WordPress Vulnerability Report – March 29, 2023
This week, the total patched and unpatched vulnerabilities may impact well over 8 million WordPress sites. There are 58 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 25 plugin vulnerabilities and 1 theme vulnerability with no patch available yet.
This week, the total patched and unpatched vulnerabilities may impact well over 8 million WordPress sites. There are 58 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 25 plugin vulnerabilities and 1 theme vulnerability with no patch available yet. If you use any of these unpatched plugins or themes, check their vendors’ intentions and progress on a security release. If no patch is forthcoming or a vulnerable plugin or theme has been “closed” (dropped from the WordPress.org repository), you should consider deactivating it in favor of alternative solutions. The release of WordPress 6.2 is due today; more details follow below.
WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins that have not been updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new WordPress plugin, theme, and core vulnerabilities that have emerged since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you are using vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
WordPress Core News
WordPress 6.1.1 is the current (short-cycle maintenance) release of WordPress core. It is a minor release issued on November 15, 2022. It features 29 bug fixes in Core and 21 bug fixes for the Gutenberg block editor. You can review a summary of the key updates in this release at WordPress.org.
If your WordPress sites have enabled automatic background updates, they should have upgraded to 6.1.1 automatically. You can download WordPress 6.1.1 from WordPress.org, or visit your WordPress Dashboard, click “Updates,” and then click the “Update Now” button, which will appear when any core updates are available. For more information, check out the version 6.1.1 HelpHub documentation page.
WordPress 6.2 is the next major WordPress release, and it’s on track for a March 29, 2023 debut — that’s today — after a brief, one-day delay. As of this writing, 6.2 has not been released yet, but when it is, you may wish to update after testing the new release. The current 6.1 stable release is secure and fully supported. New major releases are usually followed by a maintenance update period when bugs are hunted down, so test your existing site in a staging environment carefully if you are adopting 6.2.
You can learn more about what’s coming in the WordPress 6.2 RC1 release announcement and the WordPress 6.2 Field Guide, as well as our post on the upcoming features for WordPress 6.2.
Get SolidWP tips direct in your inbox
Sign up
Get started with confidence — risk free, guaranteed
WordPress Plugin Vulnerabilities with Patches
In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!
These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.
WordPress LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations:
- 4,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.1
- Severity Score:
- Medium
- CVE:
- 2022-46800
WordPress IThemes Security
- Plugin:
- iThemes Security
- Plugin Slug:
- better-wp-security
- Installations:
- 1,000,000+
- Vulnerability:
- Open Redirection via Host header
- Patched in Version:
- 8.1.5
- Severity Score:
- Low
- CVE:
- 2023-28786
WordPress Save SVG
- Plugin:
- Safe SVG
- Plugin Slug:
- safe-svg
- Installations:
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2023-28426
WordPress WP Statistics
- Plugin:
- WP Statistics
- Plugin Slug:
- wp-statistics
- Installations:
- 600,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.2.11
- Severity Score:
- High
- CVE:
- 2023-0955
WordPress WooCommerce Payments
- Plugin Slug:
- woocommerce-payments
- Installations:
- 500,000+
- Vulnerability:
- Unauthenticated Privilege Escalation
- Patched in Version:
- 5.6.2
- Severity Score:
- Critical
WordPress Newsletter plugin
- Plugin Slug:
- newsletter
- Installations:
- 300,000+
- Vulnerability:
- Reflected Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.9
- Severity Score:
- High
WordPress FileBird
- Plugin Slug:
- filebird
- Installations:
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.5
- Severity Score:
- Medium
- CVE:
- 2023-25966
WordPress GiveWP
- Plugin Slug:
- give
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.25.3
- Severity Score:
- Medium
WordPress OoohBoi Steroids for Elementor
- Plugin Slug:
- ooohboi-steroids-for-elementor
- Installations:
- 60,000+
- Vulnerability:
- Subscriber+ Attachment Deletion
- Patched in Version:
- 2.1.5
- Severity Score:
- High
- CVE:
- 2023-0336
WordPress Simple Author Box
- Plugin:
- Simple Author Box
- Plugin Slug:
- simple-author-box
- Installations:
- 60,000+
- Vulnerability:
- Cross-Site Request Forgery via save_user_profile
- Patched in Version:
- 2.51
- Severity Score:
- Medium
WordPress Advanced Shipment Tracking for WooCommerce
- Plugin Slug:
- woo-advanced-shipment-tracking
- Installations:
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.5.3
- Severity Score:
- Medium
- CVE:
- 2022-41635
WordPress Maps Widget for Google Maps
- Plugin:
- Maps Widget for Google Maps
- Plugin Slug:
- google-maps-widget
- Installations:
- 50,000+
- Vulnerability:
- Cross-Site Request Forgery via dismiss_notice
- Patched in Version:
- 4.24
- Severity Score:
- Medium
WordPress Popup Anything
- Plugin Slug:
- popup-anything-on-click
- Installations:
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2022-38077
WordPress Visibility Logic for Elementor
- Plugin Slug:
- visibility-logic-elementor
- Installations:
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress Gallery by BestWebSoft
- Plugin Slug:
- gallery-plugin
- Installations:
- 20,000+
- Vulnerability:
- Authenticated (Administrator+) Stored Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
WordPress HT Contact Form 7
- Plugin Slug:
- ht-contactform
- Installations:
- 10,000+
- Vulnerability:
- Arbitrary Plugin Activation via CSRF
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2023-0484
WordPress Advanced Page Visit Counter
- Plugin Slug:
- advanced-page-visit-counter
- Installations:
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4.2.1
- Severity Score:
- High
- CVE:
- 2023-28788
WordPress NEX-Forms
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations:
- 10,000+
- Vulnerability:
- Contributor+ Stored XSS
- Patched in Version:
- 8.3.3
- Severity Score:
- Medium
- CVE:
- 2023-0272
WordPress TH Advance Product Search
- Plugin Slug:
- th-advance-product-search
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2023-25969
WordPress WP Dark Mode
- Plugin Slug:
- wp-dark-mode
- Installations:
- 10,000+
- Vulnerability:
- Subscriber+ Local File Inclusion
- Patched in Version:
- 4.0.8
- Severity Score:
- High
- CVE:
- 2023-0467
WordPress TH Side Cart and Menu Cart for Woocommerce
- Plugin Slug:
- th-all-in-one-woo-cart
- Installations:
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2023-25969
WordPress Pagination by BestWebSoft
- Plugin Slug:
- pagination
- Installations:
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2023-28778
WordPress TH Variation Swatches
- Plugin Slug:
- th-variation-swatches
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2023-28688
WordPress Advanced Local Pickup for WooCommerce
- Plugin Slug:
- advanced-local-pickup-for-woocommerce
- Installations:
- 4,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2022-40702
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations:
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.14
- Severity Score:
- Medium
- CVE:
- 2022-46812
WordPress GS Pins for Pinterest
- Plugin Slug:
- gs-pinterest-portfolio
- Installations:
- 3,000+
- Vulnerability:
- Stored (Contributor+) Cross-Site Scripting via Shortcode
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
WordPress Quick Paypal Payments
- Plugin:
- Quick Paypal Payments
- Plugin Slug:
- quick-paypal-payments
- Installations:
- 3,000+
- Vulnerability:
- Authenticated (Administrator+) Stored Cross-Site Scripting
- Patched in Version:
- 5.7.26.4
- Severity Score:
- Medium
WordPress ARMember
- Plugin Slug:
- armember-membership
- Installations:
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.0
- Severity Score:
- High
- CVE:
- 2022-46808
WordPress Continuous Image Carousel With Lightbox
- Plugin Slug:
- continuous-image-carousel-with-lightbox
- Installations:
- 2,000+
- Vulnerability:
- Reflected Cross-Site Scripting (XSS)
- Patched in Version:
- 1.0.16
- Severity Score:
- High
- CVE:
- 2023-28776
WordPress Continuous Image Carousel With Lightbox
- Plugin Slug:
- continuous-image-carousel-with-lightbox
- Installations:
- 2,000+
- Vulnerability:
- Reflected Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.16
- Severity Score:
- High
- CVE:
- 2023-28792
WordPress Albo Pretorio On line
- Plugin:
- Albo Pretorio On line
- Plugin Slug:
- albo-pretorio-on-line
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.1
- Severity Score:
- High
- CVE:
- 2023-28750
WordPress CBX Currency Converter
- Plugin:
- CBX Currency Converter
- Plugin Slug:
- cbcurrencyconverter
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.4
- Severity Score:
- Medium
- CVE:
- 2023-28747
WordPress Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Installations:
- 1,000+
- Vulnerability:
- Reflected Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
- 2023-28789
WordPress Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Installations:
- 1,000+
- Vulnerability:
- Unauth. Stored Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
- 2023-28781
WordPress Contest Gallery
- Plugin Slug:
- contest-gallery
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.1.2.1
- Severity Score:
- High
- CVE:
- 2023-28784
WordPress Stock Sync for WooCommerce
- Plugin:
- Stock Sync for WooCommerce
- Plugin Slug:
- stock-sync-for-woocommerce
- Installations:
- 1,000+
- Vulnerability:
- Broken Access Control + CSRF
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2022-46807
WordPress HT Politic
- Plugin Slug:
- wp-politic
- Installations:
- 600+
- Vulnerability:
- Arbitrary Plugin Activation via CSRF
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- CVE:
- 2023-0504
WordPress Free WooCommerce Theme 99fy Extension
- Plugin Slug:
- 99fy-core
- Installations:
- 500+
- Vulnerability:
- Arbitrary Plugin Activation via CSRF
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2023-0503
WordPress WP Film Studio
- Plugin Slug:
- wp-film-studio
- Installations:
- 500+
- Vulnerability:
- Arbitrary Plugin Activation via CSRF
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2023-0500
WordPress WP News
- Plugin Slug:
- wp-news-magazine
- Installations:
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2023-0502
WordPress QuickSwish
- Plugin Slug:
- quickswish
- Installations:
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2023-0499
WordPress WP Education
- Plugin Slug:
- wp-education
- Installations:
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2023-0498
WordPress HT Event
- Plugin Slug:
- ht-event
- Installations:
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.6
- Severity Score:
- Medium
- CVE:
- 2023-0496
WordPress WP Insurance
- Plugin Slug:
- wp-insurance
- Installations:
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2023-0501
WordPress Complianz – GDPR/CCPA Cookie Consent
- Plugin:
- Complianz Premium
- Plugin Slug:
- complianz-gdpr-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.2
- Severity Score:
- Medium
- CVE:
- 2023-1069
WordPress directory-pro
- Plugin:
- directory-pro
- Plugin Slug:
- directory-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.9.5
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress doctor-listing
- Plugin:
- doctor-listing
- Plugin Slug:
- doctor-listing
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.6
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.11.7
- Severity Score:
- High
WordPress final-user-wp-frontend-user-profiles
- Plugin Slug:
- final-user-wp-frontend-user-profiles
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.2
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress fitness-trainer
- Plugin:
- fitness-trainer
- Plugin Slug:
- fitness-trainer
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.4.1
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress hotel-listing
- Plugin:
- Hotel Listing
- Plugin Slug:
- hotel-listing
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.7
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress institutions-directory
- Plugin:
- institutions-directory
- Plugin Slug:
- institutions-directory
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress lawyer-directory
- Plugin:
- lawyer-directory
- Plugin Slug:
- lawyer-directory
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.9
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress OAuth Single Sign On – SSO (OAuth Client) Premium plugin
- Plugin Slug:
- miniorange-oauth-oidc-single-sign-on
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 48.4.9
- Severity Score:
- Medium
- CVE:
- 2023-1092
WordPress Slider, Gallery, and Carousel by MetaSlider
- Plugin:
- Meta Slider
- Plugin Slug:
- ml-slider1
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.29.1
- Severity Score:
- High
WordPress photographer-directory
- Plugin:
- photographer-directory
- Plugin Slug:
- photographer-directory
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.0.9
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress real-estate-pro
- Plugin:
- real-estate-pro
- Plugin Slug:
- real-estate-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2020-36666
WordPress WC Fields Factory
- Plugin:
- WC Fields Factory
- Plugin Slug:
- wc-fields-factory
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.1.6
- Severity Score:
- High
WordPress Plugin Vulnerabilities – No Known Fix
This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.
WordPress Product Feed PRO for WooCommerce
- Plugin Slug:
- woo-product-feed-pro
- Installations:
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-46793
WordPress If Menu – Visibility control for Menus
- Plugin Slug:
- if-menu
- Installations:
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-41698
WordPress Increase Maximum Upload File Size | Increase Execution Time
- Plugin Slug:
- wp-maximum-upload-file-size
- Installations:
- 40,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress WP Shamsi
- Plugin Slug:
- wp-shamsi
- Installations:
- 40,000+
- Vulnerability:
- Subscriber+ Attachment Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-0335
WordPress Fuse Social Floating Sidebar
- Plugin:
- Fuse Social Floating Sidebar
- Plugin Slug:
- fuse-social-floating-sidebar
- Installations:
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress eRoom plugin
- Plugin Slug:
- eroom-zoom-meetings-webinar
- Installations:
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-43472
WordPress Product Carousel Slider & Grid Ultimate for WooCommerce
- Plugin Slug:
- woo-product-carousel-slider-and-grid-ultimate
- Installations:
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress I Recommend This
- Plugin:
- I Recommend This
- Plugin Slug:
- i-recommend-this
- Installations:
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-28696
WordPress Worth The Read
- Plugin:
- Worth The Read
- Plugin Slug:
- worth-the-read
- Installations:
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress WP Content Pilot – Autoblogging & Affiliate Marketing Plugin
- Plugin Slug:
- wp-content-pilot
- Installations:
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress Owl Carousel
- Plugin:
- Owl Carousel
- Plugin Slug:
- owl-carousel
- Installations:
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-44578
WordPress Easy Media Replace
- Plugin:
- Easy Media Replace
- Plugin Slug:
- easy-media-replace
- Installations:
- 3,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-46850
WordPress Full Width Banner Slider Wp
- Plugin:
- Full Width Banner Slider Wp
- Plugin Slug:
- full-width-responsive-slider-wp
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-24392
WordPress GS Pins for Pinterest
- Plugin Slug:
- gs-pinterest-portfolio
- Installations:
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress amr users
- Plugin:
- amr users
- Plugin Slug:
- amr-users
- Installations:
- 2,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-45348
WordPress Wbcom Designs – BuddyPress Activity Social Share
- Plugin Slug:
- bp-activity-social-share
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-28694
WordPress LionScripts: IP Blocker Lite
- Plugin:
- LionScripts: IP Blocker Lite
- Plugin Slug:
- ip-address-blocker
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-23993
WordPress WooCommerce JazzCash Gateway Plugin
- Plugin Slug:
- jazzcash-woocommerce-gateway
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-46822
WordPress Review Stream
- Plugin:
- Review Stream
- Plugin Slug:
- review-stream
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-28774
WordPress Onepage Builder – Easiest Landing Page Builder For WordPress
- Plugin Slug:
- tx-onepager
- Installations:
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-47150
WordPress Schedulicity
- Plugin Slug:
- schedulicity-online-appointment-booking
- Installations:
- 500+
- Vulnerability:
- Contributor+ Stored XSS
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-0491
WordPress WP Image Carousel
- Plugin:
- WP Image Carousel
- Plugin Slug:
- wp-image-carousel
- Installations:
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-0589
WordPress Woocommerce Custom Checkout Fields Editor With Drag & Drop
- Plugin Slug:
- woo-custom-checkout-fields
- Installations:
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-46864
WordPress Export Users Data Distinct
- Plugin:
- Export Users Data Distinct
- Plugin Slug:
- export-users-data-distinct
- Installations:
- 10+
- Vulnerability:
- CSV Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2022-46804
WordPress Product Specifications for WooCommerce
- Plugin Slug:
- product-specifications
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-46858
WordPress Theme Vulnerabilities
In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you will need to find an alternative theme. Deactivate and delete persistently unpatched themes and those that have been “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, simply delete it.
WordPress Resoto
- Theme:
- Resoto
- Theme Slug:
- resoto
- Downloads:
- 18,877
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-28619
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed