(855)-537-2266 sales@kerbco.com

WordPress Vulnerability Report — December 6, 2023 Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user and have activated version management, any vulnerable plugins with security updates available may have had them applied automatically. Since our last report, 204 new plugin vulnerabilities and one in WordPress core have been publicly disclosed. Security patches for WordPress core and 124 Additionally, there are 80 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions. WordPress Core — Security Update! WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack. WordPress 6.4.1 was released on November 8, 2023, as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions. WordPress 6.4 was released on November 7, 2023, as the third major release of the year. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first. WordPress Plugins — 124 Patched / 80 Unpatched Nested Pages Plugin: Nested Pages Plugin Slug: wp-nested-pages Installations: 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49195 Aruba HiSpeed Cache Plugin: Aruba HiSpeed Cache Plugin Slug: aruba-hispeed-cache Installations: 90,000+ Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: Medium CVE: 2023-44983 Simple Calendar – Google Calendar Plugin Plugin Slug: google-calendar-events Installations: 60,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49151 Enhanced Text Widget Plugin: Enhanced Text Widget Plugin Slug: enhanced-text-widget Installations: 50,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49192 Grow Social Plugin: Grow Social Plugin Slug: social-pug Installations: 50,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49193 Site Offline Or Coming Soon Or Maintenance Mode Plugin Slug: site-offline Installations: 40,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49190 GoDaddy Email Marketing Plugin: GoDaddy Email Marketing Plugin Slug: godaddy-email-marketing-sign-up-forms Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49156 Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms Plugin: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms Plugin Slug: happyforms Installations: 30,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-48752 Restricted Site Access Plugin: Restricted Site Access Plugin Slug: restricted-site-access Installations: 20,000+ Vulnerability: Bypass Vulnerability Patched in Version: No Fix Severity Score: Medium CVE: 2023-48753 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce Plugin Slug: wp-event-manager Installations: 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49181 Elementor Timeline Widget Plugin: Elementor Timeline Widget Plugin Slug: 3r-elementor-timeline-widget Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49755 AppMySite – Create an app with the Best Mobile App Builder Plugin Slug: appmysite Installations: 10,000+ Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: Medium CVE: 2023-49762 Awesome Support – WordPress HelpDesk & Support Plugin Plugin Slug: awesome-support Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49757 Business Directory Plugin – Easy Listing Directories for WordPress Plugin Slug: business-directory-plugin Installations: 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-5803 Forms by CaptainForm – Form Builder for WordPress Plugin Slug: captainform Installations: 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49170 Coming soon and Maintenance mode Plugin Slug: coming-soon-page Installations: 10,000+ Vulnerability: Bypass Vulnerability Patched in Version: No Fix Severity Score: Low CVE: 2023-49741 Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin Slug: wc-quantity-plus-minus-button Installations: 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48768 Event Manager, Event Calendar, Event Tickets for WooCommerce – Eventin Plugin Slug: wp-event-solution Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49756 MkRapel Regiones y Ciudades de Chile para WC Plugin Slug: wc-ciudades-y-regiones-de-chile Installations: 8,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48781 SoundCloud Shortcode Plugin: SoundCloud Shortcode Plugin Slug: soundcloud-shortcode Installations: 7,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-34018 Button Generator – easily Button Builder Plugin Slug: button-generation Installations: 6,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49155 Button Generator – easily Button Builder Plugin Slug: button-generation Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49154 Ads by datafeedr.com Plugin: Ads by datafeedr.com Plugin Slug: ads-by-datafeedrcom Installations: 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49169 Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin Slug: affiliatebooster-blocks Installations: 5,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49148 Aparat Plugin: Aparat Plugin Slug: aparat Installations: 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48770 