Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes […]
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our weekly WordPress Vulnerability Report, now powered by Patchstack, covers new WordPress plugins, themes, and core vulnerabilities that have emerged since our last report. Our goal is to help you decide what to do if you are using one of these vulnerable plugins or themes on your website. For a deeper, historical analysis of WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
Am I Vulnerable?
If you are an iThemes Security or Security Pro user, the Site Scan feature will notify you of any vulnerabilities in WordPress, plugins, and themes you have installed. You can also review the following list of new vulnerabilities and check them against your installed plugins and themes.
Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone!
How Bad Is It?
Each vulnerability will have a severity rating of low, medium, high, or critical. Severity levels do not indicate whether a vulnerability is being actively exploited or not. A severity rating indicates how easy it would be for an attacker to exploit the vulnerability and how damaging the impact of an effective exploit could be.
We will highlight active exploits as we become aware of them.
Vulnerabilities are assessed by many different authorities, who each interpret risk with their own perspective and priorities. We are providing you with Patchstack’s risk assessment for WordPress site owners like you.
Is There An Update?
The most important information about a vulnerability is whether it has been patched or not.
If a patch or security release exists to secure the vulnerability, you will see a note about this in a green footer closing the individual vulnerability report. You should immediately update the vulnerable software to the highest version available.
Please be aware that even a deactivated plugin or theme may be exploited by attackers as long as it remains installed in WordPress. You should either update or delete vulnerable plugins and themes as soon as possible when a vulnerability emerges in them.
What Should I Do?
If no update is available for a vulnerable plugin or theme that you are actively using, you will see a red footer closing the individual vulnerability report with a warning that no update has been provided yet. We will also highlight vulnerable plugins and themes that have no known fix.
Popular, widely used plugins and themes that remain vulnerable form a uniquely large and attractive attack surface so we will call special attention to them.
You should weigh the costs and benefits of removing vulnerable plugins and themes with no known fix. If they have been dropped from the wordpress.org repositories, we will note their status is “closed.” We recommend adopting a different, secure solution as soon as possible for plugins designated “closed” or that have “no known fix” forthcoming.
It is urgent to remove unpatched themes and plugins with vulnerabilities of any severity if they are being actively exploited and there’s no security update available.
The Future of Authentication is Passkeys! Log into your WordPress site with Biometrics only available in iThemes Security Pro.
Credential stuffing, phishing, and brute force attacks using stolen, guessable, or reused passwords have made our digital lives less secure. Two-Factor Authentication (2FA) offers some protection but at the cost of usability and accessibility. Fewer than 30% of all online account holders actually use 2FA. Password-based logins are broken.
The future of authentication is passkeys, and iThemes Security Pro is the first to bring this breakthrough technology to WordPress sites. Using breakthrough WebAuthn technology based on public/private cryptography, passkeys make passwords obsolete. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.
WordPress Core News
WordPress 6.1.1 was released on November 15, 2022, as a short-cycle maintenance release with 29 bug fixes in Core and 21 bug fixes for the block editor. Because this is a core update, be sure to update to WordPress 6.1.1 as soon as possible! As always, with a major release like this, ensure your site is backed up with BackupBuddy before updating.
WordPress 6.2 Beta 1
WordPress 6.2 Beta 1 is ready for download and testing! The current target for the final release is March 28, 2023. With the arrival of WordPress 6.2, Phase Two of Gutenberg’s development will have ended. Phase Two focused on the Block and Site Editor features that now allow deep customization of site designs and layouts. Next, Phase Three will focus on collaborative editing features. Take a look at the WordPress Development Roadmap to learn more.
- No new WordPress core vulnerabilities were disclosed this week.
There is a known unpatched vulnerability in WordPress core affecting all versions of WordPress. If you’re using iThemes Security, you’ve probably been alerted to this. As we are unsure when this very low-severity vulnerability will be patched, emails from iThemes Security will no longer alert for this specific vulnerability. Read our blog post about this vulnerability.
