Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

WordPress Vulnerability Report – March 1, 2023

Written by iThemes Editorial Team on March 1, 2023

Last Updated on March 1, 2023

Vulnerable plugins and themes are some of the most common vectors for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since last week’s report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

Contents of the March 1, 2023 Report
  1. The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.
  2. WordPress Core News
    1. WordPress 6.2 Beta 4
    2. Gutenberg 15.2
  3. WordPress Plugin Vulnerabilities
    1. WordPress All in One SEO Pack plugin
    2. WordPress All in One SEO Pack plugin
    3. WordPress Starter Templates plugin
    4. WordPress ProfilePress plugin
    5. WordPress Advanced Database Cleaner plugin
    6. WordPress Strong Testimonials plugin
    7. WordPress VK All in One Expansion Unit plugin
    8. WordPress Contextual Related Posts plugin
    9. WordPress Media Library Assistant plugin
    10. WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin
    11. WordPress WP Table Builder – WordPress Table Plugin plugin
    12. WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin
    13. WordPress Feed Them Social – for Twitter feed, Youtube and more plugin
    14. WordPress The Post Grid plugin
    15. WordPress 10Web Booster
    16. WordPress Top 10 plugin
    17. WordPress Top 10 plugin
    18. WordPress Minify HTML plugin
    19. WordPress Redirect Redirection plugin
    20. WordPress Wholesale Suite plugin
    21. WordPress WP Meta SEO plugin
    22. WordPress WP Meta SEO plugin
    23. WordPress Maspik – Spam blacklist plugin
    24. WordPress Video Gallery – YouTube Gallery plugin
    25. WordPress Video Gallery – YouTube Gallery plugin
    26. WordPress Paytm Payment Gateway plugin
    27. WordPress UsersWP plugin
    28. WordPress Japanized For WooCommerce plugin
    29. WordPress My YouTube Channel plugin
    30. WordPress WordPress Tooltips plugin
    31. WordPress Client Portal plugin
    32. WordPress Etsy Shop plugin
    33. WordPress WPMobile.App – Android and iOS Mobile Application plugin
    34. WordPress Dashboard Widgets Suite plugin
    35. WordPress Publish to Schedule plugin
    36. WordPress Publish to Schedule plugin
    37. WordPress Read More Excerpt Link plugin
    38. WordPress Auto Affiliate Links plugin
    39. WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin
    40. WordPress Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin
    41. WordPress Community by PeepSo plugin
    42. WordPress Sp*tify Play Button for WordPress plugin
    43. WordPress Drag and Drop Multiple File Upload for WooCommerce plugin
    44. WordPress We're Open! plugin
    45. WordPress Simple YouTube Responsive plugin
    46. WordPress WP Custom Fields Search plugin
    47. WordPress BuddyForms plugin
    48. WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin
    49. WordPress KB Support – WordPress Help Desk plugin
    50. WordPress Multiple Pages Generator by Themeisle plugin
    51. WordPress Simple Slug Translate plugin
    52. WordPress WordPress Books Gallery plugin
    53. WordPress Accordions – Multiple Accordions or FAQs Builder plugin
    54. WordPress Clio Grow plugin
    55. WordPress Calendar Event Multi View plugin
    56. WordPress Sheets To WP Table Live Sync plugin
    57. WordPress Broadcast Live Video plugin
    58. WordPress WP Dynamic Keywords Injector plugin
    59. WordPress WordPress Stripe Donation plugin
    60. WordPress CM Answers plugin
    61. WordPress Coupon Zen plugin
    62. WordPress Houzez Login Register plugin
  4. WordPress Plugin Vulnerabilities – No Known Fix
    1. WordPress All In One Favicon plugin
    2. WordPress Apollo13 Framework Extensions plugin
    3. WordPress Markup plugin
    4. WordPress TypeSquare Webfonts for ConoHa plugin
    5. WordPress All-in-one search automatic push management plug-in – support Baidu/Google/Bing/IndexNow/Yandex/ headlines plugin
    6. WordPress Login Logout Menu plugin
    7. WordPress Jobs for WordPress plugin
    8. WordPress For the visually impaired plugin
    9. WordPress Admin Block Country plugin
    10. WordPress Hero Banner Ultimate plugin
    11. WordPress Theme Tweaker plugin
    12. WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin
    13. WordPress Easy Google Analytics for WordPress plugin
    14. WordPress GMAce plugin
    15. WordPress GMAce plugin
    16. WordPress JS Job Manager plugin
    17. WordPress phpinfo() WP plugin
    18. WordPress WP Google Tag Manager plugin
    19. WordPress Bing Site Verification plugin using Meta Tag plugin
    20. WordPress WordPress Custom Settings plugin
    21. WordPress Exquisite PayPal Donation plugin
    22. WordPress Sitemap Index plugin
    23. WordPress Sponsors Carousel plugin
    24. WordPress Stock market charts from finviz plugin
    25. WordPress WP-RecentComments plugin
    26. WordPress WP-RecentComments plugin
    27. WordPress Circles Gallery plugin
    28. WordPress Upload Resume plugin
    29. WordPress Educare – Students & Result Management System plugin
    30. WordPress Custom Login Page plugin
    31. WordPress asMember plugin
    32. WordPress Chat Bee plugin
    33. WordPress Simple Portfolio Gallery plugin
    34. WordPress Conditional Checkout Fields for WooCommerce plugin
    35. WordPress CPT – Speakers plugin
    36. WordPress PayGreen plugin
    37. WordPress Social Login WP plugin
    38. WordPress Zendrop – Global Dropshipping plugin
    39. WordPress Zendrop – Global Dropshipping plugin
  5. WordPress Theme Vulnerabilities
    1. WordPress OceanWP theme
    2. WordPress darcie theme
    3. WordPress Houzez theme
    4. WordPress Real Estate 7 theme
  6. The Best WordPress Security Plugin to Secure & Protect WordPress Sites

