WordPress Vulnerability Report

This week, the total number of patched and unpatched vulnerabilities is low but still may affect five million+ WordPress sites. There are 55 plugin vulnerabilities and two themes with security patches available, so run those updates if you use these plugins! Additionally, there are 18 plugin vulnerabilities with no patch available yet. At least three of these have been closed and dropped from the wordpress.org plugin directory so far. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable plugin or theme has been closed, you should consider deactivation and removal in favor of alternative solutions.

No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

WordPress Core News

WordPress 6.2 is the first major release of 2023, with over 900 enhancements and fixes. You’ll notice a reimagined Site Editor, blocks get even better, and new tools and improvements in WordPress 6.2. As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.2 automatically. You can download WordPress 6.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.2 HelpHub documentation page.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Advanced Custom Fields

Plugin: Advanced Custom Fields (ACF)
Plugin Slug: advanced-custom-fields
Installations: 2,000,000+
Vulnerability: PHP Object Injection
Patched in Version: 6.1.0
Severity Score: High

Custom Post Type UI

Plugin: Custom Post Type UI
Plugin Slug: custom-post-type-ui
Installations: 1,000,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.13.5
Severity Score: Medium

WPCode

Plugin: WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager
Plugin Slug: insert-headers-and-footers
Installations: 1,000,000+
Vulnerability: Cross-Site Request Forgery (CSRF)
Patched in Version: 2.0.9
Severity Score: Medium
CVE: 2023-1624

Happy Addons for Elementor

Plugin: Happy Addons for Elementor
Plugin Slug: happy-elementor-addons
Installations: 300,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.8.3
Severity Score: Medium
CVE: 2023-28989

Plugin: Newsletter – Send awesome emails from WordPress
Plugin Slug: newsletter
Installations: 300,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 7.6.9
Severity Score: High

Slimstat Analytics

Plugin: Slimstat Analytics
Plugin Slug: wp-slimstat
Installations: 100,000+
Vulnerability: SQL Injection
Patched in Version: 4.9.3.4
Severity Score: High

WC Fields Factory

Plugin: WC Fields Factory
Plugin Slug: wc-fields-factory
Vulnerability: SQL Injection
Patched in Version: 4.1.6
Severity Score: High

Enhanced WP Contact Form

Plugin: Enhanced WP Contact Form
Plugin Slug: enhanced-wordpress-contactform
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.3
Severity Score: Medium
CVE: 2023-23812

AJAX Search Pro

Plugin: Ajax Search Pro
Plugin Slug: ajax-search-pro
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.26.2
Severity Score: Medium
CVE: 2023-1435

AJAX Search Lite

Plugin: Ajax Search Lite
Plugin Slug: ajax-search-lite
Installations: 70,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.11.1
Severity Score: Medium
CVE: 2023-1420

Simple Author Box

Plugin: Simple Author Box
Plugin Slug: simple-author-box
Installations: 60,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.51
Severity Score: Medium

Advanced Shipment Tracking for WooCommerce

Plugin: Advanced Shipment Tracking for WooCommerce
Plugin Slug: woo-advanced-shipment-tracking
Installations: 60,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.5.3
Severity Score: Medium
CVE: 2022-41635

Maps Widget for Google Maps

Plugin: Maps Widget for Google Maps
Plugin Slug: google-maps-widget
Installations: 50,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 4.24
Severity Score: Medium

Popup Anything

Plugin: Popup Anything – A Marketing Popup and Lead Generation Conversions
Plugin Slug: popup-anything-on-click
Installations: 50,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.2.2
Severity Score: Medium
CVE: 2022-38077

Feed Them Social

Plugin: Feed Them Social – Page, Post, Video, and Photo Galleries
Plugin Slug: feed-them-social
Installations: 40,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 4.0.8
Severity Score: Medium

Gallery by BestWebSoft

Plugin: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
Plugin Slug: gallery-plugin
Installations: 20,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.7.0
Severity Score: Medium
CVE: 2023-0764

WP Meta SEO

Plugin: WP Meta SEO
Plugin Slug: wp-meta-seo
Installations: 20,000+
Vulnerability: Deserialization of untrusted data
Patched in Version: 4.5.5
Severity Score: Medium
CVE: 2023-1381

