Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Solid Foundations
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

WordPress Vulnerability Report – April 19, 2023

Written by Dan Knauss on April 19, 2023

Last Updated on May 25, 2023

This week, 116 vulnerabilities may affect over 6 million WordPress sites. There are 67 plugin vulnerabilities and 2 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 45 plugin vulnerabilities and 2 theme vulnerabilities with no patch available yet. At least three of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.

For reference, these reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

Contents of the April 19, 2023 Report
  1. WordPress Core News
  2. WordPress Plugin Vulnerabilities with Patches
    1. All In One WP Security & Firewall
    2. WP Fastest Cache
    3. WP Fastest Cache
    4. Limit Login Attempts
    5. Forminator
    6. FluentForm
    7. Shortlinks by Pretty Links
    8. FooGallery
    9. Photo Gallery by 10Web
    10. Photo Gallery by 10Web
    11. Blocksy Companion
    12. Cyr to Lat
    13. Download Manager Pro
    14. Hummingbird
    15. Slimstat Analytics
    16. Easy Forms for MailChimp
    17. Easy Forms for MailChimp
    18. PowerPress Podcasting plugin by Blubrry
    19. PowerPress
    20. Site Reviews
    21. Quiz And Survey Master
    22. Klaviyo
    23. Redirection
    24. Easy Appointments
    25. Gallery by BestWebSoft
    26. Gallery by BestWebSoft
    27. SupportCandy
    28. WP VR
    29. Better Search
    30. LearnPress Export Import
    31. Product Catalog Feed by PixelYourSite
    32. MyCryptoCheckout
    33. Watu Quiz
    34. Vimeotheque
    35. Ultimate Noindex Nofollow Tool II
    36. WooCommerce Easy Duplicate Product
    37. Thumbnail carousel slider
    38. Email Subscription Popup
    39. Woo Bulk Price Update
    40. Coupon Affiliates
    41. Featured Post Creative
    42. Groundhogg
    43. Locatoraid Store Locator
    44. WP Inventory Manager
    45. MDTF
    46. Contact Form to DB by BestWebSoft
    47. Contact Form to DB
    48. Simple Giveaways
    49. Simple Giveaways
    50. ShiftController Employee Shift Scheduling
    51. MC Woocommerce Wishlist
    52. Scheduled Announcements Widget
    53. Photo Gallery by 10Web
    54. a3 Portfolio
    55. Auto Rename Media On Upload
    56. Time Sheets
    57. Zyrex Popup
    58. AI ChatBot
    59. Drag and Drop Multiple File Upload PRO
    60. JetEngine
    61. Responsive WordPress Slideshows
    62. Pricing Tables For WPBakery Page Builder
    63. Pricing Tables For WPBakery Page Builder
    64. Ruby Help Desk
    65. Stylish Cost Calculator Premium
    66. W4 Post List
    67. W4 Post List
  3. WordPress Plugin Vulnerabilities – No Known Fix
    1. Shortcodes by Angie Makes
    2. Custom Order Numbers for WooCommerce
    3. Enable Accessibility
    4. Optima Express + MarketBoost IDX Plugin
    5. ReviewX
    6. CoSchedule
    7. Fantastic Content Protector Free
    8. Affiliate Links Lite
    9. Neshan Maps
    10. Newsletters
    11. WP EasyPay – Square for WordPress
    12. Stamped.io Product Reviews & UGC for WooCommerce
    13. AdFoxly – Ad Manager, AdSense Ads & Ads.txt
    14. Booqable Rental Plugin
    15. Database Collation Fix
    16. Simple PopUp
    17. Landing Page Builder – Free Landing Page Templates
    18. Paytm Payment Donation
    19. WP Roles at Registration
    20. External Videos
    21. Motor Racing League
    22. Pickup | Delivery | Dine-in date time
    23. hiWeb Migration Simple
    24. Electric Studio Client Login
    25. UserPlus
    26. AFFILIATE Solution
    27. Amr Ical Events Lists
    28. Article Directory
    29. Article Directory Redux
    30. Cloud Manager
    31. Custom Post Type and Taxonomy GUI Manager
    32. Events Made Easy
    33. InPost Gallery
    34. MS-Reviews
    35. Random Text
    36. Video Central
    37. Waiting: One-click Countdowns
    38. WP FEvents Book
    39. WP Reroute Email
    40. WP Reroute Email
    41. Steveas WP Live Chat Shoutbox
    42. Steveas WP Live Chat Shoutbox
    43. WP Tiles
    44. WP Tiles
    45. ZM Ajax Login & Register
  4. WordPress Theme Vulnerabilities
    1. Square
    2. BeTheme
    3. Educenter
    4. Blogger Buzz
  5. The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress Core News

WordPress 6.2 is the first major release of 2023, with over 900 enhancements and fixes. You’ll notice a reimagined Site Editor, blocks get even better, and new tools and improvements in WordPress 6.2. As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.2 automatically. You can download WordPress 6.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.2 HelpHub documentation page.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
Subscribe now

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

All In One WP Security & Firewall

Product image for All-In-One Security (AIOS) – Security and Firewall.
Plugin
All-In-One Security (AIOS) – Security and Firewall
Plugin Slug
all-in-one-wp-security-and-firewall
Installations
1,000,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.1.5
Severity Score
Medium
CVE
2023-0157
The vulnerability has been patched, so you should update to version 5.1.5.

WP Fastest Cache

Product image for WP Fastest Cache.
Plugin
WP Fastest Cache
Plugin Slug
wp-fastest-cache
Installations
1,000,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.1.3
Severity Score
Medium
CVE
2023-1926
The vulnerability has been patched, so you should update to version 1.1.3.

WP Fastest Cache

Product image for WP Fastest Cache.
Plugin
WP Fastest Cache
Plugin Slug
wp-fastest-cache
Installations
1,000,000+
Vulnerability
Broken Access Control
Patched in Version
1.1.3
Severity Score
Medium
CVE
2023-1931
The vulnerability has been patched, so you should update to version 1.1.3.

Limit Login Attempts

Plugin
Limit Login Attempts
Plugin Slug
limit-login-attempts
Installations
600,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.7.2
Severity Score
Medium
CVE
2023-1861
The vulnerability has been patched, so you should update to version 1.7.2.

Forminator

Product image for Forminator – Contact Form, Payment Form & Custom Form Builder.
Plugin
Forminator – Contact Form, Payment Form & Custom Form Builder
Plugin Slug
forminator
Installations
400,000+
Vulnerability
Broken Access Control
Patched in Version
1.23.3
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.23.3.

FluentForm

Product image for Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms.
Plugin
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
Plugin Slug
fluentform
Installations
300,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.3.25
Severity Score
Medium
CVE
2023-0546
The vulnerability has been patched, so you should update to version 4.3.25.

Shortlinks by Pretty Links

Product image for Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin.
Plugin
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug
pretty-link
Installations
300,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.4.1
Severity Score
Medium
CVE
2022-47149
The vulnerability has been patched, so you should update to version 3.4.1.

FooGallery

Product image for Best WordPress Gallery Plugin – FooGallery.
Plugin
Best WordPress Gallery Plugin – FooGallery
Plugin Slug
foogallery
Installations
200,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.2.41
Severity Score
High
CVE
2023-29439
The vulnerability has been patched, so you should update to version 2.2.41.

Photo Gallery by 10Web

Product image for Photo Gallery by 10Web – Mobile-Friendly Image Gallery.
Plugin
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug
photo-gallery
Installations
200,000+
Vulnerability
Directory Traversal
Patched in Version
1.8.15
Severity Score
Medium
CVE
2023-1427
The vulnerability has been patched, so you should update to version 1.8.15.

Photo Gallery by 10Web

Product image for Photo Gallery by 10Web – Mobile-Friendly Image Gallery.
Plugin
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug
photo-gallery
Installations
200,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.8.3
Severity Score
Medium
CVE
2022-4058
The vulnerability has been patched, so you should update to version 1.8.3.

Blocksy Companion

Product image for Blocksy Companion.
Plugin
Blocksy Companion
Plugin Slug
blocksy-companion
Installations
100,000+
Vulnerability
Sensitive Data Exposure
Patched in Version
1.8.82
Severity Score
Medium
CVE
2023-1911
The vulnerability has been patched, so you should update to version 1.8.82.

Cyr to Lat

Plugin
Cyr to Lat enhanced
Plugin Slug
cyr3lat
Installations
100,000+
Vulnerability
SQL Injection
Patched in Version
3.7
Severity Score
High
CVE
2022-4290
The vulnerability has been patched, so you should update to version 3.7.

Download Manager Pro

Product image for Download Manager.
Plugin
Download Manager
Plugin Slug
download-manager
Installations
100,000+
Vulnerability
Sensitive Data Exposure
Patched in Version
6.3.0
Severity Score
Medium
CVE
2023-1809
The vulnerability has been patched, so you should update to version 6.3.0.

Hummingbird

Product image for Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS.
Plugin
Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS
Plugin Slug
hummingbird-performance
Installations
100,000+
Vulnerability
Path Traversal
Patched in Version
3.4.2
Severity Score
High
CVE
2023-1478
The vulnerability has been patched, so you should update to version 3.4.2.

Slimstat Analytics

Product image for Slimstat Analytics.
Plugin
Slimstat Analytics
Plugin Slug
wp-slimstat
Installations
100,000+
Vulnerability
SQL Injection
Patched in Version
4.9.4
Severity Score
High
The vulnerability has been patched, so you should update to version 4.9.4.

Easy Forms for MailChimp

Product image for Easy Forms for Mailchimp.
Plugin
Easy Forms for Mailchimp
Plugin Slug
yikes-inc-easy-mailchimp-extender
Installations
100,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
6.8.7
Severity Score
Medium
CVE
2023-1325
The vulnerability has been patched, so you should update to version 6.8.7.

Easy Forms for MailChimp

Product image for Easy Forms for Mailchimp.
Plugin
Easy Forms for Mailchimp
Plugin Slug
yikes-inc-easy-mailchimp-extender
Installations
100,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
6.8.7
Severity Score
High
CVE
2023-1324
The vulnerability has been patched, so you should update to version 6.8.7.

PowerPress Podcasting plugin by Blubrry

Product image for PowerPress Podcasting plugin by Blubrry.
Plugin
PowerPress Podcasting plugin by Blubrry
Plugin Slug
powerpress
Installations
50,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
10.0.2
Severity Score
Medium
CVE
2023-30778
The vulnerability has been patched, so you should update to version 10.0.2.

PowerPress

Product image for PowerPress Podcasting plugin by Blubrry.
Plugin
PowerPress Podcasting plugin by Blubrry
Plugin Slug
powerpress
Installations
50,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
10.0.1
Severity Score
Medium
CVE
2023-1917
The vulnerability has been patched, so you should update to version 10.0.1.

Site Reviews

Product image for Site Reviews.
Plugin
Site Reviews
Plugin Slug
site-reviews
Installations
50,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
6.7.1
Severity Score
Medium
CVE
2023-1525
The vulnerability has been patched, so you should update to version 6.7.1.

Quiz And Survey Master

Product image for Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress.
Plugin
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
Plugin Slug
quiz-master-next
Installations
40,000+
Vulnerability
SQL Injection
Patched in Version
8.1.5
Severity Score
Critical
CVE
2023-28787
The vulnerability has been patched, so you should update to version 8.1.5.

Klaviyo

Plugin
Klaviyo
Plugin Slug
klaviyo
Installations
30,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.0.10
Severity Score
Medium
CVE
2023-0874
The vulnerability has been patched, so you should update to version 3.0.10.

Redirection

Product image for Redirection.
Plugin
Redirection
Plugin Slug
redirect-redirection
Installations
20,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.1.5
Severity Score
Medium
CVE
2023-1331
The vulnerability has been patched, so you should update to version 1.1.5.

Easy Appointments

Product image for Easy Appointments.
Plugin
Easy Appointments
Plugin Slug
easy-appointments
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.11.1
Severity Score
Medium
CVE
2023-30748
The vulnerability has been patched, so you should update to version 3.11.1.

Gallery by BestWebSoft

Product image for Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress.
Plugin
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
Plugin Slug
gallery-plugin
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.7.0
Severity Score
Medium
CVE
2023-0764
The vulnerability has been patched, so you should update to version 4.7.0.

Gallery by BestWebSoft

Product image for Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress.
Plugin
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
Plugin Slug
gallery-plugin
Installations
20,000+
Vulnerability
SQL Injection
Patched in Version
4.7.0
Severity Score
High
CVE
2023-0765
The vulnerability has been patched, so you should update to version 4.7.0.

SupportCandy

Product image for SupportCandy – Helpdesk & Support Ticket System.
Plugin
SupportCandy – Helpdesk & Support Ticket System
Plugin Slug
supportcandy
Installations
10,000+
Vulnerability
SQL Injection
Patched in Version
3.1.5
Severity Score
Critical
CVE
2023-1730
The vulnerability has been patched, so you should update to version 3.1.5.

WP VR

Product image for WP VR – 360 Panorama and Virtual Tour Builder For WordPress.
Plugin
WP VR – 360 Panorama and Virtual Tour Builder For WordPress
Plugin Slug
wpvr
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
8.2.9
Severity Score
High
CVE
2023-1413
The vulnerability has been patched, so you should update to version 8.2.9.

Better Search

Product image for Better Search – Relevant search results for WordPress.
Plugin
Better Search – Relevant search results for WordPress
Plugin Slug
better-search
Installations
8,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.2.0
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.2.0.

LearnPress Export Import

Product image for LearnPress Export Import – WordPress extension for LearnPress.
Plugin
LearnPress Export Import – WordPress extension for LearnPress
Plugin Slug
learnpress-import-export
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.0.3
Severity Score
High
CVE
2023-30487
The vulnerability has been patched, so you should update to version 4.0.3.

Product Catalog Feed by PixelYourSite

Product image for Product Catalog Feed by PixelYourSite.
Plugin
Product Catalog Feed by PixelYourSite
Plugin Slug
product-catalog-feed
Installations
8,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.1
Severity Score
High
CVE
2023-1805
The vulnerability has been patched, so you should update to version 2.1.1.

MyCryptoCheckout

Product image for MyCryptoCheckout – Bitcoin, Ethereum, and 175+ altcoins for WooCommerce.
Plugin
MyCryptoCheckout – Bitcoin, Ethereum, and 175+ altcoins for WooCommerce
Plugin Slug
mycryptocheckout
Installations
6,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.124
Severity Score
High
CVE
2023-1546
The vulnerability has been patched, so you should update to version 2.124.

Watu Quiz

Product image for Watu Quiz.
Plugin
Watu Quiz
Plugin Slug
watu
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.3.9.3
Severity Score
High
CVE
2023-30483
The vulnerability has been patched, so you should update to version 3.3.9.3.

Vimeotheque

Product image for Vimeotheque / Vimeo.
Plugin
Vimeotheque / Vimeo
Plugin Slug
codeflavors-vimeo-video-post-lite
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.2.2
Severity Score
High
CVE
2023-30498
The vulnerability has been patched, so you should update to version 2.2.2.

Ultimate Noindex Nofollow Tool II

Plugin
Ultimate Noindex Nofollow Tool II
Plugin Slug
ultimate-noindex-nofollow-tool-ii
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.3.4
Severity Score
Medium
CVE
2023-30474
The vulnerability has been patched, so you should update to version 1.3.4.

WooCommerce Easy Duplicate Product

Plugin
WooCommerce Easy Duplicate Product
Plugin Slug
woo-easy-duplicate-product
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
0.3.0.1
Severity Score
High
CVE
2023-30747
The vulnerability has been patched, so you should update to version 0.3.0.1.

Thumbnail carousel slider

Product image for Thumbnail carousel slider.
Plugin
Thumbnail carousel slider
Plugin Slug
wp-responsive-thumbnail-slider
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1.10
Severity Score
High
CVE
2023-2120
The vulnerability has been patched, so you should update to version 1.1.10.

Email Subscription Popup

Product image for Email Subscription Popup.
Plugin
Email Subscription Popup
Plugin Slug
email-subscribe
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.2.17
Severity Score
High
CVE
2023-30489
The vulnerability has been patched, so you should update to version 1.2.17.

Woo Bulk Price Update

Product image for Bulk Price Update for Woocommerce.
Plugin
Bulk Price Update for Woocommerce
Plugin Slug
woo-bulk-price-update
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.2.2
Severity Score
High
CVE
2023-28665
The vulnerability has been patched, so you should update to version 2.2.2.

Coupon Affiliates

Product image for Coupon Affiliates – WooCommerce Affiliate Plugin.
Plugin
Coupon Affiliates – WooCommerce Affiliate Plugin
Plugin Slug
woo-coupon-usage
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.4.6
Severity Score
High
CVE
2023-30475
The vulnerability has been patched, so you should update to version 5.4.6.

Featured Post Creative

Product image for Featured Post Creative.
Plugin
Featured Post Creative
Plugin Slug
featured-post-creative
Installations
2,000+
Vulnerability
Broken Access Control
Patched in Version
1.2.8
Severity Score
Medium
CVE
2023-30488
The vulnerability has been patched, so you should update to version 1.2.8.

Groundhogg

Product image for WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg.
Plugin
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Plugin Slug
groundhogg
Installations
2,000+
Vulnerability
SQL Injection
Patched in Version
2.7.9.4
Severity Score
High
CVE
2023-1425
The vulnerability has been patched, so you should update to version 2.7.9.4.

Locatoraid Store Locator

Product image for Locatoraid Store Locator.
Plugin
Locatoraid Store Locator
Plugin Slug
locatoraid
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.9.15
Severity Score
Medium
CVE
2023-2031
The vulnerability has been patched, so you should update to version 3.9.15.

WP Inventory Manager

Product image for WP Inventory Manager.
Plugin
WP Inventory Manager
Plugin Slug
wp-inventory-manager
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.0.12
Severity Score
High
CVE
2023-1806
The vulnerability has been patched, so you should update to version 2.1.0.12.

MDTF

Product image for MDTF – Meta Data and Taxonomies Filter.
Plugin
MDTF – Meta Data and Taxonomies Filter
Plugin Slug
wp-meta-data-filter-and-taxonomy-filter
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.3.1
Severity Score
High
CVE
2023-28664
The vulnerability has been patched, so you should update to version 1.3.1.

Contact Form to DB by BestWebSoft

Product image for Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.
Plugin
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
Plugin Slug
contact-form-to-db
Installations
1,000+
Vulnerability
SQL Injection
Patched in Version
1.7.1
Severity Score
High
CVE
2023-29096
The vulnerability has been patched, so you should update to version 1.7.1.

Contact Form to DB

Product image for Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.
Plugin
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
Plugin Slug
contact-form-to-db
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.7.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.7.1.

Simple Giveaways

Product image for Simple Giveaways – Grow your business, email lists and traffic with contests.
Plugin
Simple Giveaways – Grow your business, email lists and traffic with contests
Plugin Slug
giveasap
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.45.1
Severity Score
Medium
CVE
2023-1122
The vulnerability has been patched, so you should update to version 2.45.1.

Simple Giveaways

Product image for Simple Giveaways – Grow your business, email lists and traffic with contests.
Plugin
Simple Giveaways – Grow your business, email lists and traffic with contests
Plugin Slug
giveasap
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.45.1
Severity Score
Medium
CVE
2023-1120
The vulnerability has been patched, so you should update to version 2.45.1.

ShiftController Employee Shift Scheduling

Plugin
ShiftController Employee Shift Scheduling
Plugin Slug
shiftcontroller
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.9.26
Severity Score
High
CVE
2023-1978
The vulnerability has been patched, so you should update to version 4.9.26.

MC Woocommerce Wishlist

Product image for WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation).
Plugin
WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation)
Plugin Slug
smart-wishlist-for-more-convert
Installations
900+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.5.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.5.5.

Scheduled Announcements Widget

Product image for Scheduled Announcements Widget.
Plugin
Scheduled Announcements Widget
Plugin Slug
scheduled-announcements-widget
Installations
300+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.0
Severity Score
Medium
CVE
2023-0363
The vulnerability has been patched, so you should update to version 1.0.

Photo Gallery by 10Web

Plugin
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5
Plugin Slug
1-jquery-photo-gallery-slideshow-flash
Installations
200+
Vulnerability
Path Traversal
Patched in Version
1.8.15
Severity Score
Medium
CVE
2023-1427
The vulnerability has been patched, so you should update to version 1.8.15.

a3 Portfolio

Product image for a3 Portfolio.
Plugin
a3 Portfolio
Plugin Slug
a3-portfolio
Installations
100+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.1.1
Severity Score
Medium
CVE
2023-29097
The vulnerability has been patched, so you should update to version 3.1.1.

Auto Rename Media On Upload

Product image for Auto Rename Media On Upload.
Plugin
Auto Rename Media On Upload
Plugin Slug
auto-rename-media-on-upload
Installations
100+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1.0
Severity Score
Medium
CVE
2023-0605
The vulnerability has been patched, so you should update to version 1.1.0.

Time Sheets

Product image for Time Sheets.
Plugin
Time Sheets
Plugin Slug
time-sheets
Installations
100+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.29.3
Severity Score
Medium
CVE
2023-0893
The vulnerability has been patched, so you should update to version 1.29.3.

Zyrex Popup

Plugin
ZYREX POPUP
Plugin Slug
popup-zyrex
Installations
10+
Vulnerability
Arbitrary File Upload
Patched in Version
1.1
Severity Score
Critical
CVE
2023-0924
The vulnerability has been patched, so you should update to version 1.1.

AI ChatBot

Product image for Blog Navigator Chatbot by Xatkit.
Plugin
Blog Navigator Chatbot by Xatkit
Plugin Slug
xatkit-chatbot-connector
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.5.1
Severity Score
Medium
The vulnerability has been patched, so you should update to version 4.5.1.

Drag and Drop Multiple File Upload PRO

Plugin
Drag and Drop Multiple File Upload PRO
Plugin Slug
drag-n-drop-upload-cf7-pro
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
5.0.6.4
Severity Score
High
CVE
2023-1282
The vulnerability has been patched, so you should update to version 5.0.6.4.

JetEngine

Plugin
JetEngine
Plugin Slug
jet-engine
Vulnerability
Remote Code Execution (RCE)
Patched in Version
3.1.3.1
Severity Score
Critical
CVE
2023-1406
The vulnerability has been patched, so you should update to version 3.1.3.1.

Responsive WordPress Slideshows

Plugin
Meta Slider
Plugin Slug
ml-slider1
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.29.1
Severity Score
High
CVE
2023-1473
The vulnerability has been patched, so you should update to version 3.29.1.

Pricing Tables For WPBakery Page Builder

Plugin
Pricing Tables For WPBakery Page Builder
Plugin Slug
pricing-tables-for-wpbakery-page-builder
Vulnerability
Local File Inclusion
Patched in Version
3.0
Severity Score
High
CVE
2023-1274
The vulnerability has been patched, so you should update to version 3.0.

Pricing Tables For WPBakery Page Builder

Plugin
Pricing Tables For WPBakery Page Builder
Plugin Slug
pricing-tables-for-wpbakery-page-builder
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.0
Severity Score
Medium
CVE
2023-0367
The vulnerability has been patched, so you should update to version 3.0.

Ruby Help Desk

Product image for Ruby Help Desk.
Plugin
Ruby Help Desk
Plugin Slug
ruby-help-desk
Vulnerability
Insecure Direct Object References (IDOR)
Patched in Version
1.3.4
Severity Score
Medium
CVE
2023-1125
The vulnerability has been patched, so you should update to version 1.3.4.

Stylish Cost Calculator Premium

Plugin
Stylish Cost Calculator Premium
Plugin Slug
stylish-cost-calculator-premium
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
7.9.0
Severity Score
High
CVE
2023-0983
The vulnerability has been patched, so you should update to version 7.9.0.

W4 Post List

Plugin
W4 Post List
Plugin Slug
w4-post-list
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.4.6
Severity Score
High
CVE
2023-1373
The vulnerability has been patched, so you should update to version 2.4.6.

W4 Post List

Plugin
W4 Post List
Plugin Slug
w4-post-list
Vulnerability
Sensitive Data Exposure
Patched in Version
2.4.6
Severity Score
Medium
CVE
2023-1371
The vulnerability has been patched, so you should update to version 2.4.6.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Shortcodes by Angie Makes

Product image for Shortcodes by Angie Makes.
Plugin
Shortcodes by Angie Makes
Plugin Slug
wc-shortcodes
Installations
30,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23725
The vulnerability has not been patched. You should deactivate the plugin.

Custom Order Numbers for WooCommerce

Product image for Custom Order Numbers for WooCommerce.
Plugin
Custom Order Numbers for WooCommerce
Plugin Slug
custom-order-numbers-for-woocommerce
Installations
20,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-45367
The vulnerability has not been patched. You should deactivate the plugin.

Enable Accessibility

Product image for Enable Accessibility.
Plugin
Enable Accessibility
Plugin Slug
enable-accessibility
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30484
The vulnerability has not been patched. You should deactivate the plugin.

Optima Express + MarketBoost IDX Plugin

Product image for Optima Express + MarketBoost IDX Plugin.
Plugin
Optima Express + MarketBoost IDX Plugin
Plugin Slug
optima-express
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30749
The vulnerability has not been patched. You should deactivate the plugin.

ReviewX

Product image for ReviewX – Multi-criteria Rating & Reviews for WooCommerce.
Plugin
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug
reviewx
Installations
10,000+
Vulnerability
CSV Injection
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-46809
The vulnerability has not been patched. You should deactivate the plugin.

CoSchedule

Product image for CoSchedule.
Plugin
CoSchedule
Plugin Slug
coschedule-by-todaymade
Installations
8,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-47165
The vulnerability has not been patched. You should deactivate the plugin.