The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.

Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

Learn More About Passkeys

WordPress Core News

WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.

WordPress 6.2 Beta 4

WordPress 6.2 Beta 4 rolled out today for testing after being postponed for a few days to deal with a regression. As of Beta 4, over 400 Trac issues have been raised and closed this cycle. The current target for the final release date is still March 28, 2023.

So far, the 6.2 release cycle has made more than 292 enhancements and 354 bug fixes just for the editor. A running total of 289 tickets have been closed in Trac for the 6.2 milestone, with more to come.

In the final 6.2 release, expect to see tight integration with Openverse in the editor and media library. The Navigation block has been significantly improved. A new Style Book feature displays all blocks in the current global styles, and there’s new custom CSS support for your full site and individual blocks. For more details on new features in 6.2, see the Beta 1 release news.

With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.

Gutenberg 15.2

The latest release of the Gutenberg plugin, version 15.2, is available now if you’d like to get a preview of bleeding-edge features. Please note the 15.2 release offers new features that will be included in the WordPress 6.3 core release but not 6.2. These features include revisions for the full site template editor so you can roll back changes to site templates.

Other new features of note in Gutenberg 15.2 are CSS aspect-ratio controls for the Featured Image block for posts and support for border color, style, and width in the Button block. There’s new typography support for the Latest Comments block, and the Post Excerpt block will have an excerpt length limit control. You’ll find accessibility improvements to labeling, tab, arrow key navigation, and the hierarchy of headings in the editor interface. See the version notes for the full details about many other enhancements and bug fixes.

  • No new WordPress core vulnerabilities were disclosed this week.
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
Subscribe now

WordPress Plugin Vulnerabilities

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

WordPress All in One SEO Pack plugin

Product image for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic.
Plugin
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Plugin Slug
all-in-one-seo-pack
Installations
3,000,000+
Vulnerability
Authenticated (Administrator+) Stored Cross-Site Scripting
Patched in Version
4.3.0
Severity Score
Medium
CVE
2023-0585
The vulnerability has been patched, so you should update to version 4.3.0.

WordPress All in One SEO Pack plugin

Product image for All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic.
Plugin
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Plugin Slug
all-in-one-seo-pack
Installations
3,000,000+
Vulnerability
Authenticated (Contributor+) Stored Cross-Site Scripting
Patched in Version
4.3.0
Severity Score
Medium
CVE
2023-0586
The vulnerability has been patched, so you should update to version 4.3.0.

WordPress Starter Templates plugin

Product image for Starter Templates — Elementor, WordPress & Beaver Builder Templates.
Plugin
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Plugin Slug
astra-sites
Installations
1,000,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.1.21
Severity Score
Medium
CVE
2022-46851
The vulnerability has been patched, so you should update to version 3.1.21.

WordPress ProfilePress plugin

Product image for Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.
Plugin
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug
wp-user-avatar
Installations
300,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.5.5
Severity Score
High
CVE
2023-23830
The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Advanced Database Cleaner plugin

Product image for Advanced Database Cleaner.
Plugin
Advanced Database Cleaner
Plugin Slug
advanced-database-cleaner
Installations
100,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.1.2
Severity Score
Medium
CVE
2022-46813
The vulnerability has been patched, so you should update to version 3.1.2.

WordPress Strong Testimonials plugin

Product image for Strong Testimonials.
Plugin
Strong Testimonials
Plugin Slug
strong-testimonials
Installations
100,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.0.3
Severity Score
Medium
CVE
2023-26013
The vulnerability has been patched, so you should update to version 3.0.3.

WordPress VK All in One Expansion Unit plugin

Product image for VK All in One Expansion Unit.
Plugin
VK All in One Expansion Unit
Plugin Slug
vk-all-in-one-expansion-unit
Installations
100,000+
Vulnerability
Reflected Cross-Site Scripting via REQUEST_URI
Patched in Version
9.87.1.0
Severity Score
High
The vulnerability has been patched, so you should update to version 9.87.1.0.

WordPress Contextual Related Posts plugin

Product image for Contextual Related Posts.
Plugin
Contextual Related Posts
Plugin Slug
contextual-related-posts
Installations
70,000+
Vulnerability
Missing Authorization in crp_ajax_clearcache
Patched in Version
3.3.2
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.3.2.

WordPress Media Library Assistant plugin

Product image for Media Library Assistant.
Plugin
Media Library Assistant
Plugin Slug
media-library-assistant
Installations
70,000+
Vulnerability
Admin+ SQL Injection
Patched in Version
3.06
Severity Score
Medium
CVE
2023-0279
The vulnerability has been patched, so you should update to version 3.06.

WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin

Product image for wpDataTables – WordPress Tables & Table Charts Plugin.
Plugin
wpDataTables – WordPress Tables & Table Charts Plugin
Plugin Slug
wpdatatables
Installations
70,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.1.50
Severity Score
Medium
CVE
2023-23876
The vulnerability has been patched, so you should update to version 2.1.50.

WordPress WP Table Builder – WordPress Table Plugin plugin

Product image for WP Table Builder – WordPress Table Plugin.
Plugin
WP Table Builder – WordPress Table Plugin
Plugin Slug
wp-table-builder
Installations
60,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.4.7
Severity Score
Medium
CVE
2022-46852
The vulnerability has been patched, so you should update to version 1.4.7.

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin

Product image for Drag and Drop Multiple File Upload – Contact Form 7.
Plugin
Drag and Drop Multiple File Upload – Contact Form 7
Plugin Slug
drag-and-drop-multiple-file-upload-contact-form-7
Installations
50,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.3.6.6
Severity Score
Medium
CVE
2022-45364
The vulnerability has been patched, so you should update to version 1.3.6.6.

WordPress Feed Them Social – for Twitter feed, Youtube and more plugin

Product image for Feed Them Social – Page, Post, Video, and Photo Galleries.
Plugin
Feed Them Social – Page, Post, Video, and Photo Galleries
Plugin Slug
feed-them-social
Installations
50,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
4.0.0
Severity Score
Medium
CVE
2023-25056
The vulnerability has been patched, so you should update to version 4.0.0.

WordPress The Post Grid plugin

Product image for The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid.
Plugin
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug
the-post-grid
Installations
40,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
5.0.5
Severity Score
Medium
CVE
2022-46853
The vulnerability has been patched, so you should update to version 5.0.5.

WordPress 10Web Booster

Product image for 10Web Booster – Website speed optimization, Cache & Page Speed optimizer.
Plugin
10Web Booster – Website speed optimization, Cache & Page Speed optimizer
Plugin Slug
tenweb-speed-optimizer
Installations
30,000+
Vulnerability
Authorization in Settings Import to Stored Cross-Site Scripting
Patched in Version
2.13.45
Severity Score
High
The vulnerability has been patched, so you should update to version 2.13.45.

WordPress Top 10 plugin

Product image for Top 10  – Popular posts plugin for WordPress.
Plugin
Top 10 – Popular posts plugin for WordPress
Plugin Slug
top-10
Installations
30,000+
Vulnerability
Insufficient Authorization
Patched in Version
3.2.5
Severity Score
Medium
The vulnerability has been patched, so you should update to version 3.2.5.

WordPress Top 10 plugin

Product image for Top 10  – Popular posts plugin for WordPress.
Plugin
Top 10 – Popular posts plugin for WordPress
Plugin Slug
top-10
Installations
30,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.2.5
Severity Score
Medium
CVE
2023-26008
The vulnerability has been patched, so you should update to version 3.2.5.

WordPress Minify HTML plugin

Product image for Minify HTML.
Plugin
Minify HTML
Plugin Slug
minify-html-markup
Installations
20,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.1.8
Severity Score
Medium
CVE
2023-26014
The vulnerability has been patched, so you should update to version 2.1.8.

WordPress Redirect Redirection plugin

Product image for Redirection.
Plugin
Redirection
Plugin Slug
redirect-redirection
Installations
20,000+
Vulnerability
Multiple Missing Authorization
Patched in Version
1.1.4
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.1.4.

WordPress Wholesale Suite plugin

Product image for Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.
Plugin
Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
Plugin Slug
woocommerce-wholesale-prices
Installations
20,000+
Vulnerability
Settings Change
Patched in Version
2.1.5.1
Severity Score
Medium
CVE
2022-34344
The vulnerability has been patched, so you should update to version 2.1.5.1.

