3.2 as soon as possible. Backports are also available for older supported major WordPress releases from version 4.1 onward.
The next major release will be version 6.4, expected on 7 November 2023.
WordPress Plugins — 61 Patched / 64 Unpatched
Simple Calendar – Google Calendar Plugin
- Plugin Slug:
- google-calendar-events
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46189
Web Push Notifications – Webpushr
- Plugin Slug:
- webpushr-web-push-notifications
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-35041
Wp Ultimate Review
- Plugin:
- Wp Ultimate Review
- Plugin Slug:
- wp-ultimate-review
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46085
Motors – Car Dealer, Classifieds & Listing
- Plugin Slug:
- motors-car-dealership-classified-listings
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46208
Motors – Car Dealer, Classifieds & Listing
- Plugin Slug:
- motors-car-dealership-classified-listings
- Installations:
- 9,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46207
Protección de Datos RGPD
- Plugin:
- Protección de Datos RGPD
- Plugin Slug:
- click-datos-lopd
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46071
Grid Plus – Unlimited grid layout
- Plugin Slug:
- grid-plus
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46209
WC Captcha
- Plugin:
- WC Captcha
- Plugin Slug:
- wc-captcha
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46210
ApplyOnline – Application Form Builder and Manager
- Plugin Slug:
- apply-online
- Installations:
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46080
Advanced Local Pickup for WooCommerce
- Plugin Slug:
- advanced-local-pickup-for-woocommerce
- Installations:
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-2841
Ashe Extra
- Plugin:
- Ashe Extra
- Plugin Slug:
- ashe-extra
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46079
Custom post types, Custom Fields & more
- Plugin Slug:
- custom-post-types
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-32116
DX Delete Attached Media
- Plugin:
- DX Delete Attached Media
- Plugin Slug:
- dx-delete-attached-media
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46073
EventON
Minimum Purchase for WooCommerce
- Plugin Slug:
- minimum-purchase-for-woocommerce
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-30492
Rocket Font
- Plugin:
- Rocket Font
- Plugin Slug:
- rocket-font
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46067
Contact Form Builder, Contact Widget
- Plugin Slug:
- contact-forms-builder
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46075
Duplicate Theme
- Plugin:
- Duplicate Theme
- Plugin Slug:
- duplicate-theme
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46204
Internal Link Building
- Plugin:
- Internal Link Building
- Plugin Slug:
- internal-link-building-plugin
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46193
Internal Link Building
- Plugin:
- Internal Link Building
- Plugin Slug:
- internal-link-building-plugin
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46192
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more
- Plugin Slug:
- woo-pdf-invoice-builder
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46076
Auto Login New User After Registration
- Plugin Slug:
- auto-login-new-user-after-registration
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46202
Auto Login New User After Registration
- Plugin Slug:
- auto-login-new-user-after-registration
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46201
Smart Online Order for Clover
- Plugin Slug:
- clover-online-orders
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46312
FreshMail For WordPress
- Plugin:
- FreshMail For WordPress
- Plugin Slug:
- freshmail-integration
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46074
Open Graph Metabox
- Plugin:
- Open Graph Metabox
- Plugin Slug:
- open-graph-metabox
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46191
Userback
- Plugin:
- Userback
- Plugin Slug:
- userback
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46089
Appointment Calendar
- Plugin:
- Appointment Calendar
- Plugin Slug:
- appointment-calendar
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46198
Archivist – Custom Archive Templates
- Plugin Slug:
- archivist-custom-archive-templates
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46194
Category SEO Meta Tags
- Plugin:
- Category SEO Meta Tags
- Plugin Slug:
- category-seo-meta-tags
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46091
EG-Attachments
- Plugin:
- EG-Attachments
- Plugin Slug:
- eg-attachments
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46070
Eonet Manual User Approve
- Plugin:
- Eonet Manual User Approve
- Plugin Slug:
- eonet-manual-user-approve
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-32738
Headline Analyzer
- Plugin:
- Headline Analyzer
- Plugin Slug:
- headline-analyzer
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46195
Icons Font Loader
- Plugin:
- Icons Font Loader
- Plugin Slug:
- icons-font-loader
- Installations:
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46084
Just Custom Fields
- Plugin:
- Just Custom Fields
- Plugin Slug:
- just-custom-fields
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46203
Lava Directory Manager
- Plugin:
- Lava Directory Manager
- Plugin Slug:
- lava-directory-manager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46081
Novo-Map : your WP posts on custom google maps
- Plugin Slug:
- novo-map
