WordPress Vulnerability Report

This week, 79 total vulnerabilities emerged in public disclosure. They may affect over 3 million WordPress sites. There are 55 plugin vulnerabilities that have security patches available, so run those updates!

Additionally, there are 24 plugin vulnerabilities with no patch available yet. If you are using any unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or the vulnerable software has been closed and dropped from the official WordPress theme and plugin repositories, you should consider deactivation and removal in favor of alternative solutions.

WordPress Core Vulnerabilities — Patched

No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WooCommerce Stripe Payment Gateway

Plugin: WooCommerce Stripe Payment Gateway
Plugin Slug: woocommerce-gateway-stripe
Installations: 900,000+
Vulnerability: Unauthenticated Broken Access Control
Patched in Version: 7.4.1
Severity Score: High
CVE: 2023-35049

WooCommerce Stripe Payment Gateway

Plugin: WooCommerce Stripe Payment Gateway
Plugin Slug: woocommerce-gateway-stripe
Installations: 900,000+
Vulnerability: Insecure Direct Object References (IDOR)
Patched in Version: 7.4.1
Severity Score: High
CVE: 2023-34000

Password Protected

Plugin: Password Protected
Plugin Slug: password-protected
Installations: 300,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 2.6.3
Severity Score: Medium
CVE: 2023-32580

Photo Gallery by 10Web

Plugin: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug: photo-gallery
Installations: 200,000+
Vulnerability: Broken Access Control
Patched in Version: 1.8.16
Severity Score: Medium
CVE: 2023-33995

Unlimited Elements For Elementor

Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability: Unrestricted Zip Extraction
Patched in Version: 1.5.67
Severity Score: Critical
CVE: 2023-33930

Download Monitor

Plugin: Download Monitor
Plugin Slug: download-monitor
Installations: 100,000+
Vulnerability: Arbitrary File Upload
Patched in Version: 4.8.4
Severity Score: Critical
CVE: 2023-34007

WooCommerce Square

Plugin: WooCommerce Square
Plugin Slug: woocommerce-square
Installations: 100,000+
Vulnerability: Insecure Direct Object References (IDOR)
Patched in Version: 3.8.2
Severity Score: High
CVE: 2023-35876

Conditional Menus

Plugin: Conditional Menus
Plugin Slug: conditional-menus
Installations: 70,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.2.1
Severity Score: High
CVE: 2023-2654

Dokan

Plugin: Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy
Plugin Slug: dokan-lite
Installations: 60,000+
Vulnerability: PHP Object Injection
Patched in Version: 3.7.20
Severity Score: Medium
CVE: 2023-34382

Dynamic Visibility for Elementor

Plugin: Dynamic Visibility for Elementor
Plugin Slug: dynamic-visibility-for-elementor
Installations: 40,000+
Vulnerability: Broken Access Control
Patched in Version: 5.0.6
Severity Score: Medium
CVE: 2023-35046

Super Socializer

Plugin: Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug: super-socializer
Installations: 40,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 7.13.53
Severity Score: Medium
CVE: 2023-35882

Super Socializer

Plugin: Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug: super-socializer
Installations: 40,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 7.13.52
Severity Score: High
CVE: 2023-2779

Gutenverse – Gutenberg Blocks – Page Builder for Site Editor

Plugin: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
Plugin Slug: gutenverse
Installations: 30,000+
Vulnerability: Broken Access Control
Patched in Version: 1.8.6
Severity Score: Medium
CVE: 2023-35875

Stock Manager for WooCommerce

Plugin: Stock Manager for WooCommerce
Plugin Slug: woocommerce-stock-manager
Installations: 30,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.11.0
Severity Score: Medium
CVE: 2023-35091

myCred plugin

Plugin: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Plugin Slug: mycred
Installations: 20,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 2.5.1
Severity Score: Medium
CVE: 2023-35096

CMS Commander

Plugin: CMS Commander – Manage Multiple Sites
Plugin Slug: cms-commander-client
Installations: 10,000+
Vulnerability: Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
Patched in Version: 2.288
Severity Score: High
CVE: 2023-3325

