(855)-537-2266 sales@kerbco.com

Since last week, 329 total vulnerabilities emerged in public disclosure. They may affect over 7 million WordPress sites. There are 209 plugin vulnerabilities and 18 theme vulnerabilities with security patches, so run those updates!

Additionally, there are 66 plugin vulnerabilities and 36 theme vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.

Such an unusually high number of vulnerability reports is due to outdated versions of many plugins and themes that may use a common third-party dependency, Freemius’ WordPress SDK 2.5.9. Please see the Freemius WordPress SDK 2.5.9 Security Disclosure for more details.

New Today: Patchstack lists multiple high-severity vulnerabilities in the Ninja Forms plugin, potentially affecting 900k active WordPress sites. These vulnerabilities include a POST-based reflected XSS and broken access control on the form submissions export feature. Please update to version 3.6.26.

WordPress Core Vulnerabilities — Patched

  • No new WordPress core vulnerabilities were disclosed this week.

WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.

These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.

WordPress Plugin Vulnerabilities — Patched

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, representing the largest target for attackers.

The Events Calendar

Product image for The Events Calendar.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 6.1.0.

WP Activity Log

Product image for WP Activity Log.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 4.4.3.

Elementor Addon Elements

Product image for Elementor Addon Elements.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.12.

CAPTCHA 4WP

Product image for CAPTCHA 4WP.

Plugin
CAPTCHA 4WP
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 7.0.6.

Blocksy Companion

Product image for Blocksy Companion.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.8.47.

Meta Tag Manager

Product image for Meta Tag Manager.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.1.

TI WooCommerce Wishlist

Product image for TI WooCommerce Wishlist.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.7.0.

AnyWhere Elementor

Product image for AnyWhere Elementor.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.8.

Easy Watermark

Product image for Easy Watermark.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.7.

Simple Author Box

Product image for Simple Author Box.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.4.

Stop User Enumeration

Product image for Stop User Enumeration.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.4.0.

Cost Calculator Builder

Product image for Cost Calculator Builder.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.3.3.

Divi Carousel Lite

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.12.

WP Google Review Slider

Product image for WP Google Review Slider.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 12.6.

DiviTorque – Divi Theme, Divi Builder and Extra Theme

Product image for Divi Torque Lite.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.6.0.

New User Approve

Product image for New User Approve.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.5.1.

HP Everywhere

Product image for PHP Everywhere.

Vulnerability
Remote Code Execution (RCE)
The vulnerability has been patched, so you should update to version 3.0.0.

PHP Everywhere

Product image for PHP Everywhere.

Vulnerability
Remote Code Execution (RCE)
The vulnerability has been patched, so you should update to version 3.0.0.

PHP Everywhere

Product image for PHP Everywhere.

Vulnerability
Remote Code Execution (RCE)
The vulnerability has been patched, so you should update to version 3.0.0.

Media Library Categories

Product image for Media Library Categories.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.1.

WP to Twitter

Product image for WP to Twitter.

Plugin
WP to Twitter
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.3.0.

Seo Optimized Images

Product image for Seo Optimized Images.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.1.

WP News and Scrolling Widgets

Product image for WP News and Scrolling Widgets.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 4.2.

Stop WP Emails Going to Spam

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

WP Review Slider

Product image for WP Review Slider.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.6.

WP Mail Log

Product image for WP Mail Log.

Plugin
WP Mail Log
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.1.

ACF Frontend – Add and edit posts, pages, users and more all from the frontend

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.8.0.

Salon booking system

Product image for Salon booking system.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 8.4.9.

Easy Photography Portfolio

Product image for Easy Photography Portfolio.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.4.9.

ACF-VC Integrator

Product image for ACF-VC Integrator.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.1.

AnyComment

Product image for AnyComment.

Plugin
AnyComment
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 0.0.99.

Search Console

Product image for Search Console.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.2.2.

Image Carousel For Divi

Product image for Image Carousel For Divi.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.6.1.

Market Exporter

Product image for Market Exporter.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.19.

Share This Image

Product image for Share This Image.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.81.

Pay For Post with WooCommerce

Product image for Pay For Post with WooCommerce.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.1.11.

360 Javascript Viewer

Product image for 360 Javascript Viewer.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.5.3.

Activity Log For MainWP

Product image for Activity Log For MainWP.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

Church Admin

Product image for Church Admin.

Plugin
Church Admin
Vulnerability
Server Side Request Forgery (SSRF)
The vulnerability has been patched, so you should update to version 3.8.0.

WordPress Team Members – GS Plugins

Product image for Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.2.2.

Remove Duplicate Posts

Product image for Remove Duplicate Posts.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.

SV Proven Expert

Product image for SV Proven Expert.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

SV Tracking Manager

Product image for SV Tracking Manager.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

GraphComment Comment system

Product image for GraphComment Comment system.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.3.5.

Terms & Conditions Per Product

Product image for Terms & Conditions Per Product.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.6.

Embed Video Thumbnail

Product image for Embed Video Thumbnail.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.1.

FormsCRM

Product image for FormsCRM.

Plugin
FormsCRM
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.6.

WPEventPartners Demo Import

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.4.

BuddyForms Ultimate Member

Product image for BuddyForms Ultimate Member.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.8.

Gift Message for WooCommerce

Product image for Gift Message for WooCommerce.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.7.5.

Ultimate LinkedIn Integration

Product image for Ultimate LinkedIn Integration.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.

Shipping for Nova Poshta

Product image for Shipping for Nova Poshta.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.8.1.

Spice Blocks

Plugin
Spice Blocks
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.

2MB Autocode

Plugin
2MB Autocode
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.6.

Checkbox

Product image for Checkbox.

Plugin
Checkbox
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 0.8.5.

Content Blocks Builder

Product image for Content Blocks Builder.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.3.17.

RSS Control

Product image for RSS Control.

Plugin
RSS Control
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.0.8.

Simple Tour Guide

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.6.

WP SPID Italia

Product image for WP SPID Italia.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.5.

Coming Soon Master

Product image for Coming Soon Master.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.

EthereumICO

Plugin
EthereumICO
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.4.4.

Files Download Delay

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.9.

Stellar Places

Product image for Stellar Places.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.

Subaccounts for WooCommerce

Product image for Subaccounts for WooCommerce.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.4.0.

WN Flipbox Pro

Product image for WN Flipbox Pro.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.1.
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.6.3.

WP Tools Divi Blog Carousel

Product image for WP Tools Divi Blog Carousel.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.3.1.

Ultimate Custom ScrollBar

Product image for Ultimate Custom ScrollBar.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.

WPGutenBlog Demo Import

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.3.

SV100 Companion

Product image for SV100 Companion.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

Variable Inspector

Product image for Variable Inspector.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.4.0.

Stripe Express

Product image for Stripe Express.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.12.1.

Simple blueprint installer

Product image for Simple blueprint installer.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.2.

Import Holded for WooCommerce or Easy Digital Downloads

Product image for Connect WooCommerce Holded.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.

Order Picking For WooCommerce

Product image for Order Picking For WooCommerce.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.2.

SV Forms

Product image for SV Forms.

Plugin
SV Forms
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.02.

SV Posts

Product image for SV Posts.

Plugin
SV Posts
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

WP Table Pixie

Product image for WP Table Pixie.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.0.

CF7 ReCaptcha Mine

Product image for CF7 ReCaptcha Mine.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

Convoworks WP

Product image for Convoworks WP.

Plugin
Convoworks WP
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 0.22.15.

Custom Welcome Guide

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.9.

SV Columns Manager

Product image for SV Columns Manager.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

Divi Testimonial Plus

Product image for Divi Testimonial Plus.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 6.1.1.

WP Signals

Product image for WP Signals.

Plugin
WP Signals
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

BuddyForms Anonymous Author

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.

BuddyForms Attach Post with Group

Plugin
BuddyForms Attach Post with Group
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.3.

BuddyForms Hierarchical Posts

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.4.

BuddyForms Posts 2 Posts

Plugin
BuddyForms Posts 2 Posts
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.

BuddyForms Remote

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.5.

Caldera Forms

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.7.5.1.

Simple Freemius Shop

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

Convert Pro

The vulnerability has been patched, so you should update to version 1.7.6.
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.201903272301.

DEV.LAND

Product image for DEV.LAND.

Plugin
DEV.LAND
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.0.5.

Expandable Paywall

Product image for Expandable Paywall.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.17.

External Media Upload

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 0.4.

Frontend Admin – Add and edit posts, pages, users and more all from the frontend

Plugin
Frontend Admin – Add and edit posts, pages, users and more all from the frontend
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.8.0.

Gallery Bank

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 4.0.19.

Map Plugin alternative to Google Maps using MapQuest, with directions

Plugin
Map Plugin alternative to Google Maps using MapQuest, with directions
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.16.2.

Information for help

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 0.0.3.

Google Maps Plugin by Intergeo

Plugin
Google Maps Plugin by Intergeo
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.6.

Oxygen Builder

Vulnerability
Cross Site Request Forgery (CSRF)
The vulnerability has been patched, so you should update to version 4.4.

Popups

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.8.

Remove WP Update Nags

Plugin
Remove WP Update Nags
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.5.0.

SV Media Library

Product image for SV Media Library.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.00.

BuddyPress Groups Integration for WooCommerce

Plugin
BuddyPress Groups Integration for WooCommerce
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.1.

WP Cloud Server

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.0.

WP Native Articles – Instant Articles Plugin for WordPress

Plugin
WP Native Articles – Instant Articles Plugin for WordPress
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.0.

Schema Pro

Vulnerability
Cross Site Request Forgery (CSRF)
The vulnerability has been patched, so you should update to version 2.7.8.

WP Scrive by Webbstart

Plugin
WP Scrive by Webbstart
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.4.

WPCasa Mail Alert

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 3.3.0.

WordPress Plugin Vulnerabilities — Unpatched

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WPS Limit Login

Product image for WPS Limit Login.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Custom Field Template

Product image for Custom Field Template.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

WP-CopyProtect [Protect your blog posts]

Product image for WP-CopyProtect [Protect your blog posts].

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Elastic Email Sender

Product image for Elastic Email Sender.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

GTmetrix for WordPress

Product image for GTmetrix for WordPress.

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Art Decoration Shortcode

Product image for Art Decoration Shortcode.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Banner Management For WooCommerce

Product image for Banner Management For WooCommerce.

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Fraud Prevention For Woocommerce

Product image for Fraud Prevention For Woocommerce.

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Google Map Shortcode

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

MultiParcels Shipping For WooCommerce

Product image for MultiParcels Shipping For WooCommerce.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Server Info

Product image for Server Info.

Plugin
Server Info
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Language

Product image for WordPress Language.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

WP Emoji One

Product image for WP Emoji One.

Plugin
WP Emoji One
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

WP Quick Post Duplicator

Product image for WP Quick Post Duplicator.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Booster Elementor Addons

Product image for Booster Elementor Addons.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Instant CSS

Product image for Instant CSS.

Plugin
Instant CSS
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Simple Googlebot Visit

Product image for Simple Googlebot Visit.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

WRC Pricing Tables

Product image for WRC Pricing Tables.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Audio Player with Playlist Ultimate

Product image for Audio Player with Playlist Ultimate.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Client Portal : SuiteDash Direct Login

Product image for Client Portal : SuiteDash Direct Login.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Go Fetch Jobs (for WP Job Manager)

Product image for Go Fetch Jobs (for WP Job Manager).

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Mobile Address Bar Changer

Product image for Mobile Address Bar Changer.

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Perelink Pro

Plugin
Perelink Pro
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Post List With Featured Image

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Post Affiliate Pro

Product image for Post Affiliate Pro.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Remove Duplicate Posts

Product image for Remove Duplicate Posts.

Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Taboola

Product image for Taboola.

Plugin
Taboola
Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Exifography

Product image for Exifography.

Plugin
Exifography
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Post Connector

Product image for Post Connector.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Smarty for WordPress

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Gestion-Pymes

Product image for Gestion-Pymes.

Plugin
Gestion-Pymes
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Delivery Date Premium

Product image for Woocommerce Delivery Date Premium.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

bbResolutions

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

BlogPost – BlogPost Widgets – Amazing Blog Layouts

Plugin
BlogPost – BlogPost Widgets – Amazing Blog Layouts
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

CF7 Constant Contact Fields Mapping

Plugin
CF7 Constant Contact Fields Mapping
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Clone Menu

Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

DancePress (TRWA)

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

DeMomentSomTres Immediate Send

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Disabler

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Easy Call Now Button by elixirs.io

Plugin
WordPress Easy Call Now Button by elixirs.io
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Extend Filter Products By Price Widget

Plugin
Extend Filter Products By Price Widget
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Easy Responsive Pricing Tables

Plugin
Easy Responsive Pricing Tables
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Jupiter X Core

Patched in Version
No Fix
CVE
2023-3813
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Logger

Product image for WP Logger.

Plugin
WP Logger
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

LWS Affiliation

Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Menu Item Scheduler

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Protect Uploads with Login – Protect Your Uploads

Plugin
Protect Uploads with Login – Protect Your Uploads
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Quasar form

Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Role Based Bulk Quantity Pricing

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Page Builder for Gutenberg – StarterBlocks

Plugin
Page Builder for Gutenberg – StarterBlocks
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

tagDiv Composer

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched. You should deactivate the plugin.

Ultra Elementor Addons

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Auto SEO Plugin – Upfiv SEO Wizard

Plugin
WordPress Auto SEO Plugin – Upfiv SEO Wizard
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

User Email Verification for WooCommerce

Plugin
User Email Verification for WooCommerce
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP-FlyBox

Vulnerability
Cross Site Request Forgery (CSRF)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WooCommerce Sync for Google Sheet

Plugin
WordPress WooCommerce Sync for Google Sheet
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information we provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you must find an alternative theme. Deactivate and delete persistently unpatched themes and those marked “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, delete it.

Bootstrap Blog

Product image for Bootstrap Blog.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 10.2.3.

Ona

Product image for Ona.

Theme
Ona
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.18.3.

Yuki

Product image for Yuki.

Theme
Yuki
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Techism

Product image for Techism.

Theme
Techism
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Chic Lifestyle

Product image for Chic Lifestyle.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 10.0.8.

Lifestyle Magazine

Product image for Lifestyle Magazine.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 10.2.1.

SalesZone

Product image for SalesZone.

Theme
SalesZone
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Travel Tour

Product image for Travel Tour.

Theme
Travel Tour
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.0.

Brand

Product image for Brand.

Theme
Brand
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

WP Sierra

Product image for WP Sierra.

Theme
WP Sierra
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Eighteen tags

Product image for Eighteen tags.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Hasium

Product image for Hasium.

Theme
Hasium
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Broadcast Lite

Product image for Broadcast Lite.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.0.8.

Salzburg Blog

Product image for Salzburg Blog.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Everse

Product image for Everse.

Theme
Everse
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.8.12.

Speculor

Product image for Speculor.

Theme
Speculor
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Meridia

Product image for Meridia.

Theme
Meridia
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 2.2.8.

Aquarella Lite

Product image for Aquarella Lite.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Consultpress Lite

Product image for ConsultPress Lite.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Topcat Lite

Product image for Topcat Lite.

Theme
Topcat Lite
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Shuban

Product image for Shuban.

Theme
Shuban
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Purus

Product image for Purus.

Theme
Purus
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Elation

Product image for Elation.

Theme
Elation
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

GutenBook

Product image for GutenBook.

Theme
GutenBook
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Chained

Product image for Chained.

Theme
Chained
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Elasta

Product image for Elasta.

Theme
Elasta
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.9.

Purosa

Product image for Purosa.

Theme
Purosa
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.3.
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

WPCake

Product image for WPCake.

Theme
WPCake
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Nokke

Product image for Nokke.

Theme
Nokke
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.4.

Arendelle

Product image for Arendelle.

Theme
Arendelle
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.13.

PixiGo

Product image for PixiGo.

Theme
PixiGo
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

WP Moose

Product image for WP Moose.

Theme
WP Moose
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

G Blog

Product image for G Blog.

Theme
G Blog
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

NicheBase

Product image for NicheBase.

Theme
NicheBase
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.2.3.

Cuisine Palace

Product image for Cuisine Palace.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Amela

Product image for Amela.

Theme
Amela
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.14.

Agncy

Product image for Agncy.

Theme
Agncy
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Travel Agency Booking

Product image for Travel Agency Booking.

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Bootstrap Fitness

Product image for Bootstrap Fitness.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.6.

Bootstrap Coach

Product image for Bootstrap Coach.

Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.2.

Blockst

Product image for Blockst.

Theme
Blockst
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.0.9.

Relax Spa

Product image for Relax Spa.

Theme
Relax Spa
Vulnerability
Cross Site Scripting (XSS)
The vulnerability has been patched, so you should update to version 1.1.1.

Villar

Product image for Villar.

Theme
Villar
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

BlogHub

Product image for BlogHub.

Theme
BlogHub
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Viralike

Product image for Viralike.

Theme
Viralike
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

NewsHit

Product image for NewsHit.

Theme
NewsHit
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Simplifii

Product image for Simplifii.

Theme
Simplifii
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Roven Blog

Product image for Roven Blog.

Theme
Roven Blog
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Krste

Product image for Krste.

Theme
Krste
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Unakit

Product image for Unakit.

Theme
Unakit
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Temp Mail X

Product image for Temp Mail X.

Theme
Temp Mail X
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Rovenstart

Product image for Rovenstart.

Theme
Rovenstart
Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Bani

Vulnerability
Cross Site Scripting (XSS)
Patched in Version
No Fix
The vulnerability has not been patched. You should switch themes.

Never worry about running a vulnerable plugin or theme again.

As you can see from this report, new WordPress plugin and theme vulnerabilities are disclosed every week. We know it can be difficult to stay on top of every reported vulnerability disclosure that matters to you, so the Themes Security Pro plugin makes it easy to ensure your site isn’t running a vulnerable theme, plugin, or version of WordPress core.

The post WordPress Vulnerability Report – July 27, 2023 appeared first on iThemes.

This content was originally published here.