WordPress Plugin Vulnerabilities
In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress All In One WP Security & Firewall plugin
- Vulnerability
- Authenticated(Admin+) Directory Traversal vulnerability
WordPress Starter Templates plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-46851
WordPress Ocean Extra plugin
- Plugin
- Ocean Extra
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-24399
WordPress Ocean Extra plugin
- Plugin
- Ocean Extra
- CVE
- 2023-0749
WordPress WordPress Gallery Plugin – NextGEN Gallery plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-38468
WordPress ProfilePress plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23820
- Vulnerability
- Missing Authorization in crp_ajax_clearcache
WordPress Media Library Assistant plugin
- Plugin
- Media Library Assistant
- CVE
- 2023-0279
WordPress wpDataTables – WordPress Tables & Table Charts Plugin plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23876
WordPress Profile Builder plugin
- Vulnerability
- Sensitive Information Disclosure via Shortcode
- CVE
- 2023-0814
WordPress WP Table Builder – WordPress Table Plugin plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-46852
WordPress Ditty plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23874
WordPress Quiz And Survey Master plugin
- Vulnerability
- Unauthenticated Arbitrary Media Deletion
- CVE
- 2023-0291
WordPress The Post Grid plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-46853
WordPress Visualizer: Tables and Charts Manager for WordPress plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23708
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-23706
WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23710
WordPress Top 10 – Popular posts plugin for WordPress plugin
- CVE
- 2023-25993
WordPress Uncanny Toolkit for LearnDash plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-23714
WordPress Advanced Dynamic Pricing for WooCommerce plugin
- CVE
- 2022-40203
WordPress Interactive Geo Maps plugin
- Plugin
- Interactive Geo Maps
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23866
WordPress Link Juice Keeper plugin
- Plugin
- Link Juice Keeper
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25793
WordPress TeraWallet – For WooCommerce plugin
- Plugin
- TeraWallet – For WooCommerce
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-40198
WordPress Wp-Insert plugin
- Plugin
- Wp-Insert
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25461
WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25706
WordPress Conditional Payments for WooCommerce plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-46805
WordPress RegistrationMagic plugin
- Vulnerability
- Multiple Cross Site Request Forgery (CSRF)
- CVE
- 2023-25991
WordPress Video Gallery – YouTube Gallery plugin
- CVE
- 2023-25988
WordPress Video Gallery – YouTube Gallery plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25979
WordPress GamiPress plugin
- CVE
- 2023-24000
WordPress GamiPress plugin
- Vulnerability
- CSRF Leading to Settings Change
- CVE
- 2023-25697
WordPress GamiPress plugin
- Vulnerability
- Missing Authorization Leading to Points Manipulation
- CVE
- 2023-25715
WordPress Opt-Out for Google Analytics plugin
- Plugin
- Google Analytics Opt-Out
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25712
WordPress Scriptless Social Sharing plugin
- Plugin
- Scriptless Social Sharing
- CVE
- 2023-0377
WordPress UsersWP plugin
- CVE
- 2022-47442
WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin
- CVE
- 2022-46811
WordPress WP Coder plugin
- CVE
- 2023-0895
WordPress WP VR 360 Panorama and Virtual Tour Builder plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25708
WordPress TinyMCE Custom Styles plugin
- Plugin
- TinyMCE Custom Styles
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23995
WordPress Cart All In One For WooCommerce plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-46806
WordPress JSON Content Importer plugin
- Plugin
- JSON Content Importer
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25485
WordPress Shoppable Images plugin
- Plugin
- Shoppable Images
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25698
WordPress Simple Yearly Archive plugin
- Plugin
- Simple Yearly Archive
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25484
WordPress Gutenberg Blocks by WordPress Download Manager plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-22713
WordPress Meta slider and carousel with lightbox plugin
- CVE
- 2023-25703
WordPress Podlove Podcast Publisher plugin
- Plugin
- Podlove Podcast Publisher
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25472
WordPress Portfolio – WordPress Portfolio Plugin plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23685
WordPress Zeno Font Resizer plugin
- Plugin
- Zeno Font Resizer
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25442
WordPress AutomatorWP plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
WordPress Blockonomics plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-47145
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23670
WordPress Publish to Schedule plugin
- Plugin
- Publish to Schedule
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25994
WordPress Tickera – WordPress Event Ticketing plugin
- Vulnerability
- CSRF Leading To Post Status Change
- CVE
- 2023-23726
WordPress VikBooking Hotel Booking Engine & PMS plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25707
WordPress OAuth Single Sign On – SSO (OAuth Client) plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
WordPress Community by PeepSo plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-41633
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25481
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25479
WordPress Multi Rating plugin
- Plugin
- Multi Rating
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-47433
WordPress Product Reviews Import Export for WooCommerce plugin
- CVE
- 2022-46802
WordPress Quick Contact Form plugin
- Plugin
- Quick Contact Form
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-47608
WordPress Quick Event Manager plugin
- Plugin
- Quick Event Manager
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-46863
WordPress Quick Paypal Payments plugin
- Plugin
- Quick Paypal Payments
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25713
WordPress Quick Paypal Payments plugin
- Plugin
- Quick Paypal Payments
- CVE
- 2023-25714
WordPress Quick Paypal Payments plugin
- Plugin
- Quick Paypal Payments
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25702
WordPress Quick Paypal Payments plugin
- Plugin
- Quick Paypal Payments
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23889
WordPress WP Custom Fields Search plugin
- Plugin
- WP Custom Fields Search
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-47157
WordPress WordPress Email Marketing Plugin – WP Email Capture plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-23724
WordPress WordPress Email Marketing Plugin – WP Email Capture plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23723
WordPress BuddyForms plugin
WordPress CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-47154
WordPress Locatoraid Store Locator plugin
- Plugin
- Locatoraid Store Locator
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25709
WordPress Multiple Pages Generator by Themeisle plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-47143
WordPress Protected Posts Logout Button plugin
- CVE
- 2023-25454
WordPress Protected Posts Logout Button plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25978
WordPress WordPress Books Gallery plugin
- Plugin
- WordPress Books Gallery
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-23705
WordPress WPGlobus Translate Options plugin
- Plugin
- WPGlobus Translate Options
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25711
WordPress Archivist – Custom Archive Templates plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2023-25448
WordPress Archivist – Custom Archive Templates plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25490
WordPress Click to Call or Chat Buttons plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25710
WordPress Clio Grow plugin
- Plugin
- Clio Grow
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-22683
WordPress Calendar Event Multi View plugin
- Plugin
- Calendar Event Multi View
- CVE
- 2023-23814
WordPress Get URL Cron plugin
- Plugin
- Get URL Cron
- Vulnerability
- Broken Access Control via geturlcron_action_handle
WordPress My Tickets plugin
- Plugin
- My Tickets
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-47440
WordPress Twitch Player plugin
- Plugin
- Twitch Player
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25464
WordPress Broadcast Live Video plugin
- Vulnerability
- Remote Code Execution (RCE)
- CVE
- 2023-25699
WordPress WP Dynamic Keywords Injector plugin
- Plugin
- WP Dynamic Keywords Injector
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-47141
WordPress WP Prayer plugin
- Plugin
- WP Prayer
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25705
WordPress WordPress Stripe Donation plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- CVE
- 2022-47422
WordPress Easy Panorama plugin
- Plugin
- Easy Panorama
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-23799
WordPress Inline Tweet Sharer – Twitter Sharing Plugin plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-24005
WordPress Campaign URL Builder plugin
- Plugin
- Campaign URL Builder
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-0538
WordPress Campaign URL Builder plugin
- Plugin
- Campaign URL Builder
- Vulnerability
- Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
WordPress WatchTowerHQ plugin
- Plugin
- WatchTowerHQ
- CVE
- 2023-25701
WordPress Interactive SVG Image Map Builder plugin
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2023-25704
WordPress Plugin Vulnerabilities – No Known Fix
This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin from WordPress to ensure it cannot be exploited.
WordPress Google Maps v3 Shortcode plugin
- Plugin
- Google Maps v3 Shortcode
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23827
WordPress Portfolio Slideshow plugin
- Plugin
- Portfolio Slideshow
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23717
WordPress Simple PDF Viewer plugin
- Plugin
- Simple PDF Viewer
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23817
WordPress Ultimate WP Query Search Filter plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23832
WordPress Theme Tweaker plugin
- Plugin
- Theme Tweaker
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- CVE
- 2023-23713
WordPress Easy Google Analytics for WordPress plugin
- Patched in Version
- No Fix
- CVE
- 2023-23887
WordPress WP Post Rating plugin
- Plugin
- WP Post Rating
- Patched in Version
- No Fix
- CVE
- 2023-25785
- Patched in Version
- No Fix
- CVE
- 2023-23886
WordPress Bing Site Verification plugin using Meta Tag plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23875
WordPress WordPress Custom Settings plugin
- Plugin
- WordPress Custom Settings
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23806
WordPress Exquisite PayPal Donation plugin
- Plugin
- Exquisite PayPal Donation
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23785
WordPress Sitemap Index plugin
- Plugin
- Sitemap Index
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23816
WordPress Sponsors Carousel plugin
- Plugin
- Sponsors Carousel
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23808
WordPress Stock market charts from finviz plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23809
WordPress Circles Gallery plugin
- Plugin
- Circles Gallery
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-23881
WordPress PayGreen plugin
- Plugin
- PayGreen – Ancienne version
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- CVE
- 2023-25986
WordPress WP Resource download management plugin
- Plugin
- WP Resource download management
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25787
WordPress Eyes Only: User Access Shortcode plugin
- Plugin
- Eyes Only: User Access Shortcode
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25786
WordPress Peadig’s Like & Share Button plugin
- Plugin
- Peadig’s Like & Share Button
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25783
WordPress Feed Changer plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25795
WordPress Fontiran plugin
- Patched in Version
- No Fix
- CVE
- 2023-25791
WordPress Nooz plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25794
WordPress Olevmedia Shortcodes plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25798
WordPress WP Open Social plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25792
WordPress Service Area Postcode Checker plugin
- Plugin
- Service Area Postcode Checker
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25782
WordPress Social Login WP plugin
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- CVE
- 2022-38063
WordPress Sticky Ad Bar Plugin plugin
- Plugin
- Sticky Ad Bar Plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25784
WordPress Tapfiliate plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25789
WordPress Upload File Type Settings Plugin plugin
- Plugin
- Upload File Type Settings Plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25781
WordPress vSlider Multi Image Slider for WordPress plugin
- Plugin
- vSlider Multi Image Slider for WordPress
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25797
WordPress WP BaiDu Submit plugin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- CVE
- 2023-25796
WordPress Theme Vulnerabilities
In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.
WordPress Real Estate 7 theme
- Vulnerability
- Cross Site Scripting (XSS)
- CVE
- 2022-47146
WordPress WoodMart theme
- Vulnerability
- Unauth Arbitrary Shortcodes Injection
- CVE
- 2023-25790
Never worry about running a vulnerable plugin or theme again.
As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.
The Best WordPress Security Plugin to Secure & Protect WordPress Sites
WordPress currently powers over 40% of all websites, so it has become a popular target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.
The post WordPress Vulnerability Report – February 22, 2023 appeared first on iThemes.
This content was originally published here.