Fantastic Content Protector Free

Product image for Fantastic Content Protector Free.
Plugin
Fantastic Content Protector Free
Plugin Slug
fantastic-content-protector-free
Installations
6,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25048
The vulnerability has not been patched. You should deactivate the plugin.

Affiliate Links Lite

Product image for Affiliate Links Lite.
Plugin
Affiliate Links Lite
Plugin Slug
affiliate-links
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-22696
The vulnerability has not been patched. You should deactivate the plugin.

Neshan Maps

Product image for Neshan Maps.
Plugin
Neshan Maps
Plugin Slug
neshan-maps
Installations
3,000+
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-47426
The vulnerability has not been patched. You should deactivate the plugin.

Newsletters

Product image for Newsletters.
Plugin
Newsletters
Plugin Slug
newsletters-lite
Installations
3,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30478
The vulnerability has not been patched. You should deactivate the plugin.

WP EasyPay – Square for WordPress

Product image for WP EasyPay – Square for WordPress.
Plugin
WP EasyPay – Square for WordPress
Plugin Slug
wp-easy-pay
Installations
3,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-47177
The vulnerability has not been patched. You should deactivate the plugin.

Stamped.io Product Reviews & UGC for WooCommerce

Product image for Stamped.io Product Reviews & UGC for WooCommerce.
Plugin
Stamped.io Product Reviews & UGC for WooCommerce
Plugin Slug
stampedio-product-reviews
Installations
2,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30479
The vulnerability has not been patched. You should deactivate the plugin.

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Product image for AdFoxly – Ad Manager, AdSense Ads & Ads.txt.
Plugin
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug
adfoxly
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-30754
The vulnerability has not been patched. You should deactivate the plugin.

Booqable Rental Plugin

Product image for Booqable Rental Plugin.
Plugin
Booqable Rental Plugin
Plugin Slug
booqable-rental-reservations
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30746
The vulnerability has not been patched. You should deactivate the plugin.

Database Collation Fix

Plugin
Database Collation Fix
Plugin Slug
database-collation-fix
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23997
The vulnerability has not been patched. You should deactivate the plugin.

Simple PopUp

Plugin
Simple PopUp
Plugin Slug
simple-popup
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-24406
The vulnerability has not been patched. You should deactivate the plugin.

Landing Page Builder – Free Landing Page Templates

Product image for Landing Page Builder – Free Landing Page Templates.
Plugin
Landing Page Builder – Free Landing Page Templates
Plugin Slug
ultimate-landing-page
Installations
1,000+
Vulnerability
Local File Inclusion
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-24379
The vulnerability has not been patched. You should deactivate the plugin.

Paytm Payment Donation

Plugin
Paytm – Donation Plugin
Plugin Slug
paytm-donation
Installations
600+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-28535
The vulnerability has not been patched. You should deactivate the plugin.

WP Roles at Registration

Product image for WP Roles at Registration.
Plugin
WP Roles at Registration
Plugin Slug
wp-roles-at-registration
Installations
400+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-27609
The vulnerability has not been patched. You should deactivate the plugin.

External Videos

Product image for External Videos.
Plugin
External Videos
Plugin Slug
external-videos
Installations
100+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30752
The vulnerability has not been patched. You should deactivate the plugin.

Motor Racing League

Plugin
Motor Racing League
Plugin Slug
motor-racing-league
Installations
90+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-27614
The vulnerability has not been patched. You should deactivate the plugin.

Pickup | Delivery | Dine-in date time

Plugin
Pickup | Delivery | Dine-in date time
Plugin Slug
restaurant-pickup-delivery-dine-in
Installations
70+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-0894
The vulnerability has not been patched. You should deactivate the plugin.

hiWeb Migration Simple

Product image for hiWeb Migration Simple.
Plugin
hiWeb Migration Simple
Plugin Slug
hiweb-migration-simple
Installations
20+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-0769
The vulnerability has not been patched. You should deactivate the plugin.

Electric Studio Client Login

Product image for Electric Studio Client Login.
Plugin
Electric Studio Client Login
Plugin Slug
electric-studio-client-login
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-27425
The vulnerability has not been patched. You should deactivate the plugin.

UserPlus

Plugin
User registration & user profile – UserPlus
Plugin Slug
userplus
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-0824
The vulnerability has not been patched. You should deactivate the plugin.

AFFILIATE Solution

Product image for AFFILIATE Solution.
Plugin
AFFILIATE Solution
Plugin Slug
affiliate-solution
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30477
The vulnerability has not been patched. You should deactivate the plugin.

Amr Ical Events Lists

Plugin
Amr Ical Events Lists
Plugin Slug
amr-ical-events-list
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-1021
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Article Directory

Plugin
Article Directory
Plugin Slug
article-directory
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-0422
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Article Directory Redux

Plugin
Article Directory Redux
Plugin Slug
article-directory-redux
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30751
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Cloud Manager

Plugin
Cloud Manager
Plugin Slug
cloud-manager
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-0421
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Custom Post Type and Taxonomy GUI Manager

Plugin
Custom Post Type and Taxonomy GUI Manager
Plugin Slug
custom-post-type-cpt-cusom-taxonomy-ct-manager
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-0420
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Events Made Easy

Plugin
Events Made Easy
Plugin Slug
events-made-easy
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
High
CVE
2023-28660
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

InPost Gallery

Plugin
InPost Gallery
Plugin Slug
inpost-gallery
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-28666
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

MS-Reviews

Plugin
MS-Reviews
Plugin Slug
ms-reviews
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-0424
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Random Text

Plugin
Random Text
Plugin Slug
randomtext
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
High
CVE
2023-0388
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Video Central

Plugin
Video Central
Plugin Slug
video-central
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-0418
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Waiting: One-click Countdowns

Plugin
Waiting: One-click countdowns
Plugin Slug
waiting
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
High
CVE
2023-28659
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP FEvents Book

Plugin
WP FEvents Book
Plugin Slug
wp-fevents-book
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-1126
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Reroute Email

Plugin
WP Reroute Email
Plugin Slug
wp-reroute-email
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-27606
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Reroute Email

Plugin
WP Reroute Email
Plugin Slug
wp-reroute-email
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-27605
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Steveas WP Live Chat Shoutbox

Plugin
Steveas WP Live Chat Shoutbox
Plugin Slug
wp-shoutbox-live-chat
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
High
CVE
2023-0899
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Steveas WP Live Chat Shoutbox

Plugin
Steveas WP Live Chat Shoutbox
Plugin Slug
wp-shoutbox-live-chat
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
Critical
CVE
2023-1020
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Tiles

Plugin
WP Tiles
Plugin Slug
wp-tiles
Vulnerability
Sensitive Data Exposure
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-1426
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Tiles

Plugin
WP Tiles
Plugin Slug
wp-tiles
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-4827
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

ZM Ajax Login & Register

Plugin
ZM Ajax Login & Register
Plugin Slug
zm-ajax-login-register
Vulnerability
Broken Authentication
Patched in Version
No Fix
Severity Score
Critical
CVE
2023-2027
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Square

Product image for Square.
Theme
Square
Theme Slug
square
Downloads
468,498
Vulnerability
Broken Access Control
Patched in Version
2.0.1
Severity Score
Medium
CVE
2023-30486
The vulnerability has been patched, so you should update to version 2.0.1.

BeTheme

Theme
Betheme
Theme Slug
betheme
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
26.8
Severity Score
High
CVE
2023-29101
The vulnerability has been patched, so you should update to version 26.8.

Educenter

Product image for Educenter.
Theme
Educenter
Theme Slug
educenter
Downloads
136,704
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30480
The vulnerability has not been patched. You should switch themes.

Blogger Buzz

Product image for Blogger Buzz.
Theme
Blogger Buzz
Theme Slug
blogger-buzz
Downloads
47,897
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-30476
The vulnerability has not been patched. You should switch themes.

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.

Scans Your Website Twice a Day for Vulnerabilities

Your website’s plugins, themes, and WordPress core versions are checked against the Patchstack Vulnerability Database for the latest vulnerability disclosures.

Automatically Updates if a Security Fix is Available

Paired with Version Management, iThemes Security will automatically update a plugin, theme, or WordPress core version if it has a vulnerability.

Emails You a Warning if Site Scan Detects a Vulnerability

You can receive an email report if your site is running vulnerable versions of a plugin, theme, or WordPress core. Customize the email addresses that receive scan results.

iThemes Security Pro

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress currently powers over 40% of all websites, so it has become a popular target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.

Buy iThemes Security Pro


Dan Knauss
Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
A security-riddled computer monitor. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – September 27, 2023
A computer riddled with security issue alerts. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – September 20, 2023
WordPress vulnerability report
WordPress Vulnerability Report – September 13, 2023
WordPress Vulnerability Report
WordPress Vulnerability Report – September 6, 2023

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Report
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.
No spam. Unsubscribe anytime.