Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

WordPress Vulnerability Report – November 23, 2022

Written by iThemes Editorial Team on November 23, 2022

Last Updated on November 23, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of low, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Contents of the November 23, 2022 Report
  • The Future of Authentication is Passkeys! Login to your WordPress site with Biometrics only available in iThemes Security Pro
  • WordPress Core News
    • WordPress Core Dropping Support for WordPress Versions 3.7. – 4.0
  • WordPress Plugin Vulnerabilities
    • All-In-One Security
    • SVG Support
    • WordPress Popular Posts
    • Plugin for Google Reviews
    • Icegram Express
    • Crowdsignal Dashboard
    • Livemesh Addons for Elementor
    • Booster for WooCommerce
    • User Registration
    • Permalink Manager Lite
    • Dokan
    • Easy Video Player
    • Jetpack CRM
    • wpForo Forum
    • Ezoic
    • Welcart e-Commerce
    • StopBadBots
    • Directorist
    • Videojs HTML5 Player
    • Motors
    • Booking Calendar
    • News Announcement Scroll
    • WP Stripe Checkout
    • Export Users With Meta
    • Flowplayer Video Player
    • Car Dealer
    • Checkout for PayPal
    • Anthologize
    • Chameleon
    • Responsive Lightbox2
    • Easy Form Builder
    • Booster Elite for WooCommerce
    • Booster Plus for WooCommerce
    • Cooked Pro
    • SMSA Shipping for WooCommerce
    • AntiHacker
    • WooCommerce Shipping – DPD baltic
    • WP Memory
    • WPTools
  • WordPress Plugin Vulnerabilities – No Known Fix
    • Ultimate Tables
    • WooSwipe WooCommerce Gallery
    • Shortcodes and extra features for Phlox theme
    • Essential Real Estate
    • Image Hover Effects
    • Flat PM
    • GetYourGuide Ticketing
    • ProfileGrid
    • Donation Button
    • Helloprint
    • Buddybadges
    • iFeature Slider
  • WordPress Theme Vulnerabilities
    • Listingo
    • Betheme
  • The Best WordPress Security Plugin to Secure & Protect WordPress Sites

The Future of Authentication is Passkeys! Login to your WordPress site with Biometrics only available in iThemes Security Pro

The problems of brute force attacks through credential stuffing, phishing attacks, and reused passwords have made our digital lives less secure. We’ve all tried to encourage 2-factor authentication as a protection, but less than 30% of users actually use 2FA. Password-based logins are a problem.

The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

Learn More About Passkeys

WordPress Core News

WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.0.1 as soon as possible! As always, with a major release like this, it makes sense to ensure your site is backed up with BackupBuddy before updating.

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress Core Dropping Support for WordPress Versions 3.7. – 4.0

In more WordPress core security news, the WordPress Security Team will no longer provide security updates for WordPress core versions 3.7 – 4.0. Please make sure all your WordPress sites are running the latest version.

Dropping security updates for WordPress versions 3.7 through 4.0
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
Subscribe now

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

All-In-One Security

Product image for All-In-One Security (AIOS) – Security and Firewall.
Plugin
All-In-One Security (AIOS) – Security and Firewall
Plugin Slug
all-in-one-wp-security-and-firewall
Installations
1,000,000+
Vulnerability
IP Spoofing; Bulk Actions via CSRF
Patched in Version
5.1.1
Severity Score
Medium
CVE
2022-44737
The vulnerability has been patched, so you should update to version 5.1.1.

SVG Support

Product image for SVG Support.
Plugin
SVG Support
Plugin Slug
svg-support
Installations
1,000,000+
Vulnerability
Author+ Stored XSS
Patched in Version
2.5.2
Severity Score
Medium
CVE
2022-4022
The vulnerability has been patched, so you should update to version 2.5.2.

WordPress Popular Posts

Product image for WordPress Popular Posts.
Plugin
WordPress Popular Posts
Plugin Slug
wordpress-popular-posts
Installations
200,000+
Vulnerability
Unauthenticated Views Manipulation
Patched in Version
6.1.0
Severity Score
Medium
CVE
2022-43468
The vulnerability has been patched, so you should update to version 6.1.0.

