WordPress Vulnerability Report — February 21, 2024

In this report, 96 vulnerabilities have been publicly disclosed. Security patches for 76 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings. Additionally, there are 20 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions. WordPress Core WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately. The next major release will be version 6.5, planned for March 26, 2024. WordPress Plugins — 75 Patched / 20 Unpatched Featured Image from URL (FIFU) Plugin: Featured Image from URL (FIFU) Plugin Slug: featured-image-from-url Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-1496 Malware Scanner Plugin: Malware Scanner Plugin Slug: miniorange-malware-protection Installations 10,000+ Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2024-25902 Multi Step Form Plugin: Multi Step Form Plugin Slug: multi-step-form Installations 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25905 Comments Like Dislike Plugin: Comments Like Dislike Plugin Slug: comments-like-dislike Installations 9,000+ Vulnerability: Bypass Vulnerability Patched in Version: No Fix Severity Score: Medium CVE: 2024-25906 PJ News Ticker Plugin: PJ News Ticker Plugin Slug: pj-news-ticker Installations 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25094 TinyMCE and TinyMCE Advanced Professsional Formats and Styles Plugin Slug: tinymce-and-tinymce-advanced-professsional-formats-and-styles Installations 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25904 MyWaze Plugin: MyWaze Plugin Slug: my-waze Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25594 PB oEmbed HTML5 Audio – with Cache Support Plugin Slug: pb-oembed-html5-audio-with-cache-support Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25098 Canto Plugin: Canto Plugin Slug: canto Vulnerability: Remote Code Execution (RCE) Patched in Version: No Fix Severity Score: Critical CVE: 2024-25096 GigPress Plugin: GigPress Plugin Slug: gigpress Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-7233 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Arbitrary File Upload Patched in Version: No Fix Severity Score: Critical CVE: 2024-25913 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Settings Change Patched in Version: No Fix Severity Score: Critical CVE: 2024-25912 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: Denial of Service Attack Patched in Version: No Fix Severity Score: High CVE: 2024-25911 MoveTo Plugin: MoveTo Plugin Slug: moveto Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: Critical CVE: 2024-25910 Oliver POS Plugin: Oliver POS Plugin Slug: oliver-pos Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: High CVE: 2024-0702 postMash – custom post order Plugin: postMash – custom post order Plugin Slug: postmash Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: Critical CVE: 2024-25927 Sitepact’s Contact Form 7 Extension For Klaviyo Plugin: Sitepact’s Contact Form 7 Extension For Klaviyo Plugin Slug: sitepact-klaviyo-contact-form-7 Vulnerability: SQL Injection Patched in Version: No Fix Severity Score: High CVE: 2024-25928 Widgets Controller Plugin: Widgets Controller Plugin Slug: widgets-controller Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2024-25926 Pexels: Free Stock Photos Plugin: Pexels: Free Stock Photos Plugin Slug: wp-pexels-free-stock-photos Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2024-25915 Easy Forms for Mailchimp Plugin: Easy Forms for Mailchimp Plugin Slug: yikes-inc-easy-mailchimp-extender Vulnerability: Sensitive Data Exposure Patched in Version: No Fix Severity Score: High CVE: 2024-25095 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1171 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1172 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1276 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Plugin Slug: essential-addons-for-elementor-lite Installations 2,000,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.9.9 Severity Score: Medium CVE: 2024-1236 Ocean Extra Plugin: Ocean Extra Plugin Slug: ocean-extra Installations 700,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.2.5 Severity Score: Medium CVE: 2024-1277 Premium Addons for Elementor Plugin: Premium Addons for Elementor Plugin Slug: premium-addons-for-elementor Installations 700,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.10.19 Severity Score: Medium CVE: 2024-0326 Broken Link Checker Plugin: Broken Link Checker Plugin Slug: broken-link-checker Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.2.4 Severity Score: Medium CVE: 