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… Plugin Slug: ladipage Installations: 5,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: High CVE: 2023-49158 Social Share Buttons & Analytics Plugin – GetSocial.io Plugin Slug: wp-share-buttons-analytics-by-getsocial Installations: 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49189 Client Dash Plugin: Client Dash Plugin Slug: client-dash Installations: 4,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49165 CommentLuv Plugin: CommentLuv Plugin Slug: commentluv Installations: 4,000+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: No Fix Severity Score: High CVE: 2023-49159 Campaign Monitor for WordPress Plugin Slug: forms-for-campaign-monitor Installations: 4,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-38474 Product Size Chart For WooCommerce Plugin Slug: product-size-chart-for-woo Installations: 4,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48778 which template file Plugin: which template file Plugin Slug: which-template-file Installations: 4,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49177 Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back Plugin: Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back Plugin Slug: chat-bubble Installations: 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48769 Database for CF7 Plugin: Database for CF7 Plugin Slug: database-for-cf7 Installations: 3,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49167 Formzu WP Plugin: Formzu WP Plugin Slug: formzu-wp Installations: 3,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49160 Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin Slug: woo-add-to-cart-text-change Installations: 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49153 WooCommerce Login Redirect Plugin: WooCommerce Login Redirect Plugin Slug: woo-login-redirect Installations: 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48773 Crypto Converter ? Widget Plugin: Crypto Converter ? Widget Plugin Slug: crypto-converter-widget Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49150 Doofinder WP & WooCommerce Search Plugin Slug: doofinder-for-woocommerce Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49185 File Gallery Plugin: File Gallery Plugin Slug: file-gallery Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-48771 Product Enquiry for WooCommerce Plugin Slug: gm-woocommerce-quote-popup Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49761 WordPress Brute Force Protection – Stop Brute Force Attacks Plugin Slug: guardgiant Installations: 2,000+ Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2023-48764 Multiple Post Passwords Plugin: Multiple Post Passwords Plugin Slug: multiple-post-passwords Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49157 Sign In Scheduling Online Appointment Booking System Plugin Slug: 10to8-online-booking Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49173 360 Javascript Viewer Plugin: 360 Javascript Viewer Plugin Slug: 360deg-javascript-viewer Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-48779 AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin Slug: adfoxly Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-46617 Automatic Youtube Video Posts Plugin Plugin Slug: automatic-youtube-video-posts Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49180 Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo Plugin Slug: biteship Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49767 Block for Font Awesome Plugin: Block for Font Awesome Plugin Slug: block-for-font-awesome Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49751 Bulk Edit Post Titles Plugin: Bulk Edit Post Titles Plugin Slug: bulk-edit-post-titles Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-49754 canvasio3D Light Plugin: canvasio3D Light Plugin Slug: canvasio3d-light Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-48776 Credit Tracker Plugin: Credit Tracker Plugin Slug: credit-tracker Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49152 Currency Converter Calculator Plugin Slug: currency-converter-calculator Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49149 Event post Plugin: Event post Plugin Slug: event-post Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49179 Importify – Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More Plugin: Importify – Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More Plugin Slug: importify Installations: 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: Medium CVE: 2023-49194 KP Fastest Tawk.to Chat Plugin: KP Fastest Tawk.to Chat Plugin Slug: kp-fastest-tawk-to-chat Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49175 List all posts by Authors, nested Categories and Titles Plugin Slug: list-all-posts-by-authors-nested-categories-and-titles Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49182 Parallax Slider Block Plugin: Parallax Slider Block Plugin Slug: parallax-slider-block Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49184 Prevent Landscape Rotation Plugin: Prevent Landscape Rotation Plugin Slug: prevent-landscape-rotation Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48772 SVGator – Add Animated SVG Easily Plugin Slug: svgator Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48766 WP Catalogue Plugin: WP Catalogue Plugin Slug: wp-catalogue Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48780 WP CleanFix Plugin: WP CleanFix Plugin Slug: wp-cleanfix Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-48775 WPsoonOnlinePage Plugin: WPsoonOnlinePage Plugin Slug: wp-soononline-page Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49760 BigCommerce For WordPress Plugin: BigCommerce For WordPress Plugin Slug: bigcommerce Installations: 900+ Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: Medium CVE: 2023-49162 HDW Player Plugin (Video Player & Video Gallery) Plugin Slug: hdw-player-video-player-video-gallery Installations: 900+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49178 Track Geolocation Of Users Using Contact Form 7 Plugin Slug: track-geolocation-of-users-using-contact-form-7 Installations: 600+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49188 Bravo Translate Plugin: Bravo Translate Plugin Slug: bravo-translate Installations: 500+ Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2023-49161 GDPR Cookie Consent by Supsystic Plugin Slug: gdpr-compliance-by-supsystic Installations: 500+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49191 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media Plugin Slug: evergreen-content-poster Installations: 100+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-41127 Innovs HR – Complete Human Resource Management System for Your Business Plugin Slug: innovs-hr-manager Installations: 100+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49171 Simple Long Form Plugin: Simple Long Form Plugin Slug: simple-long-form Installations: 90+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-41136 WP Pocket URLs Plugin: WP Pocket URLs Plugin Slug: wp-pocket-urls Installations: 80+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49176 BrainCert – HTML5 Virtual Classroom Plugin Slug: html5-virtual-classroom Installations: 70+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49172 MSync Plugin: MSync Plugin Slug: msync Installations: 10+ Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2023-49166 MyTube PlayList Plugin: MyTube PlayList Plugin Slug: mytube Installations: 10+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-48767 WooDiscuz – WooCommerce Comments Plugin: WooDiscuz – WooCommerce Comments Plugin Slug: woodiscuz-woocommerce-comments Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49759 Powr Pack Plugin: Powr Pack Plugin Slug: powr-pack Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-45609 Machic Core Plugin: Machic Core Plugin Slug: machic-core Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-49186 Delete Post Revisions In WordPress Plugin: Delete Post Revisions In WordPress Plugin Slug: delete-post-revisions-on-single-click Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-48754 CSprite Plugin: CSprite Plugin Slug: csprite Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-49763 Contact Form 7 Plugin: Contact Form 7 Plugin Slug: contact-form-7 Installations: 5,000,000+ Vulnerability: Arbitrary File Upload Patched in Version: 5.8.4 Severity Score: Medium CVE: 2023-6449 Antispam Bee Plugin: Antispam Bee Plugin Slug: antispam-bee Installations: 700,000+ Vulnerability: Bypass Vulnerability Patched in Version: 2.11.4 Severity Score: Medium CVE: 2023-41134 Ocean Extra Plugin: Ocean Extra Plugin Slug: ocean-extra Installations: 700,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.2.3 Severity Score: Medium CVE: 2023-49164 WP Shortcodes Plugin — Shortcodes Ultimate Plugin Slug: shortcodes-ultimate Installations: 600,000+ Vulnerability: Insecure Direct Object References (IDOR) Patched in Version: 7.0.0 Severity Score: Medium CVE: 2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate Plugin Slug: shortcodes-ultimate Installations: 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.0.0 Severity Score: Medium CVE: 2023-6225 SiteOrigin Widgets Bundle Plugin: SiteOrigin Widgets Bundle Plugin Slug: so-widgets-bundle Installations: 600,000+ Vulnerability: Local File Inclusion Patched in Version: 1.51.0 Severity Score: High CVE: 2023-6295 MW WP Form Plugin: MW WP Form Plugin Slug: mw-wp-form Installations: 200,000+ Vulnerability: Arbitrary File Upload Patched in Version: 5.0.2 Severity Score: Critical CVE: 2023-6316 Page Builder: Pagelayer – Drag and Drop website builder Plugin Slug: pagelayer Installations: 200,000+ Vulnerability: Broken Access Control Patched in Version: 1.7.8 Severity Score: Medium CVE: 2023-49196 Responsive Lightbox & Gallery Plugin Slug: responsive-lightbox Installations: 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4.6 Severity Score: Medium CVE: 2023-49174 Advanced Database Cleaner Plugin: Advanced Database Cleaner Plugin Slug: advanced-database-cleaner Installations: 100,000+ Vulnerability: SQL Injection Patched in Version: 3.1.3 Severity Score: High CVE: 2023-49764 Email Address Encoder Plugin: Email Address Encoder Plugin Slug: email-address-encoder Installations: 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.0.23 Severity Score: Medium CVE: 2023-48765 SpeedyCache – Cache, Optimization, Performance Plugin Slug: speedycache Installations: 100,000+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: 1.1.3 Severity Score: Medium CVE: 2023-49746 HUSKY – Products Filter for WooCommerce Professional Plugin Slug: woocommerce-products-filter Installations: 100,000+ Vulnerability: SQL Injection Patched in Version: 1.3.4.3 Severity Score: Critical CVE: 2023-40010 Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) Plugin Slug: wp-retina-2x Installations: 100,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 6.4.6 Severity Score: Medium CVE: 2023-44982 Backup Migration Plugin: Backup Migration Plugin Slug: backup-backup Installations: 90,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.3.7 Severity Score: High CVE: 2023-6266 NextScripts: Social Networks Auto-Poster Plugin Slug: social-networks-auto-poster-facebook-twitter-g Installations: 60,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.4.3 Severity Score: High CVE: 2023-49183 Razorpay for WooCommerce Plugin: Razorpay for WooCommerce Plugin Slug: woo-razorpay Installations: 60,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 4.5.7 Severity Score: Medium Razorpay for WooCommerce Plugin: Razorpay for WooCommerce Plugin Slug: woo-razorpay Installations: 60,000+ Vulnerability: Broken Access Control Patched in Version: 4.5.7 Severity Score: Medium CF7 Google Sheets Connector Plugin: CF7 Google Sheets Connector Plugin Slug: cf7-google-sheets-connector Installations: 40,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 5.0.6 Severity Score: High CVE: 2023-44989 JetFormBuilder — Dynamic Blocks Form Builder Plugin Slug: jetformbuilder Installations: 40,000+ Vulnerability: Content Injection Patched in Version: 3.1.5 Severity Score: Medium CVE: 2023-48763 Media File Renamer: Rename Files (Manual, Auto & AI) Plugin Slug: media-file-renamer Installations: 40,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 5.7.0 Severity Score: Medium CVE: 2023-44991 Ultimate Addons for Contact Form 7 Plugin Slug: ultimate-addons-for-contact-form-7 Installations: 30,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.2.1 Severity Score: High CVE: 2023-49766 Abandoned Cart Lite for WooCommerce Plugin Slug: woocommerce-abandoned-cart Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: 5.16.2 Severity Score: Medium CVE: 2023-41671 Rate my Post – WP Rating System Plugin Slug: rate-my-post Installations: 20,000+ Vulnerability: Insecure Direct Object References (IDOR) Patched in Version: 3.4.2 Severity Score: Medium CVE: 2023-49765 Seraphinite Accelerator Plugin: Seraphinite Accelerator Plugin Slug: seraphinite-accelerator Installations: 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.20.29 Severity Score: High CVE: 2023-49740 Video PopUp Plugin: Video PopUp Plugin Slug: video-popup Installations: 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.1.4 Severity Score: Medium CVE: 2023-4962 WCFM Marketplace – Best Multivendor Marketplace for WooCommerce Plugin Slug: wc-multivendor-marketplace Installations: 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.6.3 Severity Score: Medium CVE: 2023-4960 YASR – Yet Another Star Rating Plugin for WordPress Plugin Slug: yet-another-stars-rating Installations: 20,000+ Vulnerability: Broken Access Control Patched in Version: 3.4.4 Severity Score: Medium CVE: 2023-39305 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin Plugin Slug: bookingpress-appointment-booking Installations: 10,000+ Vulnerability: Arbitrary File Upload Patched in Version: 1.0.77 Severity Score: Medium CVE: 2023-6219 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss Plugin Slug: bp-better-messages Installations: 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4.1 Severity Score: Medium CVE: 2023-49168 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Plugin Slug: custom-registration-form-builder-with-submission-manager Installations: 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 5.2.3.0 Severity Score: Medium CVE: 2023-47645 Author Box, Guest Author and Co-Authors for Your Posts – Molongui Plugin Slug: molongui-authorship Installations: 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.6.20 Severity Score: Medium CVE: 2023-39921 Participants Database Plugin: Participants Database Plugin Slug: participants-database Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: 2.5.6 Severity Score: Medium CVE: 2023-48751 Qode Essential Addons Plugin: Qode Essential Addons Plugin Slug: qode-essential-addons Installations: 10,000+ Vulnerability: Remote Code Execution (RCE) Patched in Version: 1.5.3 Severity Score: Critical CVE: 2023-47840 WP Tripadvisor Review Widgets Plugin Slug: review-widgets-for-tripadvisor Installations: 10,000+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Swift Performance Lite Plugin: Swift Performance Lite Plugin Slug: swift-performance-lite Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: 2.3.6.15 Severity Score: Medium CVE: 2023-6289 WP Booking System – Booking Calendar Plugin Slug: wp-booking-system Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: 2.0.19.3 Severity Score: Medium CVE: 2023-49758 SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share Plugin Slug: wp-scheduled-posts Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: 5.0.5 Severity Score: Medium Chatbot for WordPress ?? Plugin: Chatbot for WordPress ?? Plugin Slug: collectchat Installations: 8,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4.0 Severity Score: Medium CVE: 2023-5691 Widgets for Reviews & Recommendations Plugin Slug: free-facebook-reviews-and-recommendations-widgets Installations: 7,000+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Guest Author Plugin: Guest Author Plugin Slug: guest-author Installations: 7,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4 Severity Score: Medium CVE: 2023-49747 SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! Plugin Slug: suretriggers Installations: 7,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.0.24 Severity Score: Medium CVE: 2023-49749 Export WP Page to Static HTML/CSS Plugin Slug: export-wp-page-to-static-html Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: 2.2.0 Severity Score: Medium CVE: 2023-6369 Void Elementor Post Grid Addon for Elementor Page builder Plugin Slug: void-elementor-post-grid-addon-for-elementor-page-builder Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: 2.2 Severity Score: Medium CVE: 2023-48750 Dashboard Widgets Suite Plugin: Dashboard Widgets Suite Plugin Slug: dashboard-widgets-suite Installations: 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.4.2 Severity Score: Medium CVE: 2023-49743 Gift Up Gift Cards for WordPress and WooCommerce Plugin Slug: gift-up Installations: 5,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.22 Severity Score: Medium CVE: 2023-49744 Widgets for Booking.com Reviews Plugin Slug: review-widgets-for-booking-com Installations: 5,000+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Airbnb Reviews Plugin: Widgets for Airbnb Reviews Plugin Slug: review-widgets-for-airbnb Installations: 3,000+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Spiffy Calendar Plugin: Spiffy Calendar Plugin Slug: spiffy-calendar Installations: 3,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.9.6 Severity Score: Medium CVE: 2023-49745 UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping Plugin Slug: wc-multishipping Installations: 3,000+ Vulnerability: Broken Access Control Patched in Version: 2.3.8 Severity Score: Medium affiliate-toolkit – WordPress Affiliate Plugin Plugin Slug: affiliate-toolkit-starter Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.4.4 Severity Score: High CVE: 2023-46086 BSK Forms Blacklist Plugin: BSK Forms Blacklist Plugin Slug: bsk-gravityforms-blacklist Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.7 Severity Score: Medium CVE: 2023-5980 Customer Reviews Collector for WooCommerce Plugin Slug: customer-reviews-collector-for-woocommerce Installations: 2,000+ Vulnerability: Arbitrary File Upload Patched in Version: 4.0 Severity Score: High DoFollow Case by Case Plugin: DoFollow Case by Case Plugin Slug: dofollow-case-by-case Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.5.0 Severity Score: Medium CVE: 2023-49197 teachPress Plugin: teachPress Plugin Slug: teachpress Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 9.0.6 Severity Score: Medium CVE: 2023-49163 teachPress Plugin: teachPress Plugin Slug: teachpress Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 9.0.5 Severity Score: Medium CVE: 2023-48755 Debug Log Manager Plugin: Debug Log Manager Plugin Slug: debug-log-manager Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.2.2 Severity Score: Medium CVE: 2023-5772 IdeaPush Plugin: IdeaPush Plugin Slug: ideapush Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: 8.58 Severity Score: Medium CVE: 2023-48774 Widgets for Amazon Reviews Plugin: Widgets for Amazon Reviews Plugin Slug: review-widgets-for-amazon Installations: 1,000+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High 12 Step Meeting List Plugin: 12 Step Meeting List Plugin Slug: 12-step-meeting-list Installations: 900+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: 3.14.25 Severity Score: Medium CVE: 2023-46641 Widgets for Yelp Reviews Plugin: Widgets for Yelp Reviews Plugin Slug: reviews-widgets-for-yelp Installations: 800+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Best Chart Plugin – Chartify Plugin: Best Chart Plugin – Chartify Plugin Slug: chart-builder Installations: 500+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.9.7 Severity Score: Medium Widgets for Thumbtack Reviews Plugin Slug: widgets-for-thumbtack-reviews Installations: 300+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Ebay Reviews Plugin: Widgets for Ebay Reviews Plugin Slug: widgets-for-ebay-reviews Installations: 200+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Capterra Reviews Plugin: Widgets for Capterra Reviews Plugin Slug: review-widgets-for-capterra Installations: 100+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Zillow Reviews Plugin: Widgets for Zillow Reviews Plugin Slug: widgets-for-zillow-reviews Installations: 100+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for WordPress Reviews Plugin Slug: reviews-widgets Installations: 50+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Expedia Reviews Plugin: Widgets for Expedia Reviews Plugin Slug: widgets-for-expedia-reviews Installations: 40+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Opentable Reviews Plugin Slug: review-widgets-for-opentable Installations: 30+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Hotels.com Reviews Plugin Slug: review-widgets-for-hotels-com Installations: 20+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Árukeres? Reviews Plugin Slug: review-widgets-for-arukereso Installations: 10+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Foursquare Reviews Plugin Slug: review-widgets-for-foursquare Installations: 10+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Review Widgets for Szallas.hu Plugin Slug: review-widgets-for-szallas-hu Installations: 10+ Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for SourceForge Reviews Plugin Slug: widgets-for-sourceforge-reviews Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for AliExpress Reviews Plugin Slug: widgets-for-aliexpress-reviews Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Widgets for Alibaba Reviews Plugin: Widgets for Alibaba Reviews Plugin Slug: widgets-for-alibaba-reviews Vulnerability: Arbitrary File Upload Patched in Version: 11.1 Severity Score: High Theme My Login 2FA Plugin: Theme My Login 2FA Plugin Slug: tml-2fa Vulnerability: Bypass Vulnerability Patched in Version: 1.2 Severity Score: Medium CVE: 2023-6272 PowerPack Pro for Elementor Plugin: PowerPack Pro for Elementor Plugin Slug: powerpack-elements Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.9.24 Severity Score: High CVE: 2023-49739 JetProductGallery Plugin: JetProductGallery Plugin Slug: jet-woo-product-gallery Vulnerability: Broken Access Control Patched in Version: 2.1.13.2 Severity Score: High JetProductGallery Plugin: JetProductGallery Plugin Slug: jet-woo-product-gallery Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.1.13.2 Severity Score: Medium JetProductGallery Plugin: JetProductGallery Plugin Slug: jet-woo-product-gallery Vulnerability: Broken Access Control Patched in Version: 2.1.13.2 Severity Score: Medium JetWooBuilder Plugin: JetWooBuilder Plugin Slug: jet-woo-builder Vulnerability: Broken Access Control Patched in Version: 2.1.7.3 Severity Score: High JetWooBuilder Plugin: JetWooBuilder Plugin Slug: jet-woo-builder Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.1.7.3 Severity Score: Medium JetWooBuilder Plugin: JetWooBuilder Plugin Slug: jet-woo-builder Vulnerability: Broken Access Control Patched in Version: 2.1.7.3 Severity Score: Medium JetTricks Plugin: JetTricks Plugin Slug: jet-tricks Vulnerability: Broken Access Control Patched in Version: 1.4.6.2 Severity Score: High JetTricks Plugin: JetTricks Plugin Slug: jet-tricks Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.4.6.2 Severity Score: Medium JetTricks Plugin: JetTricks Plugin Slug: jet-tricks Vulnerability: Broken Access Control Patched in Version: 1.4.6.2 Severity Score: Medium JetThemeCore Plugin: JetThemeCore Plugin Slug: jet-theme-core Vulnerability: Broken Access Control Patched in Version: 2.1.2.2 Severity Score: High JetThemeCore Plugin: JetThemeCore Plugin Slug: jet-theme-core Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.1.2.2 Severity Score: Medium JetThemeCore Plugin: JetThemeCore Plugin Slug: jet-theme-core Vulnerability: Broken Access Control Patched in Version: 2.1.2.2 Severity Score: Medium JetTabs Plugin: JetTabs Plugin Slug: jet-tabs Vulnerability: Broken Access Control Patched in Version: 2.1.25.2 Severity Score: High JetTabs Plugin: JetTabs Plugin Slug: jet-tabs Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.1.25.2 Severity Score: Medium JetTabs Plugin: JetTabs Plugin Slug: jet-tabs Vulnerability: Broken Access Control Patched in Version: 2.1.25.2 Severity Score: Medium JetSmartFilters Plugin: JetSmartFilters Plugin Slug: jet-smart-filters Vulnerability: Broken Access Control Patched in Version: 3.2.2.1 Severity Score: High JetSmartFilters Plugin: JetSmartFilters Plugin Slug: jet-smart-filters Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.2.2.1 Severity Score: Medium JetSmartFilters Plugin: JetSmartFilters Plugin Slug: jet-smart-filters Vulnerability: Broken Access Control Patched in Version: 3.2.2.1 Severity Score: Medium JetSearch Plugin: JetSearch Plugin Slug: jet-search Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.1.2.1 Severity Score: Medium JetSearch Plugin: JetSearch Plugin Slug: jet-search Vulnerability: Broken Access Control Patched in Version: 3.1.2.1 Severity Score: Medium JetReviews Plugin: JetReviews Plugin Slug: jet-reviews Vulnerability: Broken Access Control Patched in Version: 2.3.2.1 Severity Score: High JetReviews Plugin: JetReviews Plugin Slug: jet-reviews Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.3.2.1 Severity Score: Medium JetReviews Plugin: JetReviews Plugin Slug: jet-reviews Vulnerability: Broken Access Control Patched in Version: 2.3.2.1 Severity Score: Medium JetPopup Plugin: JetPopup Plugin Slug: jet-popup Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.0.2.1 Severity Score: Medium JetPopup Plugin: JetPopup Plugin Slug: jet-popup Vulnerability: Broken Access Control Patched in Version: 2.0.2.1 Severity Score: Medium JetMenu Plugin: JetMenu Plugin Slug: jet-menu Vulnerability: Broken Access Control Patched in Version: 2.4.2 Severity Score: High JetMenu Plugin: JetMenu Plugin Slug: jet-menu Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.4.2 Severity Score: Medium JetMenu Plugin: JetMenu Plugin Slug: jet-menu Vulnerability: Broken Access Control Patched in Version: 2.4.2 Severity Score: Medium JetEngine Plugin: JetEngine Plugin Slug: jet-engine Vulnerability: Privilege Escalation Patched in Version: 3.2.5 Severity Score: High CVE: 2023-48757 JetEngine Plugin: JetEngine Plugin Slug: jet-engine Vulnerability: Broken Access Control Patched in Version: 3.2.5 Severity Score: High CVE: 2023-48758 JetEngine Plugin: JetEngine Plugin Slug: jet-engine Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.2.5.2 Severity Score: Medium JetEngine Plugin: JetEngine Plugin Slug: jet-engine Vulnerability: Broken Access Control Patched in Version: 3.2.5.2 Severity Score: Medium JetElements For Elementor Plugin: JetElements For Elementor Plugin Slug: jet-elements Vulnerability: Arbitrary File Download Patched in Version: 2.6.13.1 Severity Score: High CVE: 2023-48759 JetElements For Elementor Plugin: JetElements For Elementor Plugin Slug: jet-elements Vulnerability: Broken Access Control Patched in Version: 2.6.13.1 Severity Score: High JetElements For Elementor Plugin: JetElements For Elementor Plugin Slug: jet-elements Vulnerability: Broken Access Control Patched in Version: 2.6.13.1 Severity Score: Medium JetElements For Elementor Plugin: JetElements For Elementor Plugin Slug: jet-elements Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.6.13.1 Severity Score: Medium JetCompareWishlist Plugin: JetCompareWishlist Plugin Slug: jet-compare-wishlist Vulnerability: Broken Access Control Patched in Version: 1.5.5.2 Severity Score: High JetCompareWishlist Plugin: JetCompareWishlist Plugin Slug: jet-compare-wishlist Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.5.5.2 Severity Score: Medium JetCompareWishlist Plugin: JetCompareWishlist Plugin Slug: jet-compare-wishlist Vulnerability: Broken Access Control Patched in Version: 1.5.5.2 Severity Score: Medium JetBlog Plugin: JetBlog Plugin Slug: jet-blog Vulnerability: Broken Access Control Patched in Version: 2.3.5.1 Severity Score: High JetBlog Plugin: JetBlog Plugin Slug: jet-blog Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.3.5.1 Severity Score: Medium JetBlog Plugin: JetBlog Plugin Slug: jet-blog Vulnerability: Broken Access Control Patched in Version: 2.3.5.1 Severity Score: Medium JetBlocks For Elementor Plugin: JetBlocks For Elementor Plugin Slug: jet-blocks Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.3.8.1 Severity Score: High CVE: 2023-48756 JetBlocks For Elementor Plugin: JetBlocks For Elementor Plugin Slug: jet-blocks Vulnerability: Broken Access Control Patched in Version: 1.3.8.1 Severity Score: High JetBlocks For Elementor Plugin: JetBlocks For Elementor Plugin Slug: jet-blocks Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.3.8.1 Severity Score: Medium JetBlocks For Elementor Plugin: JetBlocks For Elementor Plugin Slug: jet-blocks Vulnerability: Broken Access Control Patched in Version: 1.3.8.1 Severity Score: Medium WordPress Themes — 0 Patched / 0 Unpatched Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up Get started with confidence — risk free, guaranteed

This content was originally published here.