Direct checkout, Add to cart redirect for WooCommerce

Plugin: Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce
Plugin Slug: add-to-cart-direct-checkout-for-woocommerce
Installations: 10,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.1.49
Severity Score: Medium
CVE: 2023-28988

Affiliates Manager

Plugin: Affiliates Manager
Plugin Slug: affiliates-manager
Installations: 10,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.9.21
Severity Score: Medium
CVE: 2023-28986

MasterStudy LMS

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability: Broken Access Control
Patched in Version: 2.9.35
Severity Score: Medium

WP Ultimate Review

Plugin: Wp Ultimate Review
Plugin Slug: wp-ultimate-review
Installations: 10,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.1.0
Severity Score: Medium
CVE: 2023-28987

WP Ultimate Review

Plugin: Wp Ultimate Review
Plugin Slug: wp-ultimate-review
Installations: 10,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.1.0
Severity Score: Medium
CVE: 2023-28751

WP VR

Plugin: WP VR – 360 Panorama and Virtual Tour Builder For WordPress
Plugin Slug: wpvr
Installations: 10,000+
Vulnerability: Broken Access Control
Patched in Version: 8.3.0
Severity Score: Medium
CVE: 2023-1414

Zippy

Plugin: Zippy
Plugin Slug: zippy
Installations: 10,000+
Vulnerability: Sensitive Data Exposure
Patched in Version: 1.6.2
Severity Score: Medium
CVE: 2023-26533

Magic Post Thumbnail

Plugin: Magic Post Thumbnail
Plugin Slug: magic-post-thumbnail
Installations: 9,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.1.11
Severity Score: High
CVE: 2023-29171

WP EasyCart

Plugin: Shopping Cart & eCommerce Store
Plugin Slug: wp-easycart
Installations: 6,000+
Vulnerability: Local File Inclusion
Patched in Version: 5.4.3
Severity Score: High
CVE: 2023-1124

WPMobile.App

Plugin: WPMobile.App — Android and iOS Mobile Application
Plugin Slug: wpappninja
Installations: 6,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 11.21
Severity Score: Medium
CVE: 2023-28932

Configurable Tag Cloud

Plugin: Configurable Tag Cloud (CTC)
Plugin Slug: configurable-tag-cloud-widget
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 5.3
Severity Score: Medium
CVE: 2023-28995

TF Random Numbers

Plugin: Themeflection Numbers – Number Counter and Animated Numbers
Plugin Slug: tf-numbers-number-counter-animaton
Installations: 5,000+
Vulnerability: Broken Access Control
Patched in Version: 2.0.1
Severity Score: Medium
CVE: 2023-0889

Advanced Local Pickup for WooCommerce

Plugin: Advanced Local Pickup for WooCommerce
Plugin Slug: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability: Other Vulnerability Type
Patched in Version: 1.5.3
Severity Score: Medium
CVE: 2022-40702

ChatBot

Plugin: AI ChatBot
Plugin Slug: chatbot
Installations: 4,000+
Vulnerability: Broken Access Control
Patched in Version: 4.4.8
Severity Score: Medium

Sp*tify Play Button

Plugin: Sp*tify Play Button for WordPress
Plugin Slug: spotify-play-button-for-wordpress
Installations: 4,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.08
Severity Score: Medium
CVE: 2023-1840

Trending/Popular Post Slider and Widget

Plugin: Trending/Popular Post Slider and Widget
Plugin Slug: wp-trending-post-slider-and-widget
Installations: 4,000+
Vulnerability: Broken Access Control
Patched in Version: 1.5.8
Severity Score: Medium
CVE: 2022-46846

Full Width Banner Slider

Plugin: Full Width Banner Slider Wp
Plugin Slug: full-width-responsive-slider-wp
Installations: 3,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.1.8
Severity Score: High
CVE: 2023-24392

Quick Paypal Payments

Plugin: Quick Paypal Payments
Plugin Slug: quick-paypal-payments
Installations: 3,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 5.7.26.4
Severity Score: Medium

Coupon Affiliates

Plugin: Coupon Affiliates – WooCommerce Affiliate Plugin
Plugin Slug: woo-coupon-usage
Installations: 3,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 5.4.4
Severity Score: High
CVE: 2023-28992