Plugin for Google Reviews

Product image for Plugin for Google Reviews.
Plugin
Plugin for Google Reviews
Plugin Slug
widget-google-reviews
Installations
100,000+
Vulnerability
Subscriber+ Widget Creation
Patched in Version
2.2.3
Severity Score
Medium
CVE
2022-45369
The vulnerability has been patched, so you should update to version 2.2.3.

Icegram Express

Product image for Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin.
Plugin
Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin
Plugin Slug
email-subscribers
Installations
100,000+
Vulnerability
Subscriber+ SQLi
Patched in Version
5.5.0
Severity Score
High
CVE
2022-3981
The vulnerability has been patched, so you should update to version 5.5.0.

Crowdsignal Dashboard

Product image for Crowdsignal Dashboard – Polls, Surveys & more.
Plugin
Crowdsignal Dashboard – Polls, Surveys & more
Plugin Slug
polldaddy
Installations
90,000+
Vulnerability
Contributor+ Rating Settings Update
Patched in Version
3.0.10
Severity Score
Medium
CVE
2022-45069
The vulnerability has been patched, so you should update to version 3.0.10.

Livemesh Addons for Elementor

Product image for Livemesh Addons for Elementor.
Plugin
Livemesh Addons for Elementor
Plugin Slug
addons-for-elementor
Installations
90,000+
Vulnerability
Admin+ Stored XSS
Patched in Version
7.2.4
Severity Score
Low
CVE
2022-3862
The vulnerability has been patched, so you should update to version 7.2.4.

Booster for WooCommerce

Product image for Booster for WooCommerce.
Plugin
Booster for WooCommerce
Plugin Slug
woocommerce-jetpack
Installations
70,000+
Vulnerability
Custom Role Creation/Deletion via CSRF
Patched in Version
5.6.7
Severity Score
Medium
CVE
2022-4016
The vulnerability has been patched, so you should update to version 5.6.7.

User Registration

Product image for User Registration – Custom Registration Form, Login Form And User Profile For WordPress.
Plugin
User Registration – Custom Registration Form, Login Form And User Profile For WordPress
Plugin Slug
user-registration
Installations
60,000+
Vulnerability
Subscriber+ Arbitrary File Upload
Patched in Version
2.2.4.1
Severity Score
Critical
CVE
2022-3912
The vulnerability has been patched, so you should update to version 2.2.4.1.

Permalink Manager Lite

Product image for Permalink Manager Lite.
Plugin
Permalink Manager Lite
Plugin Slug
permalink-manager
Installations
60,000+
Vulnerability
Settings Update via CSRF
Patched in Version
2.2.20.2
Severity Score
Medium
CVE
2022-4021
The vulnerability has been patched, so you should update to version 2.2.20.2.

Dokan

Product image for Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.
Plugin
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy
Plugin Slug
dokan-lite
Installations
60,000+
Vulnerability
Unauthenticated SQLi
Patched in Version
3.7.6
Severity Score
High
CVE
2022-3915
The vulnerability has been patched, so you should update to version 3.7.6.

Easy Video Player

Product image for Easy Video Player.
Plugin
Easy Video Player
Plugin Slug
easy-video-player
Installations
40,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.2.2.3
Severity Score
Medium
CVE
2022-3937
The vulnerability has been patched, so you should update to version 1.2.2.3.

Jetpack CRM

Product image for Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation.
Plugin
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
Plugin Slug
zero-bs-crm
Installations
30,000+
Vulnerability
Admin+ Cross-Site Scripting
Patched in Version
5.4.3
Severity Score
Low
CVE
2022-3919
The vulnerability has been patched, so you should update to version 5.4.3.

wpForo Forum

Product image for wpForo Forum.
Plugin
wpForo Forum
Plugin Slug
wpforo
Installations
20,000+
Vulnerability
Arbitrary User Deletion via CSRF
Patched in Version
2.1.0
Severity Score
High
CVE
2022-40192
The vulnerability has been patched, so you should update to version 2.1.0.

Ezoic

Product image for Ezoic.
Plugin
Ezoic
Plugin Slug
ezoic-integration
Installations
20,000+
Vulnerability
Admin+ Stored XSS; Unauthenticated Settings Update to Stored XSS
Patched in Version
2.8.9
Severity Score
Low
CVE
2022-41315
The vulnerability has been patched, so you should update to version 2.8.9.

Welcart e-Commerce

Product image for Welcart e-Commerce.
Plugin
Welcart e-Commerce
Plugin Slug
usc-e-shop
Installations
20,000+
Vulnerability
Multiple Subscriber+ Stored Cross-Site Scripting; Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
Patched in Version
2.8.4
Severity Score
Medium
CVE
2022-3935
The vulnerability has been patched, so you should update to version 2.8.4.

StopBadBots

Product image for Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection.
Plugin
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection
Plugin Slug
stopbadbots
Installations
10,000+
Vulnerability
Subscriber+ Arbitrary Plugin Installation
Patched in Version
7.24
Severity Score
High
CVE
2022-3883
The vulnerability has been patched, so you should update to version 7.24.

Directorist

Product image for Directorist – WordPress Business Directory Plugin with Classified Ads Listings.
Plugin
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Plugin Slug
directorist
Installations
10,000+
Vulnerability
Subscriber+ Arbitrary User Password Update via IDOR
Patched in Version
7.4.2.2
Severity Score
High
CVE
2022-3930
The vulnerability has been patched, so you should update to version 7.4.2.2.

Videojs HTML5 Player

Product image for Videojs HTML5 Player.
Plugin
Videojs HTML5 Player
Plugin Slug
videojs-html5-player
Installations
10,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.1.9
Severity Score
Medium
CVE
2022-3985
The vulnerability has been patched, so you should update to version 1.1.9.

Motors

Product image for Motors – Car Dealer, Classifieds & Listing.
Plugin
Motors – Car Dealer, Classifieds & Listing
Plugin Slug
motors-car-dealership-classified-listings
Installations
9,000+
Vulnerability
Arbitrary File Upload
Patched in Version
1.4.4
Severity Score
Critical
CVE
2022-3989
The vulnerability has been patched, so you should update to version 1.4.4.

Booking Calendar

Product image for Booking calendar, Appointment Booking System.
Plugin
Booking calendar, Appointment Booking System
Plugin Slug
booking-calendar
Installations
5,000+
Vulnerability
Unauthenticated Arbitrary File Upload
Patched in Version
3.2.2
Severity Score
Critical
CVE
2022-3982
The vulnerability has been patched, so you should update to version 3.2.2.

News Announcement Scroll

Product image for News Announcement Scroll.
Plugin
News Announcement Scroll
Plugin Slug
news-announcement-scroll
Installations
5,000+
Vulnerability
Admin+ Stored XSS
Patched in Version
9.0.0
Severity Score
Low
CVE
2022-40694
The vulnerability has been patched, so you should update to version 9.0.0.

WP Stripe Checkout

Product image for WP Stripe Checkout.
Plugin
WP Stripe Checkout
Plugin Slug
wp-stripe-checkout
Installations
4,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.2.2.21
Severity Score
Medium
CVE
2022-3986
The vulnerability has been patched, so you should update to version 1.2.2.21.

Export Users With Meta

Plugin
Export Users With Meta
Plugin Slug
user-export-with-their-meta-data
Installations
3,000+
Vulnerability
Subscriber+ CSV Injection
Patched in Version
0.6.10
Severity Score
Low
CVE
2022-44577
The vulnerability has been patched, so you should update to version 0.6.10.

Flowplayer Video Player

Product image for Flowplayer Video Player.
Plugin
Flowplayer Video Player
Plugin Slug
flowplayer6-video-player
Installations
2,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.0.5
Severity Score
Medium
CVE
2022-3984
The vulnerability has been patched, so you should update to version 1.0.5.

Car Dealer

Product image for Car Dealer (Dealership) and Vehicle sales WordPress Plugin.
Plugin
Car Dealer (Dealership) and Vehicle sales WordPress Plugin
Plugin Slug
cardealer
Installations
1,000+
Vulnerability
Subscriber+ Arbitrary Plugin Installation
Patched in Version
3.05
Severity Score
High
CVE
2022-3879
The vulnerability has been patched, so you should update to version 3.05.

Checkout for PayPal

Product image for Checkout for PayPal.
Plugin
Checkout for PayPal
Plugin Slug
checkout-for-paypal
Installations
1,000+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.0.14
Severity Score
Medium
CVE
2022-3983
The vulnerability has been patched, so you should update to version 1.0.14.

Anthologize

Plugin
Anthologize
Plugin Slug
anthologize
Installations
900+
Vulnerability
Admin+ Stored XSS
Patched in Version
0.8.1
Severity Score
Low
CVE
2022-44591
The vulnerability has been patched, so you should update to version 0.8.1.

Chameleon

Product image for Chameleon.
Plugin
Chameleon
Plugin Slug
chameleon
Installations
500+
Vulnerability
Admin+ Stored XSS
Patched in Version
1.4.4
Severity Score
Low
CVE
2022-44736
The vulnerability has been patched, so you should update to version 1.4.4.

Responsive Lightbox2

Product image for Responsive Lightbox2.
Plugin
Responsive Lightbox2
Plugin Slug
responsive-lightbox2
Installations
400+
Vulnerability
Contributor+ Stored XSS
Patched in Version
1.0.4
Severity Score
Medium
CVE
2022-3987
The vulnerability has been patched, so you should update to version 1.0.4.

Easy Form Builder

Product image for Easy Form Builder.
Plugin
Easy Form Builder
Plugin Slug
easy-form-builder
Installations
300+
Vulnerability
Admin+ Stored XSS
Patched in Version
3.4.0
Severity Score
Low
CVE
2022-3906
The vulnerability has been patched, so you should update to version 3.4.0.

Booster Elite for WooCommerce

Plugin
Booster Elite for WooCommerce
Plugin Slug
booster-elite-for-woocommerce
Vulnerability
Custom Role Creation/Deletion via CSRF
Patched in Version
1.1.8
Severity Score
Medium
CVE
2022-4016
The vulnerability has been patched, so you should update to version 1.1.8.

Booster Plus for WooCommerce

Plugin
Booster Plus for WooCommerce
Plugin Slug
booster-plus-for-woocommerce
Vulnerability
Custom Role Creation/Deletion via CSRF
Patched in Version
5.6.6
Severity Score
Medium
CVE
2022-4016
The vulnerability has been patched, so you should update to version 5.6.6.

Cooked Pro

Plugin
Cooked Pro
Plugin Slug
cooked-pro
Vulnerability
Unauthenticated PHP Object Injection
Patched in Version
1.7.5.7
Severity Score
High
CVE
2022-3900
The vulnerability has been patched, so you should update to version 1.7.5.7.

SMSA Shipping for WooCommerce

Plugin
SMSA Shipping for WooCommerce
Plugin Slug
smsa-shipping-for-woocommerce
Vulnerability
Subscriber+ Arbitrary File Download
Patched in Version
1.0.5
Severity Score
High
CVE
2022-4107
The vulnerability has been patched, so you should update to version 1.0.5.

AntiHacker

Plugin
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
Plugin Slug
antihacker
Vulnerability
Subscriber+ Arbitrary Plugin Installation
Patched in Version
4.20
Severity Score
High
CVE
2022-3880
The vulnerability has been patched, so you should update to version 4.20.

WooCommerce Shipping – DPD baltic

Plugin
WooCommerce Shipping – DPD baltic
Plugin Slug
woo-shipping-dpd-baltic
Vulnerability
Admin+ Stored XSS; Subscriber+ Arbitrary Options Deletion
Patched in Version
1.2.11
Severity Score
Medium
CVE
2022-4000
The vulnerability has been patched, so you should update to version 1.2.11.

WP Memory

Plugin
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin
Plugin Slug
wp-memory
Vulnerability
Subscriber+ Arbitrary Plugin Installation
Patched in Version
2.46
Severity Score
High
CVE
2022-3882
The vulnerability has been patched, so you should update to version 2.46.

WPTools

Plugin
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log
Plugin Slug
wptools
Vulnerability
Subscriber+ Arbitrary Plugin Installation
Patched in Version
3.43
Severity Score
High
CVE
2022-3881
The vulnerability has been patched, so you should update to version 3.43.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin.

Ultimate Tables

Plugin
ULTIMATE TABLES
Plugin Slug
ultimate-tables
Vulnerability
Reflected Cross-Site Scripting
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-36357
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WooSwipe WooCommerce Gallery

Plugin
WooSwipe WooCommerce Gallery
Plugin Slug
wooswipe
Vulnerability
Subscriber+ Settings Update
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-45066
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Shortcodes and extra features for Phlox theme

Plugin
Shortcodes and extra features for Phlox theme
Plugin Slug
auxin-elements
Vulnerability
PHP Objection Injection
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-3359
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Essential Real Estate

Plugin
Essential Real Estate
Plugin Slug
essential-real-estate
Vulnerability
Reflected Cross-Site-Scripting
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-3933
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Image Hover Effects

Plugin
Image Hover Effects – WordPress Plugin
Plugin Slug
image-hover-effects
Vulnerability
Admin+ Stored XSS
Patched in Version
No Fix
Severity Score
Low
CVE
2022-4010
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Flat PM

Plugin
Flat PM
Plugin Slug
flatpm-wp
Vulnerability
Reflected Cross-Site Scripting
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-3934
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

GetYourGuide Ticketing

Plugin
GetYourGuide Ticketing
Plugin Slug
getyourguide-ticketing
Vulnerability
Admin+ Stored XSS
Patched in Version
No Fix
Severity Score
Low
CVE
2022-3609
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

ProfileGrid

Plugin
ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug
profilegrid-user-profiles-groups-and-communities
Vulnerability
Subscriber+ CSV Injection
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-41791
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Donation Button

Plugin
Donation Button
Plugin Slug
donation-button
Vulnerability
Contributor+ Stored XSS; Subscriber+ Broken Access Control leading to SMS Spam
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-4005
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Helloprint

Plugin
Plug your WooCommerce into the largest catalog of customized print products from Helloprint
Plugin Slug
helloprint
Vulnerability
Reflected Cross-Site Scripting
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-3908
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Buddybadges

Plugin
buddybadges
Plugin Slug
buddybadges
Vulnerability
Admin+ SQLi
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-3925
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

iFeature Slider

Plugin
iFeature Slider
Plugin Slug
ifeature-slider
Vulnerability
Contributor+ Stored XSS
Patched in Version
No Fix
Severity Score
Medium
CVE
2022-45375
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

Listingo

Theme
Listingo
Theme Slug
listingo
Vulnerability
Unauthenticated Arbitrary File Upload
Patched in Version
3.2.7
Severity Score
Critical
CVE
2022-3921
The vulnerability has been patched, so you should update to version 3.2.7.

Betheme

Theme
Betheme
Theme Slug
betheme
Vulnerability
Contributor+ PHP Object Injection; Subscriber+ PHP Object Injection; Subscriber+ Stored XSS
Patched in Version
26.6.3
Severity Score
Medium
CVE
2022-3861
The vulnerability has been patched, so you should update to version 26.6.3.

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, lots of new WordPress plugin and theme vulnerabilities are disclosed each week. We know it can be difficult to stay on top of every reported vulnerability disclosure, so the iThemes Security Pro plugin makes it easy to make sure your site isn’t running a theme, plugin, or WordPress core version with a known vulnerability.

Scans Your Website Twice a Day for Vulnerabilities

Your website’s plugins, themes, and WordPress core versions are checked against the WPScan Vulnerability Database for the latest vulnerability disclosures.

Automatically Updates if a Security Fix is Available

Paired with Version Management, iThemes Security will automatically update a plugin, theme, or WordPress core version if it has a vulnerability.

Emails You if Site Scan Detects a Vulnerability

You can receive an email report if your site is running vulnerable versions of a plugin, theme, or WordPress core. Customize the email addresses that receive scan results.

The Best WordPress Security Plugin to Secure & Protect WordPress Sites

WordPress currently powers over 40% of all websites, so it has become an easy target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.

Buy iThemes Security Pro


iThemes Team
iThemes Editorial Team

Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
A computer riddled with security issue alerts. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – February 22, 2023
botnets
Botnets: What are They and How do They Operate
wordpress vulnerability report - security
WordPress Vulnerability Report – February 15, 2023
WordPress Security Recommendations
Top 10 WordPress Security Recommendations

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.
No spam. Unsubscribe anytime.