Directorist

Plugin: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Plugin Slug: directorist
Installations: 10,000+
Vulnerability: Arbitrary Content Deletion
Patched in Version: 7.5.5
Severity Score: Medium
CVE: 2023-35052

File Renaming on Upload

Plugin: File Renaming on Upload
Plugin Slug: file-renaming-on-upload
Installations: 10,000+
Vulnerability: Admin+ Stored Cross Site Scripting (XSS)
Patched in Version: 2.5.2
Severity Score: Medium
CVE: 2023-2684

LWS Tools

Plugin: LWS Tools
Plugin Slug: lws-tools
Installations: 10,000+
Vulnerability: Multiple Cross Site Request Forgery (CSRF)
Patched in Version: 2.4.2
Severity Score: Medium
CVE: 2023-35774

SupportCandy

Plugin: SupportCandy – Helpdesk & Support Ticket System
Plugin Slug: supportcandy
Installations: 10,000+
Vulnerability: Subscriber+ SQL Injection
Patched in Version: 3.1.7
Severity Score: High
CVE: 2023-2719

SupportCandy

Plugin: SupportCandy – Helpdesk & Support Ticket System
Plugin Slug: supportcandy
Installations: 10,000+
Vulnerability: Admin+ SQL Injection
Patched in Version: 3.1.7
Severity Score: High
CVE: 2023-2805

YaySMTP

Plugin: YaySMTP – Simple WP SMTP Mail
Plugin Slug: yaysmtp
Installations: 6,000+
Vulnerability: Unauthenticated Stored Cross Site Scripting (XSS)
Patched in Version: 2.4.6
Severity Score: High
CVE: 2023-3093

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: SQL Injection
Patched in Version: 3.9.8
Severity Score: High
CVE: 2022-47614

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Product Limit Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3203

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Order Message Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3200

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Order Title Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3199

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Order Title Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3201

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Order Status Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3198

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Cross Site Request Forgery (CSRF) to Firebase Server Key Update
Patched in Version: 3.9.7
Severity Score: Medium
CVE: 2023-3202

MStore API

Plugin: MStore API
Plugin Slug: mstore-api
Installations: 5,000+
Vulnerability: Missing Authorization
Patched in Version: 3.9.6
Severity Score: Medium

WP Custom Cursors

Plugin: WP Custom Cursors | WordPress Cursor Plugin
Plugin Slug: wp-custom-cursors
Installations: 5,000+
Vulnerability: Admin+ SQL Injection
Patched in Version: 3.2
Severity Score: High
CVE: 2023-2221

AI ChatBot

Plugin: AI ChatBot
Plugin Slug: chatbot
Installations: 4,000+
Vulnerability: Admin+ Stored Cross Site Scripting (XSS)
Patched in Version: 4.5.5
Severity Score: Medium
CVE: 2023-2742

AI ChatBot

Plugin: AI ChatBot
Plugin Slug: chatbot
Installations: 4,000+
Vulnerability: Admin+ Stored Cross Site Scripting (XSS)
Patched in Version: 4.5.6
Severity Score: Medium
CVE: 2023-2811

Integration for Contact Form 7 and Zoho CRM, Bigin

Plugin: Integration for Contact Form 7 and Zoho CRM, Bigin
Plugin Slug: cf7-zoho
Installations: 3,000+
Vulnerability: Admin+ SQL Injection
Patched in Version: 1.2.4
Severity Score: High
CVE: 2023-2527

CHP Ads Block Detector

Plugin: CHP Ads Block Detector
Plugin Slug: chp-ads-block-detector
Installations: 3,000+
Vulnerability: Authenticated (Subscriber+) Stored Cross Site Scripting (XSS)
Patched in Version: 3.9.8
Severity Score: Medium
CVE: 2023-2354

Recipe Maker For Your Food Blog from Zip Recipes

Plugin: Recipe Maker For Your Food Blog from Zip Recipes
Plugin Slug: zip-recipes
Installations: 3,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 8.0.8
Severity Score: Medium
CVE: 2023-35089

All Bootstrap Blocks

Plugin: All Bootstrap Blocks
Plugin Slug: all-bootstrap-blocks
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.3.7
Severity Score: Medium
CVE: 2023-35047

ARMember

Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug: armember-membership
Installations: 2,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 4.0.3
Severity Score: Medium
CVE: 2023-33323

Core Web Vitals & PageSpeed Booster

Plugin: Core Web Vitals & PageSpeed Booster
Plugin Slug: core-web-vitals-pagespeed-booster
Installations: 2,000+
Vulnerability: Open Redirection
Patched in Version: 1.0.13
Severity Score: Medium
CVE: 2023-35883

Extra User Details

Plugin: Extra User Details
Plugin Slug: extra-user-details
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 0.5.1
Severity Score: Medium
CVE: 2023-35877

Extra User Details

Plugin: Extra User Details
Plugin Slug: extra-user-details
Installations: 2,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 0.5.1
Severity Score: Medium
CVE: 2023-35878

WP Directory Kit

Plugin: WP Directory Kit
Plugin Slug: wpdirectorykit
Installations: 2,000+
Vulnerability: Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action
Patched in Version: 1.2.4
Severity Score: Medium
CVE: 2023-2351

Church Admin

Plugin: Church Admin
Plugin Slug: church-admin
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 3.7.30
Severity Score: High
CVE: 2023-34021

Contact Forms by Cimatti

Plugin: WordPress Contact Forms by Cimatti
Plugin Slug: contact-forms
Installations: 1,000+
Vulnerability: Broken Access Control
Patched in Version: 1.5.8
Severity Score: Medium
CVE: 2023-35051

WordPress Contact Forms by Cimatti

Plugin: WordPress Contact Forms by Cimatti
Plugin Slug: contact-forms
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF) via _accua_forms_form_edit_action
Patched in Version: 1.5.8
Severity Score: Medium
CVE: 2023-2563

EventPrime

Plugin: EventPrime – Modern Events Calendar, Bookings and Tickets
Plugin Slug: eventprime-event-calendar-management
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: 3.0.6
Severity Score: High
CVE: 2023-35884

WP PDF Generator

Plugin: WP PDF Generator
Plugin Slug: wp-pdf-generator
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.2.3
Severity Score: Medium
CVE: 2023-35038

Zephyr Project Manager

Plugin: Zephyr Project Manager
Plugin Slug: zephyr-project-manager
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 3.3.94
Severity Score: Medium
CVE: 2023-34373

LWS Cleaner

Plugin: LWS Cleaner
Plugin Slug: lws-cleaner
Installations: 900+
Vulnerability: Multiple Cross Site Request Forgery (CSRF)
Patched in Version: 2.3.1
Severity Score: Medium
CVE: 2023-35781

WP Sticky Social

Plugin: WP Sticky Social
Plugin Slug: wp-sticky-social
Installations: 300+
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched in Version: 1.0.2
Severity Score: High
CVE: 2023-3320

Booking and Rental Manager

Plugin: Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress and all Kinds of Equipment
Plugin Slug: booking-and-rental-manager-for-woocommerce
Installations: 200+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: 1.2.2
Severity Score: Medium
CVE: 2023-35048

Front User Submit | Front Editor

Plugin: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Plugin Slug: front-editor
Installations: 200+
Vulnerability: Authenticated (Subscriber+) Stored Cross Site Scripting (XSS)
Patched in Version: 3.8.0
Severity Score: Medium

Form Maker

Plugin: Contact Form by WD
Plugin Slug: contact-form-maker
Vulnerability: Missing Authorization in check_score
Patched in Version: 1.15.17
Severity Score: Medium

WooCommerce Brands

Plugin: WooCommerce Brands
Plugin Slug: woocommerce-brands
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: 1.6.50
Severity Score: Medium
CVE: 2023-35880

WooCommerce Product Vendors

Plugin: WooCommerce Product Vendors
Plugin Slug: woocommerce-product-vendors
Vulnerability: Shop Manager+ SQL Injection
Patched in Version: 2.1.79
Severity Score: High
CVE: 2023-35879

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Seed Fonts

Plugin: Seed Fonts
Plugin Slug: seed-fonts
Installations: 20,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35779

Flo Forms

Plugin: Flo Forms – Easy Drag & Drop Form Builder
Plugin Slug: flo-forms
Installations: 10,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35095

MasterStudy LMS

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35090

MasterStudy LMS

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35093

Form Builder

Plugin: Form Builder | Create Responsive Contact Forms
Plugin Slug: contact-form-add
Installations: 6,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-23795

Google Map Shortcode

Plugin: Google Map Shortcode
Plugin Slug: google-map-shortcode
Installations: 4,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-35772

WP Matterport Shortcode

Plugin: WP Matterport Shortcode
Plugin Slug: shortcode-gallery-for-matterport-showcase
Installations: 4,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35094

Sermon’e – Sermons Online

Plugin: Sermon'e – Sermons Online
Plugin Slug: sermone-online-sermons-management
Installations: 3,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35776

Template Debugger

Plugin: Template Debugger
Plugin Slug: quick-edit-template-link
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35773

Securimage-WP

Plugin: Securimage-WP
Plugin Slug: securimage-wp
Installations: 2,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35044

breadcrumb simple

Plugin: breadcrumb simple
Plugin Slug: breadcrumb-simple
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35092

Fat Rat Collect

Plugin: ????(Fat Rat Collect) ????????????????, ???????????????????????????
Plugin Slug: fat-rat-collect
Installations: 1,000+
Vulnerability: Broken Access Control
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35045

Galleria

Plugin: Galleria
Plugin Slug: galleria
Installations: 1,000+
Vulnerability: Cross Site Request Forgery (CSRF)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-35780

Who Hit The Page – Hit Counter

Plugin: Who Hit The Page – Hit Counter
Plugin Slug: who-hit-the-page-hit-counter
Installations: 1,000+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-25466

WordPress NextGen GalleryView

Plugin: WordPress NextGen GalleryView
Plugin Slug: wordpress-nextgen-galleryview
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-35098

WP Affiliate Links

Plugin: WP Affiliate Links
Plugin Slug: wp-affiliate-links
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-35097

WP Backup Manager

Plugin: WP Backup Manager
Plugin Slug: wp-backup-manager
Installations: 1,000+
Vulnerability: Reflected Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: High
CVE: 2023-35775

MojoPlug Slide Panel

Plugin: MojoPlug Slide Panel
Plugin Slug: mojoplug-slide-panel
Installations: 800+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23807

Smoothscroller

Plugin: Smoothscroller
Plugin Slug: smoothscroller
Installations: 800+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-23811

wpView

Plugin: Display Custom Fields – wpView
Plugin Slug: wpview
Installations: 200+
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-33213

Login Configurator

Plugin: Login Configurator
Plugin Slug: login-configurator
Vulnerability: Cross Site Scripting (XSS)
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-34369

Upload Resume

Plugin: Upload Resume
Plugin Slug: resume-upload-form
Vulnerability: Captcha Bypass Vulnerability
Patched in Version: No Fix
Severity Score: Medium
CVE: 2023-2751

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

No new WordPress theme vulnerabilities were disclosed this week.

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.

Scans Your Website Twice a Day for Vulnerabilities

Your website’s plugins, themes, and WordPress core versions are checked against the Patchstack Vulnerability Database for the latest vulnerability disclosures.

Automatically Updates if a Security Fix is Available

Paired with Version Management, iThemes Security will automatically update a plugin, theme, or WordPress core version if it has a vulnerability.

Emails You a Warning if Site Scan Detects a Vulnerability

You can receive an email report if your site is running vulnerable versions of a plugin, theme, or WordPress core. Customize the email addresses that receive scan results.

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress currently powers over 40% of all websites, so it has become a popular target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.

Buy iThemes Security Pro

Dan Knauss

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.

WordPress Vulnerability Report – June 21, 2023

WordPress Core Vulnerabilities — Patched

WordPress Plugin Vulnerabilities — Patched

WordPress Plugin Vulnerabilities — Unpatched

WordPress Theme Vulnerabilities

Never worry about running a vulnerable plugin or theme again.

Scans Your Website Twice a Day for Vulnerabilities

Automatically Updates if a Security Fix is Available

Emails You a Warning if Site Scan Detects a Vulnerability

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

Other related posts

About iThemes

Resources

Customers

Top Products

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Weekly WordPress Vulnerability Report