WordPress WP Meta SEO plugin

Product image for WP Meta SEO.
Plugin
WP Meta SEO
Plugin Slug
wp-meta-seo
Installations
20,000+
Vulnerability
Cross Site Request Forgery (CSRF) via ‘regenerateSitemaps’
Patched in Version
4.5.4
Severity Score
Medium
CVE
2023-1029
The vulnerability has been patched, so you should update to version 4.5.4.

WordPress WP Meta SEO plugin

Product image for WP Meta SEO.
Plugin
WP Meta SEO
Plugin Slug
wp-meta-seo
Installations
20,000+
Vulnerability
Authenticated (Subscriber+) SQL Injection
Patched in Version
4.5.3
Severity Score
High
The vulnerability has been patched, so you should update to version 4.5.3.

WordPress Maspik – Spam blacklist plugin

Product image for Maspik – Spam blacklist.
Plugin
Maspik – Spam blacklist
Plugin Slug
contact-forms-anti-spam
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
0.7.9
Severity Score
Medium
CVE
2023-24008
The vulnerability has been patched, so you should update to version 0.7.9.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.
Plugin
Video Gallery – Best WordPress YouTube Gallery Plugin
Plugin Slug
gallery-videos
Installations
10,000+
Vulnerability
Broken Access Control
Patched in Version
1.7.7
Severity Score
High
CVE
2023-25988
The vulnerability has been patched, so you should update to version 1.7.7.

WordPress Video Gallery – YouTube Gallery plugin

Product image for Video Gallery – Best WordPress YouTube Gallery Plugin.
Plugin
Video Gallery – Best WordPress YouTube Gallery Plugin
Plugin Slug
gallery-videos
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.7.7
Severity Score
Medium
CVE
2023-25979
The vulnerability has been patched, so you should update to version 1.7.7.

WordPress Paytm Payment Gateway plugin

Product image for Paytm Payment Gateway.
Plugin
Paytm Payment Gateway
Plugin Slug
paytm-payments
Installations
10,000+
Vulnerability
SQL Injection
Patched in Version
2.7.7
Severity Score
High
CVE
2022-45805
The vulnerability has been patched, so you should update to version 2.7.7.

WordPress UsersWP plugin

Product image for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress.
Plugin
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Plugin Slug
userswp
Installations
10,000+
Vulnerability
CSV Injection
Patched in Version
1.2.3.10
Severity Score
Medium
CVE
2022-47442
The vulnerability has been patched, so you should update to version 1.2.3.10.

WordPress Japanized For WooCommerce plugin

Product image for Japanized For WooCommerce.
Plugin
Japanized For WooCommerce
Plugin Slug
woocommerce-for-japan
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.5.5
Severity Score
High
CVE
2023-0942
The vulnerability has been patched, so you should update to version 2.5.5.

WordPress My YouTube Channel plugin

Product image for My YouTube Channel.
Plugin
My YouTube Channel
Plugin Slug
youtube-channel
Installations
9,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.23.4
Severity Score
Medium
CVE
2023-25987
The vulnerability has been patched, so you should update to version 3.23.4.

WordPress WordPress Tooltips plugin

Product image for WordPress Tooltips.
Plugin
WordPress Tooltips
Plugin Slug
wordpress-tooltips
Installations
7,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
8.2.7
Severity Score
Medium
CVE
2023-25985
The vulnerability has been patched, so you should update to version 8.2.7.

WordPress Client Portal plugin

Product image for Client Portal – Private user pages and login.
Plugin
Client Portal – Private user pages and login
Plugin Slug
client-portal
Installations
6,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.1.9
Severity Score
Medium
CVE
2023-25968
The vulnerability has been patched, so you should update to version 1.1.9.

WordPress Etsy Shop plugin

Product image for Etsy Shop.
Plugin
Etsy Shop
Plugin Slug
etsy-shop
Installations
6,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.0.4
Severity Score
Medium
CVE
2023-25975
The vulnerability has been patched, so you should update to version 3.0.4.

WordPress WPMobile.App — Android and iOS Mobile Application plugin

Product image for WPMobile.App — Android and iOS Mobile Application.
Plugin
WPMobile.App — Android and iOS Mobile Application
Plugin Slug
wpappninja
Installations
6,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
11.19
Severity Score
Medium
CVE
2023-26010
The vulnerability has been patched, so you should update to version 11.19.