PropertyHive

Plugin: PropertyHive
Plugin Slug: propertyhive
Installations: 2,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.5.47
Severity Score: High
CVE: 2023-29172

Affiliate Toolkit

Plugin: affiliate-toolkit – WordPress Affiliate Plugin
Plugin Slug: affiliate-toolkit-starter
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.3.4
Severity Score: Medium
CVE: 2023-23786

Albo Pretorio On line

Plugin: Albo Pretorio On line
Plugin Slug: albo-pretorio-on-line
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.6.2
Severity Score: High
CVE: 2023-28993

Conditional Extra Fees for WooCommerce

Plugin: Conditional cart fee / Extra charge rule for WooCommerce extra fees
Plugin Slug: conditional-extra-fees-for-woocommerce
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.0.97
Severity Score: Medium
CVE: 2023-29093

Product Enquiry for WooCommerce

Plugin: Product Enquiry for WooCommerce, WooCommerce product catalog
Plugin Slug: enquiry-quotation-for-woocommerce
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.2.13
Severity Score: Medium
CVE: 2023-29170

Order Date and Time for WooCommerce

Plugin: Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce
Plugin Slug: pi-woocommerce-order-date-time-and-type
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.0.20
Severity Score: Medium
CVE: 2023-28991

Product Page Shipping Calculator for WooCommerce

Plugin: Product page shipping calculator for WooCommerce
Plugin Slug: product-page-shipping-calculator-for-woocommerce
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.3.21
Severity Score: Medium
CVE: 2023-29094

WishSuite – Wishlist for WooCommerce

Plugin: WishSuite – Wishlist for WooCommerce
Plugin Slug: wishsuite
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.3.4
Severity Score: Medium
CVE: 2023-23731

CopySafe Web Protection

Plugin: CopySafe Web Protection
Plugin Slug: wp-copysafe-web
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.14
Severity Score: High
CVE: 2023-29098

SMTP Mailing Queue

Plugin: SMTP Mailing Queue
Plugin Slug: smtp-mailing-queue
Installations: 900+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.0.0
Severity Score: Medium

HT Builder

Plugin: HT Builder – WordPress Theme Builder for Elementor
Plugin Slug: ht-builder
Installations: 500+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.3.0
Severity Score: Medium

Mobile Banner

Plugin: Mobile Banner
Plugin Slug: mobile-banner
Installations: 100+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.6
Severity Score: Medium
CVE: 2023-28930

Easy Quiz Maker

Plugin: Easy Quiz Maker
Plugin Slug: n-media-wp-simple-quiz
Installations: 100+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.0
Severity Score: High

Welcome Bar

Plugin: Welcome Bar
Plugin Slug: intelly-welcome-bar
Installations: 30+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.0.4
Severity Score: Medium

Welcome Bar

Plugin: Welcome Bar
Plugin Slug: intelly-welcome-bar
Installations: 30+
Vulnerability: Broken Access Control
Patched in Version: 2.0.4
Severity Score: Medium

Add User Role

Plugin: Add User Role
Plugin Slug: add-user-role
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.6.7
Severity Score: High
CVE: 2023-0820

HappyFiles Pro

Plugin: HappyFiles Pro
Plugin Slug: happyfiles-pro
Vulnerability: Arbitrary File Deletion
Patched in Version: 1.8.2
Severity Score: High
CVE: 2023-25446

HappyFiles Pro

Plugin: HappyFiles Pro
Plugin Slug: happyfiles-pro
Vulnerability: Broken Access Control
Patched in Version: 1.8.2
Severity Score: Medium
CVE: 2023-25445

Image Over Image For WPBakery Page Builder

Plugin: Image Over Image For WPBakery Page Builder
Plugin Slug: image-over-image-vc-extension
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.0
Severity Score: Medium
CVE: 2023-0399

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WC Fields Factory

Plugin: WC Fields Factory
Plugin Slug: wc-fields-factory
Vulnerability: SQL Injection
Patched in Version: No Fix
Severity Score: High
CVE: 2023-0277

Swatchly – WooCommerce Variation Swatches for Products

Plugin: Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)
Plugin Slug: swatchly
Installations: 6,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23792

PixFields

Plugin: PixFields
Plugin Slug: pixfields
Installations: 4,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2022-46844