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46190
SALESmanago
- Plugin:
- SALESmanago
- Plugin Slug:
- salesmanago
- Installations:
- 1,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4939
Smart App Banner
- Plugin:
- Smart App Banner
- Plugin Slug:
- smart-app-banner
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46200
Smooth Scroll Links [SSL]
- Plugin:
- Smooth Scroll Links [SSL]
- Plugin Slug:
- smooth-scrolling-links-ssl
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46095
WDSocialWidgets
- Plugin:
- WDSocialWidgets
- Plugin Slug:
- spider-facebook
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46090
Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
- Plugin Slug:
- taggbox-widget
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-33215
WC Serial Numbers – Ultimate License Manager Plugin for Selling, Licensing & Securely Delivering Digital Products with WooCommerce
- Plugin Slug:
- wc-serial-numbers
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46078
Webmaster Tools
- Plugin:
- Webmaster Tools
- Plugin Slug:
- webmaster-tools
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46093
Webmaster Tools
- Plugin:
- Webmaster Tools
- Plugin Slug:
- webmaster-tools
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46092
WP Radio – Worldwide Online Radio Stations Directory for WordPress
- Plugin Slug:
- wp-radio
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46150
The Awesome Feed – Custom Feed
- Plugin Slug:
- wp-facebook-feed
- Installations:
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46077
Triberr
- Plugin:
- Triberr
- Plugin Slug:
- triberr-wordpress-plugin
- Installations:
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46199
Soisy Pagamento Rateale
- Plugin:
- Soisy Pagamento Rateale
- Plugin Slug:
- soisy-pagamento-rateale
- Installations:
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5132
WP Post Columns
- Plugin:
- WP Post Columns
- Plugin Slug:
- wp-post-columns
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5708
WP Full Stripe Free
- Plugin:
- WP Full Stripe Free
- Plugin Slug:
- wp-full-stripe-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46088
Who Hit The Page – Hit Counter
- Plugin:
- Who Hit The Page – Hit Counter
- Plugin Slug:
- who-hit-the-page-hit-counter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46087
WhatsApp Share Button
- Plugin:
- WhatsApp Share Button
- Plugin Slug:
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5668
Theme Blvd Shortcodes
- Plugin:
- Theme Blvd Shortcodes
- Plugin Slug:
- theme-blvd-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5338
TCD Google Maps
- Plugin:
- TCD Google Maps
- Plugin Slug:
- tcd-google-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5128
Skype Legacy Buttons
- Plugin:
- Skype Legacy Buttons
- Plugin Slug:
- skype-online-status
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5615
WP Simple Table Manager
- Plugin:
- WP Simple Table Manager
- Plugin Slug:
- simple-table-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4858
Product Category Tree
- Plugin:
- Product Category Tree
- Plugin Slug:
- product-category-tree
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46151
MpOperationLogs
- Plugin:
- MpOperationLogs
- Plugin Slug:
- mpoperationlogs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-5538
Mediabay
- Plugin:
- Mediabay
- Plugin Slug:
- mediabay-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-46066
Magee Shortcodes
- Plugin:
- Magee Shortcodes
- Plugin Slug:
- magee-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4783
CPO Shortcodes
- Plugin:
- CPO Shortcodes
- Plugin Slug:
- cpo-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5704
Add Custom Body Class
- Plugin:
- Add Custom Body Class
- Plugin Slug:
- add-custom-body-class
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5205
Add Shortcodes Actions And Filters
- Plugin:
- Add Shortcodes Actions And Filters
- Plugin Slug:
- add-actions-and-filters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-46072
WooCommerce Stripe Payment Gateway
- Plugin Slug:
- woocommerce-gateway-stripe
- Installations:
- 900,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.6.1
- Severity Score:
- Medium
- CVE:
- 2023-44999
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations:
- 500,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.39
- Severity Score:
- Medium
- CVE:
- 2023-3279
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations:
- 500,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.39
- Severity Score:
- Medium
- CVE:
- 2023-3155
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations:
- 500,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.39
- Severity Score:
- Medium
- CVE:
- 2023-3154
Widgets for Google Reviews
- Plugin:
- Widgets for Google Reviews
- Plugin Slug:
- wp-reviews-plugin-for-google
- Installations:
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 10.9.1
- Severity Score:
- Medium
- CVE:
- 2023-3254
MW WP Form
- Plugin:
- MW WP Form
- Plugin Slug:
- mw-wp-form
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.0
- Severity Score:
- Medium
- CVE:
- 2023-46206
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2023-5087
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations:
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.7
- Severity Score:
- High
- CVE:
- 2023-4687
Templately – Templates Cloud for Elementor & Gutenberg : 4000+ Free & Premium Designs!