WordPress Dashboard Widgets Suite plugin

Product image for Dashboard Widgets Suite.
Plugin
Dashboard Widgets Suite
Plugin Slug
dashboard-widgets-suite
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.2.2
Severity Score
Medium
CVE
2023-26517
The vulnerability has been patched, so you should update to version 3.2.2.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.
Plugin
Publish to Schedule
Plugin Slug
publish-to-schedule
Installations
5,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
4.5.5
Severity Score
Medium
CVE
2023-26519
The vulnerability has been patched, so you should update to version 4.5.5.

WordPress Publish to Schedule plugin

Product image for Publish to Schedule.
Plugin
Publish to Schedule
Plugin Slug
publish-to-schedule
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
4.5.4
Severity Score
Medium
CVE
2023-25994
The vulnerability has been patched, so you should update to version 4.5.4.

WordPress Read More Excerpt Link plugin

Product image for Read More Excerpt Link.
Plugin
Read More Excerpt Link
Plugin Slug
read-more-excerpt-link
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.6.1
Severity Score
Medium
CVE
2023-26011
The vulnerability has been patched, so you should update to version 1.6.1.

WordPress Auto Affiliate Links plugin

Product image for Auto Affiliate Links.
Plugin
Auto Affiliate Links
Plugin Slug
wp-auto-affiliate-links
Installations
5,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.3.0.3
Severity Score
Medium
CVE
2023-25973
The vulnerability has been patched, so you should update to version 6.3.0.3.

WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin

Product image for Integration for Contact Form 7 and Zoho CRM, Bigin.
Plugin
Integration for Contact Form 7 and Zoho CRM, Bigin
Plugin Slug
cf7-zoho
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.2.3
Severity Score
Medium
CVE
2023-25976
The vulnerability has been patched, so you should update to version 1.2.3.

WordPress Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin

Product image for Community by PeepSo – Social Network, Membership, Registration, User Profiles.
Plugin
Community by PeepSo – Social Network, Membership, Registration, User Profiles
Plugin Slug
peepso-core
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.0.3.0
Severity Score
Medium
CVE
2023-25967
The vulnerability has been patched, so you should update to version 6.0.3.0.

WordPress Community by PeepSo plugin

Product image for Community by PeepSo – Social Network, Membership, Registration, User Profiles.
Plugin
Community by PeepSo – Social Network, Membership, Registration, User Profiles
Plugin Slug
peepso-core
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
6.0.3.0
Severity Score
Medium
CVE
2022-41633
The vulnerability has been patched, so you should update to version 6.0.3.0.

WordPress Sp*tify Play Button for WordPress plugin

Product image for Sp*tify Play Button for WordPress.
Plugin
Sp*tify Play Button for WordPress
Plugin Slug
spotify-play-button-for-wordpress
Installations
4,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.06
Severity Score
Medium
CVE
2023-26536
The vulnerability has been patched, so you should update to version 2.06.

WordPress Drag and Drop Multiple File Upload for WooCommerce plugin

Product image for Drag and Drop Multiple File Upload for WooCommerce.
Plugin
Drag and Drop Multiple File Upload for WooCommerce
Plugin Slug
drag-and-drop-multiple-file-upload-for-woocommerce
Installations
3,000+
Vulnerability
Unauth. Non-arbitrary file upload/deletion
Patched in Version
1.0.9
Severity Score
Medium
CVE
2022-45377
The vulnerability has been patched, so you should update to version 1.0.9.

WordPress We’re Open! plugin

Product image for We’re Open!.
Plugin
We’re Open!
Plugin Slug
opening-hours
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.47
Severity Score
Medium
CVE
2023-25964
The vulnerability has been patched, so you should update to version 1.47.

WordPress Simple YouTube Responsive plugin

Product image for Simple YouTube Responsive.
Plugin
Simple YouTube Responsive
Plugin Slug
simple-youtube-responsive
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.0
Severity Score
Medium
CVE
2023-25982
The vulnerability has been patched, so you should update to version 3.0.

WordPress WP Custom Fields Search plugin

Product image for WP Custom Fields Search.
Plugin
WP Custom Fields Search
Plugin Slug
wp-custom-fields-search
Installations
3,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.2.35
Severity Score
Medium
CVE
2022-47157
The vulnerability has been patched, so you should update to version 1.2.35.

WordPress BuddyForms plugin

Product image for Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions.
Plugin
Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions
Plugin Slug
buddyforms
Installations
2,000+
Vulnerability
PHP Object Injection
Patched in Version
2.7.8
Severity Score
Medium
The vulnerability has been patched, so you should update to version 2.7.8.

WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin

Product image for CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce.
Plugin
CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce
Plugin Slug
css-js-manager
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.4.49.1
Severity Score
Medium
CVE
2022-47154
The vulnerability has been patched, so you should update to version 2.4.49.1.