Libsyn Publisher Hub

Plugin: Libsyn Publisher Hub
Plugin Slug: libsyn-podcasting
Installations: 3,000+
Vulnerability: Sensitive Data Exposure
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-25057

WordPress Comment Reply Notification plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Plugin: Comment Reply Notification
Plugin Slug: comment-reply-notification
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-25051

Easy Media Replace

Plugin: Easy Media Replace
Plugin Slug: easy-media-replace
Installations: 2,000+
Vulnerability: Arbitrary File Deletion
Patched in Version: No Fix
Severity Score: High
CVE: 2022-46850

HT Menu – WordPress Mega Menu Builder for Elementor

Plugin: HT Menu – WordPress Mega Menu Builder for Elementor
Plugin Slug: ht-menu-lite
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23791

JustTables – WooCommerce Product Table

Plugin: JustTables – WooCommerce Product Table
Plugin Slug: just-tables
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23803

LionScripts: IP Blocker Lite

Plugin: LionScripts: IP Blocker Lite
Plugin Slug: ip-address-blocker
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23993

Really Simple Google Tag Manager

Plugin: Really Simple Google Tag Manager
Plugin Slug: really-simple-google-tag-manager
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23801

Social Proof (Testimonial) Slider

Plugin: Social Proof (Testimonial) Slider
Plugin Slug: social-proof-testimonials-slider
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-24389

Premmerce Redirect Manager

Plugin: Premmerce Redirect Manager
Plugin Slug: premmerce-redirect-manager
Installations: 900+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23787

Premmerce Redirect Manager

Plugin: Premmerce Redirect Manager
Plugin Slug: premmerce-redirect-manager
Installations: 900+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23789

Custom More Link Complete

Plugin: Custom More Link Complete
Plugin Slug: custom-more-link-complete
Installations: 800+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23788

Woocommerce Custom Checkout Fields Editor With Drag & Drop

Plugin: Woocommerce Custom Checkout Fields Editor With Drag & Drop
Plugin Slug: woo-custom-checkout-fields
Installations: 400+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2022-46864

Solidres

Plugin: Solidres – Hotel booking plugin for WordPress
Plugin Slug: solidres
Installations: 100+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-1377

Gift Cards (Gift Vouchers and Packages) for WooCommerce

Plugin: Gift Vouchers
Plugin Slug: gift-voucher
Vulnerability: SQL Injection
Patched in Version: No Fix
Severity Score: Critical
CVE: 2023-28662

Product Specifications for WooCommerce

Plugin: Product Specifications for Woocommerce
Plugin Slug: product-specifications
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2022-46858

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

Viral Mag

Theme: Viral Mag
Theme Slug: viral-mag
Downloads: 16,279
Vulnerability: Broken Authentication
Patched in Version: 1.1.0
Severity Score: Medium
CVE: 2023-28990

Outdoor

Theme: Outdoor
Theme Slug: outdoor
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 3.9.7
Severity Score: High
CVE: 2023-29236

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.

Scans Your Website Twice a Day for Vulnerabilities

Your website’s plugins, themes, and WordPress core versions are checked against the Patchstack Vulnerability Database for the latest vulnerability disclosures.

Automatically Updates if a Security Fix is Available

Paired with Version Management, iThemes Security will automatically update a plugin, theme, or WordPress core version if it has a vulnerability.

Emails You a Warning if Site Scan Detects a Vulnerability

You can receive an email report if your site is running vulnerable versions of a plugin, theme, or WordPress core. Customize the email addresses that receive scan results.

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress currently powers over 40% of all websites, so it has become a popular target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.

Buy iThemes Security Pro

iThemes Editorial Team

Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.

WordPress Vulnerability Report – April 5, 2023

WordPress Core News

WordPress Plugin Vulnerabilities with Patches

WordPress Plugin Vulnerabilities – No Known Fix

WordPress Theme Vulnerabilities

Never worry about running a vulnerable plugin or theme again.

Scans Your Website Twice a Day for Vulnerabilities

Automatically Updates if a Security Fix is Available

Emails You a Warning if Site Scan Detects a Vulnerability

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

Other related posts

About iThemes

Resources

Customers

Top Products

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Weekly WordPress Vulnerability Report