2024-25592 WP Shortcodes Plugin — Shortcodes Ultimate Plugin Slug: shortcodes-ultimate Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.0.3 Severity Score: Medium CVE: 2024-1510 SiteOrigin Widgets Bundle Plugin: SiteOrigin Widgets Bundle Plugin Slug: so-widgets-bundle Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.58.3 Severity Score: Medium CVE: 2024-1070 SiteOrigin Widgets Bundle Plugin: SiteOrigin Widgets Bundle Plugin Slug: so-widgets-bundle Installations 600,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.58.4 Severity Score: Medium CVE: 2024-1058 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease Plugin Slug: password-protected Installations 400,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.6.7 Severity Score: Medium CVE: 2024-0656 Popup Builder – Create highly converting, mobile friendly marketing popups. Plugin Slug: popup-builder Installations 200,000+ Vulnerability: Server Side Request Forgery (SSRF) Patched in Version: 4.2.6 Severity Score: Medium CVE: 2023-6294 WP Activity Log Plugin: WP Activity Log Plugin Slug: wp-security-audit-log Installations 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.6.2 Severity Score: High CVE: 2023-50905 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin Slug: wp-user-avatar Installations 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.15.0 Severity Score: Medium CVE: 2024-1570 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin Slug: wp-user-avatar Installations 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.15.0 Severity Score: High CVE: 2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Plugin Slug: wp-user-avatar Installations 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.15.0 Severity Score: Medium CVE: 2024-1408 Best WordPress Gallery Plugin – FooGallery Plugin Slug: foogallery Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4.9 Severity Score: Medium CVE: 2024-0604 Login Lockdown – Protect Login Form Plugin Slug: login-lockdown Installations 100,000+ Vulnerability: Broken Access Control Patched in Version: 2.09 Severity Score: Medium CVE: 2024-1340 Page scroll to id Plugin: Page scroll to id Plugin Slug: page-scroll-to-id Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.7.9 Severity Score: Medium CVE: 2024-1445 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Plugin Slug: powerpack-lite-for-elementor Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.7.16 Severity Score: Medium CVE: 2024-1411 Schema & Structured Data for WP & AMP Plugin Slug: schema-and-structured-data-for-wp Installations 100,000+ Vulnerability: Broken Access Control Patched in Version: 1.27 Severity Score: Medium CVE: 2024-1288 Schema & Structured Data for WP & AMP Plugin Slug: schema-and-structured-data-for-wp Installations 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.27 Severity Score: Medium CVE: 2024-1586 Defender Security – Malware Scanner, Login Security & Firewall Plugin Slug: defender-security Installations 90,000+ Vulnerability: Bypass Vulnerability Patched in Version: 4.4.2 Severity Score: Medium CVE: 2024-25595 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Plugin: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Plugin Slug: embedpress Installations 90,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.9.9 Severity Score: Medium CVE: 2024-1425 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Plugin: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Plugin Slug: embedpress Installations 90,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.9.9 Severity Score: Medium CVE: 2024-1349 Email Encoder – Protect Email Addresses and Phone Numbers Plugin Slug: email-encoder-bundle Installations 80,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.2.1 Severity Score: Medium CVE: 2024-1282 Elementor Addons by Livemesh Plugin: Elementor Addons by Livemesh Plugin Slug: addons-for-elementor Installations 70,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.3.1 Severity Score: Medium CVE: 2024-25598 Simple Share Buttons Adder Plugin: Simple Share Buttons Adder Plugin Slug: simple-share-buttons-adder Installations 70,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.4.12 Severity Score: Medium CVE: 2024-0621 Microsoft Clarity Plugin: Microsoft Clarity Plugin Slug: microsoft-clarity Installations 60,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 0.9.4 Severity Score: High CVE: 2024-0590 Bold Page Builder Plugin Slug: bold-page-builder Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.8.1 Severity Score: Medium CVE: 2024-1159 Bold Page Builder Plugin Slug: bold-page-builder Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.8.1 Severity Score: Medium CVE: 2024-1160 Bold Page Builder Plugin Slug: bold-page-builder Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.8.1 Severity Score: Medium CVE: 2024-1157 MapPress Maps for WordPress Plugin: MapPress Maps for WordPress Plugin Slug: mappress-google-maps-for-wordpress Installations 50,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 2.88.16 Severity Score: Medium CVE: 2024-0421 MapPress Maps for WordPress Plugin: MapPress Maps for WordPress Plugin Slug: mappress-google-maps-for-wordpress Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.88.15 Severity Score: Medium CVE: 2024-0420 Booster for WooCommerce Plugin: Booster for WooCommerce Plugin Slug: woocommerce-jetpack Installations 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.1.7 Severity Score: Medium CVE: 2024-1054 WP Maintenance Plugin: WP Maintenance Plugin Slug: wp-maintenance Installations 50,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 6.1.7 Severity Score: Medium CVE: 2024-1472 Custom Field Template Plugin: Custom Field Template Plugin Slug: custom-field-template Installations 40,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.6.1 Severity Score: Medium CVE: 2024-25919 WP Editor Plugin: WP Editor Plugin Slug: wp-editor Installations 40,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.2.8 Severity Score: Medium CVE: 2024-25591 Maspik – Spam Blacklist Plugin: Maspik – Spam Blacklist Plugin Slug: contact-forms-anti-spam Installations 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 0.10.7 Severity Score: Medium CVE: 2024-25101 My Private Site Plugin: My Private Site Plugin Slug: jonradio-private-site Installations 20,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.0 Severity Score: Medium CVE: 2024-0978 My Calendar Plugin: My Calendar Plugin Slug: my-calendar Installations 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.4.24 Severity Score: Medium CVE: 2024-25916 Analytics Insights – Google Analytics Dashboard for WordPress Plugin Slug: analytics-insights Installations 10,000+ Vulnerability: Open Redirection Patched in Version: 6.3 Severity Score: Medium CVE: 2024-0250 Directorist – WordPress Business Directory Plugin with Classified Ads Listings Plugin Slug: directorist Installations 10,000+ Vulnerability: Broken Access Control Patched in Version: 7.8.5 Severity Score: Medium CVE: 2024-1322 Link Library Plugin: Link Library Plugin Slug: link-library Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.6.1 Severity Score: High CVE: 2024-1559 MasterStudy LMS WordPress Plugin – for Online Courses and Education Plugin Slug: masterstudy-lms-learning-management-system Installations 10,000+ Vulnerability: SQL Injection Patched in Version: 3.2.6 Severity Score: Critical CVE: 2024-1512 NEX-Forms – Ultimate Form Builder – Contact forms and much more Plugin Slug: nex-forms-express-wp-form-builder Installations 10,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 8.5.6 Severity Score: Medium CVE: 2024-25593 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction Plugin: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction Plugin Slug: paid-member-subscriptions Installations 10,000+ Vulnerability: Broken Access Control Patched in Version: 2.11.2 Severity Score: Medium CVE: 2024-1390 Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) Plugin: Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) Plugin Slug: smart-manager-for-wp-e-commerce Installations 10,000+ Vulnerability: SQL Injection Patched in Version: 8.28.0 Severity Score: High CVE: 2024-0566 WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc Plugin Slug: wp-sms Installations 9,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 6.4 Severity Score: Medium CVE: 2024-25920 Coming Soon Maintenance Mode Plugin: Coming Soon Maintenance Mode Plugin Slug: coming-soon-maintenance-mode Installations 6,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.0.6 Severity Score: Medium CVE: 2024-1475 Community by PeepSo – Social Network, Membership, Registration, User Profiles Plugin Slug: peepso-core Installations 4,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 6.2.7.1 Severity Score: Medium CVE: 2024-25923 WP Testimonials Plugin: WP Testimonials Plugin Slug: testimonial-widgets Installations 4,000+ Vulnerability: SQL Injection Patched in Version: 1.4.4 Severity Score: High CVE: 2024-25924 Piraeus Bank WooCommerce Payment Gateway Plugin Slug: woo-payment-gateway-for-piraeus-bank Installations 4,000+ Vulnerability: SQL Injection Patched in Version: 1.7.0 Severity Score: Critical CVE: 2024-0610 WPify Woo Czech Plugin: WPify Woo Czech Plugin Slug: wpify-woo Installations 4,000+ Vulnerability: Broken Access Control Patched in Version: 4.0.9 Severity Score: Medium CVE: 2024-1492 Paytium: Mollie payment forms & donations Plugin Slug: paytium Installations 3,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 4.4.3 Severity Score: Medium CVE: 2024-25099 SKT Page Builder Plugin: SKT Page Builder Plugin Slug: skt-builder Installations 3,000+ Vulnerability: Broken Access Control Patched in Version: 4.2 Severity Score: Medium CVE: 2024-1337 Doofinder WP & WooCommerce Search Plugin Slug: doofinder-for-woocommerce Installations 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.1.9 Severity Score: Medium CVE: 2024-25596 EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) Plugin: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) Plugin Slug: eazydocs Installations 2,000+ Vulnerability: Broken Access Control Patched in Version: 2.4.0 Severity Score: Medium CVE: 2024-0248 InstaWP Connect – 1-click WP Staging & Migration Plugin Slug: instawp-connect Installations 2,000+ Vulnerability: Remote Code Execution (RCE) Patched in Version: 0.1.0.9 Severity Score: Critical CVE: 2024-25918 SMTP Mail Plugin: SMTP Mail Plugin Slug: smtp-mail Installations 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.3.21 Severity Score: Medium CVE: 2024-25914 GD Rating System Plugin: GD Rating System Plugin Slug: gd-rating-system Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.5.1 Severity Score: High CVE: 2024-25093 Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages Plugin Slug: landing-page-cat Installations 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.7.3 Severity Score: Medium CVE: 2024-0708 Frontend File Manager Plugin Plugin: Frontend File Manager Plugin Plugin Slug: nmedia-user-file-uploader Installations 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 22.8 Severity Score: Medium CVE: 2024-25903 TNC PDF viewer Plugin: TNC PDF viewer Plugin Slug: pdf-viewer-by-themencode Installations 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.9.0 Severity Score: Medium CVE: 2024-25097 Sunshine Photo Cart: Free Client Galleries for Photographers Plugin Slug: sunshine-photo-cart Installations 1,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 3.1 Severity Score: Medium CVE: 2024-1294 Peach Payments Gateway Plugin: Peach Payments Gateway Plugin Slug: wc-peach-payments-gateway Installations 1,000+ Vulnerability: Broken Access Control Patched in Version: 3.2.0 Severity Score: Medium CVE: 2024-25922 Ultimate Reviews Plugin: Ultimate Reviews Plugin Slug: ultimate-reviews Installations 900+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.2.9 Severity Score: High CVE: 2024-25597 Action Network Plugin: Action Network Plugin Slug: wp-action-network Installations 600+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.4.3 Severity Score: High CVE: 2024-25921 Web3 – Crypto wallet Login & NFT token gating Plugin Slug: web3-authentication Installations 200+ Vulnerability: Broken Authentication Patched in Version: 3.0.0 Severity Score: Critical CVE: 2023-6036 Cwicly Plugin: Cwicly Plugin Slug: cwicly Vulnerability: Remote Code Execution (RCE) Patched in Version: 1.4.0.3 Severity Score: Critical CVE: 2024-24707 WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin: WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin Slug: phppoet-checkout-fields Vulnerability: Arbitrary File Upload Patched in Version: 3.5.13 Severity Score: Critical CVE: 2024-25925 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Arbitrary File Upload Patched in Version: 5.7.3 Severity Score: Critical CVE: 2024-25909 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Settings Change Patched in Version: 5.7.3 Severity Score: Medium CVE: 2024-25908 WP Media folder Plugin: WP Media folder Plugin Slug: wp-media-folder Vulnerability: Settings Change Patched in Version: 5.7.3 Severity Score: Medium CVE: 2024-25907 WP Setup Wizard Plugin: WP Setup Wizard Plugin Slug: wp-setup-wizard Vulnerability: Sensitive Data Exposure Patched in Version: 1.0.8.2 Severity Score: High CVE: 2024-25917 WordPress Themes — 1 Patched / 0 Unpatched Bricks Builder Theme: Bricks Builder Theme Slug: bricks Vulnerability: Remote Code Execution (RCE) Patched in Version: 1.9.6.1 Severity Score: Critical CVE: 2024-25600 Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up Get started with confidence — risk free, guaranteed

This content was originally published here.