(855)-537-2266 sales@kerbco.com

Since our last report, 109 new vulnerabilities have been publicly disclosed. Security patches for 57 plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings. Additionally, there is one theme and 52 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are protected by the Solid Security firewall with virtual patches from Patchstack. WordPress Core WordPress 6.3.2 is a Maintenance and Security release issued on October 12. It features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes. Because this is a security release , it is recommended that you apply it and update your sites to WordPress 6.3.2 as soon as possible. Backports are also available for older supported major WordPress releases from version 4.1 onward. The next major release will be version 6.4, expected on 7 November 2023. WordPress Plugins — # Patched / # Unpatched Qi Addons For Elementor Plugin: Qi Addons For Elementor Plugin Slug: qi-addons-for-elementor Installations: 100,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47680 Popup Anything – Popup for opt-ins and Lead Generation Conversions Plugin Slug: popup-anything-on-click Installations: 50,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium WP Logo Showcase Responsive Slider and Carousel Plugin Slug: wp-logo-showcase-responsive-slider-slider Installations: 50,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium WP Maintenance Plugin: WP Maintenance Plugin Slug: wp-maintenance Installations: 40,000+ Vulnerability: Bypass Vulnerability Patched in Version: No Fix Severity Score: Low CVE: 2023-47769 WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin Slug: miniorange-login-openid Installations: 30,000+ Vulnerability: Privilege Escalation Patched in Version: No Fix Severity Score: High CVE: 2023-47683 Pz-LinkCard Plugin: Pz-LinkCard Plugin Slug: pz-linkcard Installations: 30,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: High CVE: 2023-47790 WP Responsive Recent Post Slider/Carousel Plugin Slug: wp-responsive-recent-post-slider Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce Plugin Slug: wp-event-manager Installations: 20,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47697 WP Slick Slider and Image Carousel Plugin Slug: wp-slick-slider-and-image-carousel Installations: 20,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth Plugin: AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth Plugin Slug: aweber-web-form-widget Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47757 Flo Forms – Easy Drag & Drop Form Builder Plugin Slug: flo-forms Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47692 Multi Step Form Plugin: Multi Step Form Plugin Slug: multi-step-form Installations: 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47758 WP News and Scrolling Widgets Plugin Slug: sp-news-and-widget Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium Welcome Email Editor Plugin: Welcome Email Editor Plugin Slug: welcome-email-editor Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47756 WP Blog and Widgets Plugin: WP Blog and Widgets Plugin Slug: wp-blog-and-widgets Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium Footer Putter Plugin: Footer Putter Plugin Slug: footer-putter Installations: 9,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47768 Podlove Web Player Plugin: Podlove Web Player Plugin Slug: podlove-web-player Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47691 WP responsive FAQ with category plugin Plugin Slug: sp-faq Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium EasyAzon – Amazon Associates Affiliate Plugin Plugin Slug: easyazon Installations: 5,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47780 Animator – Scroll Triggered Animations Plugin Slug: scroll-triggered-animations Installations: 4,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47689 Shortcodes Finder Plugin: Shortcodes Finder Plugin Slug: shortcodes-finder Installations: 4,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47695 Korea SNS Plugin: Korea SNS Plugin Slug: korea-sns Installations: 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47670 Permalinks Customizer Plugin: Permalinks Customizer Plugin Slug: permalinks-customizer Installations: 3,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47773 Additional Order Filters for WooCommerce Plugin Slug: additional-order-filters-for-woocommerce Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47690 Featured Post Creative Plugin: Featured Post Creative Plugin Slug: featured-post-creative Installations: 2,000+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium Foyer – Digital Signage for WordPress Plugin Slug: foyer Installations: 2,000+ Vulnerability: Content Injection Patched in Version: No Fix Severity Score: Medium CVE: 2023-47663 Product Enquiry for WooCommerce Plugin Slug: gm-woocommerce-quote-popup Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47696 CodeBard’s Patron Button and Widgets for Patreon Plugin Slug: patron-button-and-widgets-by-codebard Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47765 Plainview Protect Passwords Plugin: Plainview Protect Passwords Plugin Slug: plainview-protect-passwords Installations: 2,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47665 Plainview Protect Passwords Plugin: Plainview Protect Passwords Plugin Slug: plainview-protect-passwords Installations: 2,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47664 Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Plugin Slug: cf7-constant-contact Installations: 1,000+ Vulnerability: Open Redirection Patched in Version: No Fix Severity Score: Medium CVE: 2023-47779 Team Members Showcase Plugin: Team Members Showcase Plugin Slug: dazzlersoft-teams Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-32957 Interactive World Map Plugin: Interactive World Map Plugin Slug: interactive-world-map Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47767 Preloader Matrix Plugin: Preloader Matrix Plugin Slug: matrix-pre-loader Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47685 Post Pay Counter Plugin: Post Pay Counter Plugin Slug: post-pay-counter Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-47673 Woo Custom and Sequential Order Number Plugin Slug: woo-custom-and-sequential-order-number Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47687 WooCommerce Product Enquiry Plugin: WooCommerce Product Enquiry Plugin Slug: woo-product-enquiry Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-32796 Youtube SpeedLoad Plugin: Youtube SpeedLoad Plugin Slug: youtube-speedload Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47688 Mini Cart Drawer For WooCommerce Plugin Slug: woo-mini-cart-drawer Installations: 800+ Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47694 Simply Excerpts Plugin: Simply Excerpts Plugin Slug: simply-excerpts Installations: 400+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-5137 WP Not Login Hide Plugin: WP Not Login Hide Plugin Slug: wp-not-login-hide-wpnlh Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-5940 WP Full Stripe Free Plugin: WP Full Stripe Free Plugin Slug: wp-full-stripe-free Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47667 WP Featured Content and Slider Plugin: WP Featured Content and Slider Plugin Slug: wp-featured-content-and-slide Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium WP Category Post List Widget Plugin: WP Category Post List Widget Plugin Slug: wp-category-posts-list Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47672 Vertical scroll recent post Plugin: Vertical scroll recent post Plugin Slug: vertical-scroll-recent-post Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47671 WooCommerce Product Carousel Slider Plugin: WooCommerce Product Carousel Slider Plugin Slug: product-carousel-slider-for-woocommerce Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47755 LuckyWP Scripts Control Plugin: LuckyWP Scripts Control Plugin Slug: luckywp-scripts-contro Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-47778 Leadster Plugin: Leadster Plugin Slug: leadster-marketing-conversaciona Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: No Fix Severity Score: Medium CVE: 2023-47791 ElementsKit Pro Plugin: ElementsKit Pro Plugin Slug: elementskit Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: Medium CVE: 2023-39993 EasyRotator Plugin: EasyRotator Plugin Slug: easyrotator-for-wordpress Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: Medium CVE: 2023-5742 BSK Contact Form 7 Blacklist Plugin: BSK Contact Form 7 Blacklist Plugin Slug: bsk-contact-form-7-blacklist Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-5141 AMP+ Plus Plugin: AMP+ Plus Plugin Slug: amp-plus Vulnerability: Cross Site Scripting (XSS) Patched in Version: No Fix Severity Score: High CVE: 2023-5210 EWWW Image Optimizer Plugin: EWWW Image Optimizer Plugin Slug: ewww-image-optimizer Installations: 1,000,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 7.2.1 Severity Score: Medium CVE: 2023-40600 WP Fastest Cache Plugin: WP Fastest Cache Plugin Slug: wp-fastest-cache Installations: 1,000,000+ Vulnerability: SQL Injection Patched in Version: 1.2.2 Severity Score: Critical CVE: 2023-6063 Code Snippets Plugin: Code Snippets Plugin Slug: code-snippets Installations: 800,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.6.0 Severity Score: Medium CVE: 2023-47666 Forminator – Contact Form, Payment Form & Custom Form Builder Plugin Slug: forminator Installations: 400,000+ Vulnerability: Arbitrary File Upload Patched in Version: 1.28.0 Severity Score: Medium CVE: 2023-6133 Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Plugin: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Plugin Slug: chaty Installations: 200,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.1.3 Severity Score: Medium CVE: 2023-47759 Simple 301 Redirects by BetterLinks Plugin Slug: simple-301-redirects Installations: 200,000+ Vulnerability: Broken Access Control Patched in Version: 2.0.8 Severity Score: Medium CVE: 2023-47761 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Plugin Slug: essential-blocks Installations: 100,000+ Vulnerability: Broken Access Control Patched in Version: 4.2.1 Severity Score: Medium CVE: 2023-47760 Qi Addons For Elementor Plugin: Qi Addons For Elementor Plugin Slug: qi-addons-for-elementor Installations: 100,000+ Vulnerability: Local File Inclusion Patched in Version: 1.6.4 Severity Score: Medium CVE: 2023-47679 Checkout Field Manager (Checkout Manager) for WooCommerce Plugin Slug: woocommerce-checkout-manager Installations: 100,000+ Vulnerability: Broken Access Control Patched in Version: 7.3.1 Severity Score: Medium CVE: 2023-47681 Brizy – Page Builder Plugin: Brizy – Page Builder Plugin Slug: brizy Installations: 80,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.4.30 Severity Score: High Big File Uploads – Increase Maximum File Upload Size Plugin Slug: tuxedo-big-file-uploads Installations: 80,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.1.2 Severity Score: Medium CVE: 2023-47792 Comments – wpDiscuz Plugin: Comments – wpDiscuz Plugin Slug: wpdiscuz Installations: 80,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 7.6.12 Severity Score: Medium CVE: 2023-47775 Ultimate Dashboard – Custom WordPress Dashboard Plugin Slug: ultimate-dashboard Installations: 60,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.7.8 Severity Score: Medium CVE: 2023-4726 Solid Central – Site Management, Backups, Security, and Reporting Plugin Slug: ithemes-sync Installations: 50,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.0.1 Severity Score: Medium User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Plugin Slug: profile-builder Installations: 50,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.10.4 Severity Score: Medium CVE: 2023-47669 Ditty – Responsive News Tickers, Sliders, and Lists Plugin Slug: ditty-news-ticker Installations: 40,000+ Vulnerability: Broken Access Control Patched in Version: 3.1.25 Severity Score: Medium CVE: 2023-47764 BetterDocs – Best Documentation & Knowledge Base Plugin Plugin Slug: betterdocs Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: 2.5.3 Severity Score: Medium CVE: 2023-47762 Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Plugin Slug: shareaholic Installations: 30,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 9.7.9 Severity Score: Medium CVE: 2023-4889 Ultimate Addons for Contact Form 7 Plugin Slug: ultimate-addons-for-contact-form-7 Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: 3.2.7 Severity Score: High CVE: 2023-47693 WP Custom Admin Interface Plugin: WP Custom Admin Interface Plugin Slug: wp-custom-admin-interface Installations: 30,000+ Vulnerability: Broken Access Control Patched in Version: 7.32 Severity Score: Medium CVE: 2023-47763 Delete Duplicate Posts Plugin: Delete Duplicate Posts Plugin Slug: delete-duplicate-posts Installations: 20,000+ Vulnerability: Broken Access Control Patched in Version: 4.9 Severity Score: Medium CVE: 2023-47754 Ecwid Ecommerce Shopping Cart Plugin Slug: ecwid-shopping-cart Installations: 20,000+ Vulnerability: Broken Access Control Patched in Version: 6.12.4 Severity Score: Medium MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance Plugin Slug: mainwp Installations: 20,000+ Vulnerability: SQL Injection Patched in Version: 4.4.3.4 Severity Score: High CVE: 2023-38519 Welcart e-Commerce Plugin: Welcart e-Commerce Plugin Slug: usc-e-shop Installations: 20,000+ Vulnerability: Arbitrary File Upload Patched in Version: 2.9.5 Severity Score: High WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin Plugin: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin Plugin Slug: wp-user-frontend Installations: 20,000+ Vulnerability: Privilege Escalation Patched in Version: 3.6.6 Severity Score: High CVE: 2023-47682 eCommerce Product Catalog Plugin for WordPress Plugin Slug: ecommerce-product-catalog Installations: 10,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.3.26 Severity Score: Medium Membership Plugin – Restrict Content Plugin Slug: restrict-content Installations: 10,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 3.2.8 Severity Score: Medium CVE: 2023-47668 Japanized For WooCommerce Plugin: Japanized For WooCommerce Plugin Slug: woocommerce-for-japan Installations: 10,000+ Vulnerability: Broken Access Control Patched in Version: 2.6.5 Severity Score: High CVE: 2023-47698 YOP Poll Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification Plugin: Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification Plugin Slug: miniorange-otp-verification Installations: 6,000+ Vulnerability: Broken Access Control Patched in Version: 4.2.2 Severity Score: Medium CVE: 2023-47776 Gift Up Gift Cards for WordPress and WooCommerce Plugin Slug: gift-up Installations: 5,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.20.2 Severity Score: Medium CVE: 2023-5703 Hreflang Manager Plugin: Hreflang Manager Plugin Slug: hreflang-manager-lite Installations: 3,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.0.7 Severity Score: Medium Job Manager & Career – Manage job board listings, and recruitments Plugin Slug: job-manager-career Installations: 2,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 1.4.4 Severity Score: High CVE: 2023-5906 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Plugin Slug: sprout-invoices Installations: 2,000+ Vulnerability: Sensitive Data Exposure Patched in Version: 20.5.4 Severity Score: Medium avalex – Automatisch sichere Rechtstexte Plugin Slug: avalex Installations: 1,000+ Vulnerability: Broken Access Control Patched in Version: 3.0.9 Severity Score: Medium Arigato Autoresponder and Newsletter Plugin Slug: bft-autoresponder Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.7.2.3 Severity Score: Medium CVE: 2023-47686 Martins Free & Easy SEO BackLink Link Building Network – Improve Rankings & Traffic Plugin Slug: martins-link-network Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.2.30 Severity Score: High CVE: 2023-5641 Frontend File Manager Plugin Plugin: Frontend File Manager Plugin Plugin Slug: nmedia-user-file-uploader Installations: 1,000+ Vulnerability: Arbitrary File Download Patched in Version: 22.6 Severity Score: Critical CVE: 2023-5105 Website Optimization – Plerdy Plugin Slug: plerdy-heatmap Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.3.3 Severity Score: Medium CVE: 2023-5715 Post Status Notifier Lite Plugin: Post Status Notifier Lite Plugin Slug: post-status-notifier-lite Installations: 1,000+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 1.11.1 Severity Score: High CVE: 2023-47766 Product Catalog Simple Plugin: Product Catalog Simple Plugin Slug: post-type-x Installations: 1,000+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 1.7.6 Severity Score: Medium Bus Ticket Booking with Seat Reservation Plugin Slug: bus-ticket-booking-with-seat-reservation Installations: 900+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 5.2.6 Severity Score: High CVE: 2023-30496 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin Slug: wp-courses Installations: 700+ Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 3.2.4 Severity Score: Medium WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin Slug: wp-courses Installations: 700+ Vulnerability: Broken Access Control Patched in Version: 3.2.4 Severity Score: Medium WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses Plugin Slug: wp-courses Installations: 700+ Vulnerability: Broken Access Control Patched in Version: 3.2.4 Severity Score: High Namaste! LMS Plugin: Namaste! LMS Plugin Slug: namaste-lms Installations: 600+ Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.6.1.2 Severity Score: High CVE: 2023-4602 Image Compressor & Optimizer – iLoveIMG Plugin Slug: iloveimg Installations: 100+ Vulnerability: PHP Object Injection Patched in Version: 1.0.6 Severity Score: Medium WooCommerce Canada Post Shipping Plugin: WooCommerce Canada Post Shipping Plugin Slug: woocommerce-shipping-canada-post Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.8.4 Severity Score: Medium CVE: 2023-47789 WooCommerce Bookings Plugin: WooCommerce Bookings Plugin Slug: woocommerce-bookings Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 2.0.4 Severity Score: Medium CVE: 2023-47787 Star CloudPRNT for WooCommerce Plugin: Star CloudPRNT for WooCommerce Plugin Slug: star-cloudprnt-for-woocommerce Vulnerability: Cross Site Scripting (XSS) Patched in Version: 2.0.4 Severity Score: High CVE: 2023-4603 Slider Revolution Plugin: Slider Revolution Plugin Slug: revslider Vulnerability: Cross Site Scripting (XSS) Patched in Version: 6.6.15 Severity Score: Medium CVE: 2023-47772 Slider Revolution Plugin: Slider Revolution Plugin Slug: revslider Vulnerability: Arbitrary File Upload Patched in Version: 6.6.16 Severity Score: High CVE: 2023-47784 LayerSlider Plugin: LayerSlider Plugin Slug: layerslider Vulnerability: Cross Site Request Forgery (CSRF) Patched in Version: 7.7.10 Severity Score: High CVE: 2023-47785 LayerSlider Plugin: LayerSlider Plugin Slug: layerslider Vulnerability: Cross Site Scripting (XSS) Patched in Version: 7.7.10 Severity Score: Medium CVE: 2023-47786 Essential Grid Plugin: Essential Grid Plugin Slug: essential-grid Vulnerability: Cross Site Scripting (XSS) Patched in Version: 3.1.1 Severity Score: High CVE: 2023-47684 Essential Grid Plugin: Essential Grid Plugin Slug: essential-grid Vulnerability: Broken Access Control Patched in Version: 3.0.19 Severity Score: High CVE: 2023-47771 WordPress Themes — # Patched / # Unpatched Themify Ultra Theme: Themify Ultra Theme Slug: themify-ultra Vulnerability: Broken Access Control Patched in Version: No Fix Severity Score: High CVE: 2023-46146 Solid Security is part of Solid Suite — The best foundation for WordPress websites. Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite! Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up now — Get SolidWP updates and valuable content straight to your inbox Sign up Get started with confidence — risk free, guaranteed

This content was originally published here.