WordPress KB Support – WordPress Help Desk plugin

Product image for KB Support – WordPress Help Desk.
Plugin
KB Support – WordPress Help Desk
Plugin Slug
kb-support
Installations
2,000+
Vulnerability
CSV Injection
Patched in Version
1.5.85
Severity Score
Medium
CVE
2023-25983
The vulnerability has been patched, so you should update to version 1.5.85.

WordPress Multiple Pages Generator by Themeisle plugin

Product image for Multiple Page Generator Plugin – MPG.
Plugin
Multiple Page Generator Plugin – MPG
Plugin Slug
multiple-pages-generator-by-porthas
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.3.10
Severity Score
Medium
CVE
2022-47143
The vulnerability has been patched, so you should update to version 3.3.10.

WordPress Simple Slug Translate plugin

Product image for Simple Slug Translate.
Plugin
Simple Slug Translate
Plugin Slug
simple-slug-translate
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.7.3
Severity Score
Medium
CVE
2023-26515
The vulnerability has been patched, so you should update to version 2.7.3.

WordPress WordPress Books Gallery plugin

Product image for WordPress Books Gallery.
Plugin
WordPress Books Gallery
Plugin Slug
wp-books-gallery
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
4.4.9
Severity Score
Medium
CVE
2023-23705
The vulnerability has been patched, so you should update to version 4.4.9.

WordPress Accordions – Multiple Accordions or FAQs Builder plugin

Product image for Accordion – Multiple Accordion or FAQs Builder.
Plugin
Accordion – Multiple Accordion or FAQs Builder
Plugin Slug
accordions-or-faqs
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
2.3.1
Severity Score
Medium
CVE
2023-25962
The vulnerability has been patched, so you should update to version 2.3.1.

WordPress Clio Grow plugin

Plugin
Clio Grow
Plugin Slug
clio-grow-form
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.0.1
Severity Score
Medium
CVE
2023-22683
The vulnerability has been patched, so you should update to version 1.0.1.

WordPress Calendar Event Multi View plugin

Product image for Calendar Event Multi View.
Plugin
Calendar Event Multi View
Plugin Slug
cp-multi-view-calendar
Installations
1,000+
Vulnerability
Broken Access Control
Patched in Version
1.4.15
Severity Score
Low
CVE
2023-23814
The vulnerability has been patched, so you should update to version 1.4.15.

WordPress Sheets To WP Table Live Sync plugin

Product image for Sheets To WP Table Live Sync.
Plugin
Sheets To WP Table Live Sync
Plugin Slug
sheets-to-wp-table-live-sync
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.13.0
Severity Score
Medium
CVE
2023-26535
The vulnerability has been patched, so you should update to version 2.13.0.

WordPress Broadcast Live Video plugin

Product image for Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP.
Plugin
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP
Plugin Slug
videowhisper-live-streaming-integration
Installations
1,000+
Vulnerability
Remote Code Execution (RCE)
Patched in Version
5.5.16
Severity Score
Critical
CVE
2023-25699
The vulnerability has been patched, so you should update to version 5.5.16.

WordPress WP Dynamic Keywords Injector plugin

Product image for WP Dynamic Keywords Injector.
Plugin
WP Dynamic Keywords Injector
Plugin Slug
wp-dynamic-keywords-injector
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
2.3.16
Severity Score
Medium
CVE
2022-47141
The vulnerability has been patched, so you should update to version 2.3.16.

WordPress WordPress Stripe Donation plugin

Product image for Accept Stripe Donation – AidWP.
Plugin
Accept Stripe Donation – AidWP
Plugin Slug
wp-stripe-donation
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
3.1.6
Severity Score
Medium
CVE
2022-47422
The vulnerability has been patched, so you should update to version 3.1.6.

WordPress CM Answers plugin

Product image for CM Answers.
Plugin
CM Answers
Plugin Slug
cm-answers
Installations
800+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.2.0
Severity Score
Medium
CVE
2023-25992
The vulnerability has been patched, so you should update to version 3.2.0.

WordPress Coupon Zen plugin

Product image for Coupon Zen.
Plugin
Coupon Zen
Plugin Slug
coupon-zen
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
1.0.6
Severity Score
Medium
The vulnerability has been patched, so you should update to version 1.0.6.

WordPress Houzez Login Register plugin

Plugin
Houzez Login Register
Plugin Slug
houzez-login-register
Vulnerability
Privilege Escalation
Patched in Version
2.6.4
Severity Score
Critical
CVE
2023-26009
The vulnerability has been patched, so you should update to version 2.6.4.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WordPress All In One Favicon plugin

Product image for All In One Favicon.
Plugin
All In One Favicon
Plugin Slug
all-in-one-favicon
Installations
100,000+
Vulnerability
Arbitrary File Deletion
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-24416
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Apollo13 Framework Extensions plugin

Plugin
Apollo13 Framework Extensions
Plugin Slug
apollo13-framework-extensions
Installations
40,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25959
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Markup plugin

Product image for Markup (JSON-LD) structured in schema.org.
Plugin
Markup (JSON-LD) structured in schema.org
Plugin Slug
wp-structuring-markup
Installations
30,000+
Vulnerability
Contributor+ Stored XSS via Shortcode
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-4666
The vulnerability has not been patched. You should deactivate the plugin.

WordPress TypeSquare Webfonts for ConoHa plugin

Product image for TypeSquare Webfonts for ConoHa.
Plugin
TypeSquare Webfonts for ConoHa
Plugin Slug
ts-webfonts-for-conoha
Installations
20,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25458
The vulnerability has not been patched. You should deactivate the plugin.

WordPress All-in-one search automatic push management plug-in – support Baidu/Google/Bing/IndexNow/Yandex/ headlines plugin

Product image for All-in-one search automatic push management plug-in - support Baidu/Google/Bing/IndexNow/Yandex/headlines.
Plugin
All-in-one search automatic push management plug-in – support Baidu/Google/Bing/IndexNow/Yandex/headlines
Plugin Slug
baidu-submit-link
Installations
10,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26531
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Login Logout Menu plugin

Product image for Login Logout Menu.
Plugin
Login Logout Menu
Plugin Slug
baw-login-logout-menu
Installations
10,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-4622
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Jobs for WordPress plugin

Product image for Jobs for WordPress.
Plugin
Jobs for WordPress
Plugin Slug
job-postings
Installations
9,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26017
The vulnerability has not been patched. You should deactivate the plugin.

WordPress For the visually impaired plugin

Plugin
For the visually impaired
Plugin Slug
for-the-visually-impaired
Installations
8,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25038
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Admin Block Country plugin

Plugin
Admin Block Country
Plugin Slug
admin-block-country
Installations
4,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-24007
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Hero Banner Ultimate plugin

Product image for Hero Banner Ultimate.
Plugin
Hero Banner Ultimate
Plugin Slug
hero-banner-ultimate
Installations
2,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-45818
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Theme Tweaker plugin

Product image for Theme Tweaker.
Plugin
Theme Tweaker
Plugin Slug
theme-tweaker-lite
Installations
2,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23713
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin

Product image for Booking Ultra Pro Appointments Booking Calendar Plugin.
Plugin
Booking Ultra Pro Appointments Booking Calendar Plugin
Plugin Slug
booking-ultra-pro
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-46816
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Easy Google Analytics for WordPress plugin

Plugin
Easy Google Analytics for WordPress
Plugin Slug
easy-google-analytics-for-wordpress
Installations
1,000+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23887
The vulnerability has not been patched. You should deactivate the plugin.

WordPress GMAce plugin

Plugin
GMAce
Plugin Slug
gmace
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23861
The vulnerability has not been patched. You should deactivate the plugin.

WordPress GMAce plugin

Plugin
GMAce
Plugin Slug
gmace
Installations
1,000+
Vulnerability
Arbitrary File Download
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23872
The vulnerability has not been patched. You should deactivate the plugin.

WordPress JS Job Manager plugin

Product image for JS Job Manager.
Plugin
JS Job Manager
Plugin Slug
js-jobs
Installations
1,000+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25963
The vulnerability has not been patched. You should deactivate the plugin.

WordPress phpinfo() WP plugin

Product image for phpinfo() WP.
Plugin
phpinfo() WP
Plugin Slug
phpinfo-wp
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26542
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Google Tag Manager plugin

Product image for WP Google Tag Manager.
Plugin
WP Google Tag Manager
Plugin Slug
wp-google-tag-manager
Installations
1,000+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-22693
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Bing Site Verification plugin using Meta Tag plugin

Plugin
Bing Site Verification plugin using Meta Tag
Plugin Slug
bing-site-verification-using-meta-tag
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23875
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WordPress Custom Settings plugin

Product image for WordPress Custom Settings.
Plugin
WordPress Custom Settings
Plugin Slug
custom-settings
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23806
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Exquisite PayPal Donation plugin

Product image for Exquisite PayPal Donation.
Plugin
Exquisite PayPal Donation
Plugin Slug
exquisite-paypal-donation
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23785
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sitemap Index plugin

Plugin
Sitemap Index
Plugin Slug
sitemap-index
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23816
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Sponsors Carousel plugin

Product image for Sponsors Carousel.
Plugin
Sponsors Carousel
Plugin Slug
sponsors-carousel
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23808
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Stock market charts from finviz plugin

Product image for Stock market charts from finviz.
Plugin
Stock market charts from finviz
Plugin Slug
stock-market-charts-from-finviz
Installations
900+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23809
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP-RecentComments plugin

Plugin
WP-RecentComments
Plugin Slug
wp-recentcomments
Installations
900+
Vulnerability
Sensitive Data Exposure
Patched in Version
No Fix
Severity Score
Medium
The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP-RecentComments plugin

Plugin
WP-RecentComments
Plugin Slug
wp-recentcomments
Installations
900+
Vulnerability
Broken Access Control
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23886
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Circles Gallery plugin

Product image for Circles Gallery.
Plugin
Circles Gallery
Plugin Slug
circles-gallery
Installations
800+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-23881
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Upload Resume plugin

Product image for Upload Resume.
Plugin
Upload Resume
Plugin Slug
resume-upload-form
Installations
600+
Vulnerability
Sensitive Data Exposure
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25965
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Educare – Students & Result Management System plugin

Product image for Educare – Students & Result Management System.
Plugin
Educare – Students & Result Management System
Plugin Slug
educare
Installations
300+
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25971
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Login Page plugin

Plugin
Custom Login Page
Plugin Slug
wp-custom-login-page
Installations
100+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26012
The vulnerability has not been patched. You should deactivate the plugin.

WordPress asMember plugin

Plugin
asMember
Plugin Slug
asmember
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26541
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Chat Bee plugin

Plugin
Chat Bee
Plugin Slug
chat-bee
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26538
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Simple Portfolio Gallery plugin

Plugin
Simple Portfolio Gallery
Plugin Slug
simple-portfolio-gallery
Installations
10+
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-26016
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Conditional Checkout Fields for WooCommerce plugin

Plugin
Conditional Checkout Fields for WooCommerce
Plugin Slug
conditional-checkout-fields-for-woocommerce
Vulnerability
Broken Authentication
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-45070
The vulnerability has not been patched. You should deactivate the plugin.

WordPress CPT – Speakers plugin

Plugin
CPT – Speakers
Plugin Slug
cpt-speakers
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25977
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress PayGreen plugin

Plugin
PayGreen
Plugin Slug
paygreen-woocommerce
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2023-25986
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Social Login WP plugin

Plugin
Social Login WP
Plugin Slug
social-login-wp
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-38063
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Zendrop – Global Dropshipping plugin

Plugin
Zendrop – Global Dropshipping
Plugin Slug
zendrop-dropshipping-and-fulfillment
Vulnerability
SQL Injection
Patched in Version
No Fix
Severity Score
Critical
CVE
2023-25960
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Zendrop – Global Dropshipping plugin

Plugin
Zendrop – Global Dropshipping
Plugin Slug
zendrop-dropshipping-and-fulfillment
Vulnerability
Arbitrary File Upload
Patched in Version
No Fix
Severity Score
Critical
CVE
2023-25970
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.

WordPress OceanWP theme

Product image for OceanWP.
Theme
OceanWP
Theme Slug
oceanwp
Downloads
5,960,838
Vulnerability
Authenticated Local File Inclusion
Patched in Version
3.4.2
Severity Score
High
CVE
2023-23700
The vulnerability has been patched, so you should update to version 3.4.2.

WordPress darcie theme

Product image for Darcie.
Theme
Darcie
Theme Slug
darcie
Downloads
14,649
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
1.1.6
Severity Score
High
CVE
2023-25961
The vulnerability has been patched, so you should update to version 1.1.6.

WordPress Houzez theme

Theme
Houzez
Theme Slug
houzez
Vulnerability
Privilege Escalation
Patched in Version
2.7.2
Severity Score
Critical
CVE
2023-26540
The vulnerability has been patched, so you should update to version 2.7.2.

WordPress Real Estate 7 theme

Theme
Real Estate 7
Theme Slug
realestate-7
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
3.3.2
Severity Score
High
CVE
2022-47146
The vulnerability has been patched, so you should update to version 3.3.2.

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.

Scans Your Website Twice a Day for Vulnerabilities

Your website’s plugins, themes, and WordPress core versions are checked against the Patchstack Vulnerability Database for the latest vulnerability disclosures.

Automatically Updates if a Security Fix is Available

Paired with Version Management, iThemes Security will automatically update a plugin, theme, or WordPress core version if it has a vulnerability.

Emails You a Warning if Site Scan Detects a Vulnerability

You can receive an email report if your site is running vulnerable versions of a plugin, theme, or WordPress core. Customize the email addresses that receive scan results.

iThemes Security Pro

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress currently powers over 40% of all websites, so it has become a popular target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.

Buy iThemes Security Pro


iThemes Team
iThemes Editorial Team

Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
A computer riddled with security issue alerts. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – February 22, 2023
botnets
Botnets: What are They and How do They Operate
wordpress vulnerability report - security
WordPress Vulnerability Report – February 15, 2023
WordPress Security Recommendations
Top 10 WordPress Security Recommendations

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.
No spam. Unsubscribe anytime.