- Plugin Slug:
- templately
- Installations:
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.6
- Severity Score:
- Medium
- CVE:
- 2023-5454
Social Media Share Buttons & Social Sharing Icons
- Plugin Slug:
- ultimate-social-media-icons
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.6
- Severity Score:
- Medium
- CVE:
- 2023-5602
Social Media Share Buttons & Social Sharing Icons
- Plugin Slug:
- ultimate-social-media-icons
- Installations:
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.8.6
- Severity Score:
- Medium
- CVE:
- 2023-5070
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
- Plugin Slug:
- userfeedback-lite
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.10
- Severity Score:
- High
- CVE:
- 2023-46153
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 7.6.4
- Severity Score:
- Low
- CVE:
- 2023-46311
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 7.6.11
- Severity Score:
- Medium
- CVE:
- 2023-46310
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations:
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.6.11
- Severity Score:
- Medium
- CVE:
- 2023-46309
WordPress Online Booking and Scheduling Plugin – Bookly
- Plugin Slug:
- bookly-responsive-appointment-booking-tool
- Installations:
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 22.4
- Severity Score:
- High
- CVE:
- 2023-4691
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations:
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2023-4805
Booking Calendar
- Plugin:
- Booking Calendar
- Plugin Slug:
- booking
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.7.3.1
- Severity Score:
- High
- CVE:
- 2023-4620
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.3
- Severity Score:
- Medium
- CVE:
- 2023-5638
File Manager Pro – Filester
- Plugin:
- File Manager Pro – Filester
- Plugin Slug:
- filester
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2023-4862
File Manager Pro – Filester
- Plugin:
- File Manager Pro – Filester
- Plugin Slug:
- filester
- Installations:
- 50,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2023-4861
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations:
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.0.12
- Severity Score:
- Medium
- CVE:
- 2023-4820
Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce
- Plugin:
- Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.4
- Severity Score:
- High
- CVE:
- 2023-46094
Contact Form builder with drag & drop for WordPress – Kali Forms
- Plugin Slug:
- kali-forms
- Installations:
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.28
- Severity Score:
- Medium
- CVE:
- 2023-46083
Security & Malware scan by CleanTalk
- Plugin Slug:
- security-malware-firewall
- Installations:
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.51
- Severity Score:
- High
- CVE:
- 2020-36698
BetterLinks – Shorten, Track and Manage any URL
- Plugin Slug:
- betterlinks
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
- 2023-45104
E2Pdf – Export To Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations:
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.20.19
- Severity Score:
- Medium
- CVE:
- 2023-46154
Envo Extra
- Plugin:
- Envo Extra
- Plugin Slug:
- envo-extra
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.4
- Severity Score:
- Medium
Popup by Supsystic
- Plugin:
- Popup by Supsystic
- Plugin Slug:
- popup-by-supsystic
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.10.20
- Severity Score:
- Medium
- CVE:
- 2023-46197
Weaver Xtreme Theme Support
- Plugin:
- Weaver Xtreme Theme Support
- Plugin Slug:
- weaverx-theme-support
- Installations:
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 6.3.1
- Severity Score:
- Medium
- CVE:
- 2023-4971
WP EXtra
- Plugin:
- WP EXtra
- Plugin Slug:
- wp-extra
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3
- Severity Score:
- Medium
- CVE:
- 2023-46212
Freesoul Deactivate Plugins – Plugin manager and cleanup
- Plugin Slug:
- freesoul-deactivate-plugins
- Installations:
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2023-46188
iPanorama 360 – WordPress Virtual Tour Builder
- Plugin Slug:
- ipanorama-360-virtual-tour-builder-lite
- Installations:
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2023-5336
Modern Footnotes
- Plugin:
- Modern Footnotes
- Plugin Slug:
- modern-footnotes
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.17
- Severity Score:
- Medium
- CVE:
- 2023-5618
WOLF – WordPress Posts Bulk Editor and Manager Professional
- Plugin Slug:
- bulk-editor
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7.2
- Severity Score:
- Medium
- CVE:
- 2023-46152
Active Directory Integration / LDAP Integration
- Plugin Slug:
- ldap-login-for-intranet-sites
- Installations:
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.1.10
- Severity Score:
- Medium
- CVE:
- 2023-5003
Theme Switcha – Easily Switch Themes for Development and Testing
- Plugin Slug:
- theme-switcha
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2023-5614
Broken Link Checker | Finder
- Plugin:
- Broken Link Checker | Finder
- Plugin Slug:
- broken-link-finder
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2023-46082
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.9.1
- Severity Score:
- Medium
- CVE:
- 2023-5254
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 4,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 4.9.1
- Severity Score:
- Critical
- CVE:
- 2023-5241
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 4,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 4.9.1
- Severity Score:
- Critical
- CVE:
- 2023-5212
AI ChatBot
- Plugin:
- AI ChatBot
- Plugin Slug:
- chatbot
- Installations:
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.9.1
- Severity Score:
- Critical
- CVE:
- 2023-5204
EventON
WP Matterport Shortcode
- Plugin:
- WP Matterport Shortcode
- Plugin Slug:
- shortcode-gallery-for-matterport-showcase
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- High
- CVE:
- 2023-4290
WP Matterport Shortcode
- Plugin:
- WP Matterport Shortcode
- Plugin Slug:
- shortcode-gallery-for-matterport-showcase
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.8
- Severity Score:
- Medium
- CVE:
- 2023-4289
Team Showcase
- Plugin:
- Team Showcase
- Plugin Slug:
- team-showcase
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2023-5639
DoLogin Security
- Plugin:
- DoLogin Security
- Plugin Slug:
- dologin
- Installations:
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2023-4800
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads
- Plugin Slug:
- shared-files
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.6
- Severity Score:
- High
- CVE:
- 2023-4819
Tab Ultimate
- Plugin:
- Tab Ultimate
- Plugin Slug:
- tabs-pro
- Installations:
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2023-5667
School Management System – WPSchoolPress
- Plugin Slug:
- wpschoolpress
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.2.5
- Severity Score:
- High
- CVE:
- 2023-4776
Ajax Archive Calendar
- Plugin:
- Ajax Archive Calendar
- Plugin Slug:
- ajax-archive-calendar
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.8
- Severity Score:
- Medium
- CVE:
- 2023-46069
Social proof testimonials and reviews by Repuso
- Plugin Slug:
- social-testimonials-and-reviews-widget
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.00
- Severity Score:
- Medium
- CVE:
- 2023-46196
Thumbnail Slider With Lightbox
- Plugin Slug:
- wp-responsive-slider-with-lightbox
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2023-5621
History Log by click5
- Plugin:
- History Log by click5
- Plugin Slug:
- history-log-by-click5
- Installations:
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.13
- Severity Score:
- High
- CVE:
- 2023-5082
Maileon for WordPress
- Plugin:
- Maileon for WordPress
- Plugin Slug:
- xqueue-maileon
- Installations:
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.16.1
- Severity Score:
- Medium
- CVE:
- 2023-46068
Delete Usermetas
- Plugin:
- Delete Usermetas
- Plugin Slug:
- delete-usermetas
- Installations:
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2023-5537
File Uploader
- Plugin:
- File Uploader
- Plugin Slug:
- wp-file-uploader
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.23.3
- Severity Score:
- Medium
- CVE:
- 2023-4811
WooCommerce Ninja Forms Product Add-ons
- Plugin:
- WooCommerce Ninja Forms Product Add-ons
- Plugin Slug:
- woocommerce-ninjaforms-product-addons
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.7.1
- Severity Score:
- Critical
- CVE:
- 2023-5601
Ultimate Addons for WPBakery Page Builder
- Plugin:
- Ultimate Addons for WPBakery Page Builder
- Plugin Slug:
- ultimate_vc_addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.15
- Severity Score:
- Medium
- CVE:
- 2023-46211
Ultimate Addons for WPBakery Page Builder
- Plugin:
- Ultimate Addons for WPBakery Page Builder
- Plugin Slug:
- ultimate_vc_addons
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.19.15
- Severity Score:
- High
- CVE:
- 2023-46205
Super Testimonial Pro
- Plugin:
- Super Testimonial Pro
- Plugin Slug:
- super-testimonial-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2023-5613
WordPress Themes
Notes
- This report comes out on Wednesdays and covers the last seven days of public disclosures in the Patchstack vulnerability database from the beginning of the previous week to the beginning of the current week — from last Monday to this Monday. This period intentionally excludes any vulnerabilities added to the database in the last 48 hours. However, that up-to-the-minute vulnerability data powers Solid Security Pro for our customers who have purchased Solid Suite. Solid Security Pro automatically protects WordPress sites from active exploits aimed at unpatched vulnerabilities. ↩︎
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed