PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Vulnerability Report — Feb 1 2025

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.


WordPress Plugins — 183 Patched / 42 Unpatched

 Product Size Charts Plugin for WooCommerce

Plugin Slug:woo-advanced-product-size-chart
Installations30,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

 Scroll Styler

Plugin Slug:scroll-styler
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Broadstreet

Plugin Slug:broadstreet
Installations700+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Designer – Elementor Addons

Plugin Slug:designer
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.
Plugin Slug:internal-link-builder
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Estatebud – Properties & Listings

Plugin Slug:estatebud-properties-listings
Installations90+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Linear

Plugin:Linear
Plugin Slug:linear
Installations70+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 1003 Mortgage Application

Plugin:1003 Mortgage Application
Plugin Slug:1003-mortgage-application
Vulnerability:Sensitive Data Exposure
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 ABC Notation

Plugin:ABC Notation
Plugin Slug:abc-notation
Vulnerability:Arbitrary File Download
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Altra Side Menu

Plugin:Altra Side Menu
Plugin Slug:altra-side-menu
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Altra Side Menu

Plugin:Altra Side Menu
Plugin Slug:altra-side-menu
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 AnyRoad

Plugin:AnyRoad
Plugin Slug:anyguide
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Ask Me Anything (Anonymously)

Plugin:Ask Me Anything (Anonymously)
Plugin Slug:ask-me-anything-anonymously
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Automate Hub

Plugin:Automate Hub
Plugin Slug:automate-hub-free-by-sperse-io
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Automate Hub

Plugin:Automate Hub
Plugin Slug:automate-hub-free-by-sperse-io
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 BMLT Meeting Map

Plugin:BMLT Meeting Map
Plugin Slug:bmlt-meeting-map
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 brodos.net Onlineshop Plugin

Plugin:brodos.net Onlineshop Plugin
Plugin Slug:brodos-net-onlineshop
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Connections

Plugin:Connections
Plugin Slug:connections1
Vulnerability:Arbitrary File Deletion
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Dental Optimizer Patient Generator App

Plugin:Dental Optimizer Patient Generator App
Plugin Slug:dental-optimizer-patient-generator-app
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Dyn Business Panel

Plugin:Dyn Business Panel
Plugin Slug:dyn-business-panel
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Dyn Business Panel

Plugin:Dyn Business Panel
Plugin Slug:dyn-business-panel
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Easy Real Estate

Plugin:Easy Real Estate
Plugin Slug:easy-real-estate
Vulnerability:Privilege Escalation
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.

 Etsy Importer

Plugin:Etsy Importer
Plugin Slug:etsy-importer
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Fare Calculator

Plugin:Fare Calculator
Plugin Slug:fare-calculator
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 FlashCounter

Plugin:FlashCounter
Plugin Slug:flashcounter
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Post Title (TypeWriter)

Plugin:Post Title (TypeWriter)
Plugin Slug:flashnews-typewriter-pearlbells
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.

 Full Circle

Plugin:Full Circle
Plugin Slug:full-circle
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Issuu Panel

Plugin:Issuu Panel
Plugin Slug:issuu-panel
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.
Plugin:Masy Gallery
Plugin Slug:masy-gallery
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 NOTICE BOARD BY TOWKIR

Plugin:NOTICE BOARD BY TOWKIR
Plugin Slug:notice-board-by-towkir
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 WordPress SEO Friendly Accordion FAQ

Plugin:WordPress SEO Friendly Accordion FAQ
Plugin Slug:notice-faq
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 Post Carousel Slider

Plugin:Post Carousel Slider
Plugin Slug:post-carousel-slider
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Power Ups for Elementor

Plugin:Power Ups for Elementor
Plugin Slug:power-ups-for-elementor
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 PPO Call To Actions

Plugin:PPO Call To Actions
Plugin Slug:ppo-call-to-actions
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 SEO Blogger to WordPress Migration using 301 Redirection

Plugin:SEO Blogger to WordPress Migration using 301 Redirection
Plugin Slug:seo-blogger-to-wordpress-301-redirector
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Social Share Buttons for WordPress

Plugin:Social Share Buttons for WordPress
Plugin Slug:share-buttons
Vulnerability:Path Traversal
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 WP All Import Pro

Plugin:WP All Import Pro
Plugin Slug:wp-all-import-pro
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 WP Contact Form7 Email Spam Blocker

Plugin:WP Contact Form7 Email Spam Blocker
Plugin Slug:wp-contact-form7-email-spam-blocker
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 WP Triggers Lite

Plugin:WP Triggers Lite
Plugin Slug:wp-triggers-lite
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 WP Triggers Lite

Plugin:WP Triggers Lite
Plugin Slug:wp-triggers-lite
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

 Starter Templates — Elementor, WordPress & Beaver Builder Templates

 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

 The Events Calendar

Plugin Slug:the-events-calendar
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:6.9.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 6.9.1.

 Page Builder Gutenberg Blocks – CoBlocks

Plugin Slug:coblocks
Installations400,000+
Vulnerability:Broken Access Control
Patched in Version:3.1.14
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.14.

 ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

 Gutenberg Blocks with AI by Kadence WP – Page Builder Features

 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

 WP Go Maps (formerly WP Google Maps)

Plugin Slug:wp-google-maps
Installations300,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:9.0.41
Severity Score:Medium
The vulnerability has been patched, so you should update to version 9.0.41.

 Call Now Button – The #1 Click to Call Button for WordPress

 Page Builder: Pagelayer – Drag and Drop website builder

 Post Duplicator

Plugin Slug:post-duplicator
Installations200,000+
Vulnerability:Broken Access Control
Patched in Version:2.36
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.36.

 Admin and Site Enhancements (ASE)

Plugin Slug:admin-site-enhancements
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:7.6.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.6.3.

 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)

 Stackable – Page Builder Gutenberg Blocks

Plugin Slug:stackable-ultimate-gutenberg-blocks
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.13.12
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.13.12.

 String locator

Plugin Slug:string-locator
Installations100,000+
Vulnerability:PHP Object Injection
Patched in Version:2.6.7
Severity Score:High
The vulnerability has been patched, so you should update to version 2.6.7.

 LearnPress – WordPress LMS Plugin

Plugin Slug:learnpress
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.7.5.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.7.5.1.

 LearnPress – WordPress LMS Plugin

Plugin Slug:learnpress
Installations90,000+
Vulnerability:Open Redirection
Patched in Version:4.2.7.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.7.2.

 List category posts

Plugin Slug:list-category-posts
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.90.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.90.3.

 Nested Pages

Plugin Slug:wp-nested-pages
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.2.10
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.10.

 Import and export users and customers

Plugin Slug:import-users-from-csv-with-meta
Installations70,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.27.13
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.27.13.

 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

 Better Find and Replace

Plugin Slug:real-time-auto-find-and-replace
Installations50,000+
Vulnerability:Privilege Escalation
Patched in Version:1.6.8
Severity Score:High
The vulnerability has been patched, so you should update to version 1.6.8.

 WP-Polls

Plugin:WP-Polls
Plugin Slug:wp-polls
Installations50,000+
Vulnerability:SQL Injection
Patched in Version:2.77.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.77.3.

 Social Share, Social Login and Social Comments Plugin – Super Socializer

Plugin Slug:wow-carousel-for-divi-lite
Installations30,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.0.

 WP Visitor Statistics (Real Time Traffic)

Plugin Slug:wp-stats-manager
Installations30,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.3.

 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

 Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA

 IP2Location Country Blocker

Plugin Slug:ip2location-country-blocker
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.38.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.38.4.

 RomethemeKit For Elementor

Plugin Slug:rometheme-for-elementor
Installations20,000+
Vulnerability:Broken Access Control
Patched in Version:1.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.3.

 Simple Download Monitor

Plugin Slug:simple-download-monitor
Installations20,000+
Vulnerability:SQL Injection
Patched in Version:3.9.26
Severity Score:High
The vulnerability has been patched, so you should update to version 3.9.26.

 Thim Elementor Kit

Plugin Slug:thim-elementor-kit
Installations20,000+
Vulnerability:Broken Access Control
Patched in Version:1.2.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.9.

 PPOM – Product Addons & Custom Fields for WooCommerce

 Contact Form Email

Plugin Slug:contact-form-to-email
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.53
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.53.

 WP Customer Area

Plugin Slug:customer-area
Installations10,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:8.2.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 8.2.5.

 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress

 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress

 AI Power: Complete AI Pack

Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:1.8.97
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.8.97.

 AI Power: Complete AI Pack

Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.8.97
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.8.97.

 AI Power: Complete AI Pack

Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:PHP Object Injection
Patched in Version:1.8.97
Severity Score:High
The vulnerability has been patched, so you should update to version 1.8.97.

 Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

 AI Chatbot for WordPress – Hyve Lite

Plugin Slug:hyve-lite
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.3.

 JSM Show Post Metadata

Plugin Slug:jsm-show-post-meta
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:4.6.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.6.1.
Plugin Slug:link-library
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.7.3
Severity Score:High
The vulnerability has been patched, so you should update to version 7.7.3.

 Modal Window – create popup modal window

Plugin Slug:modal-window
Installations10,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:6.1.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 6.1.5.

 Membership Plugin – Restrict Content

Plugin Slug:restrict-content
Installations10,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:3.2.14
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.14.
Plugin Slug:seo-automated-link-building
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.3.

 WooCommerce Product Table Lite

Plugin Slug:wc-product-table-lite
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:3.9.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.9.0.

 Countdown Timer – Widget Countdown

Plugin Slug:widget-countdown
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.7.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.7.2.

 Export All Posts, Products, Orders, Refunds & Users

 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

 Essential Real Estate

Plugin Slug:essential-real-estate
Installations9,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:5.1.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.1.9.

 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

 Sticky Buttons – floating buttons builder

Plugin Slug:sticky-buttons
Installations8,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.1.2.

 VikBooking Hotel Booking Engine & PMS

Plugin Slug:vikbooking
Installations8,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.7.3
Severity Score:High
The vulnerability has been patched, so you should update to version 1.7.3.

 WP Hotel Booking

Plugin Slug:wp-hotel-booking
Installations8,000+
Vulnerability:Broken Access Control
Patched in Version:2.1.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.7.

 Xagio SEO

Plugin:Xagio SEO
Plugin Slug:xagio-seo
Installations7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.0.0.21
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.0.0.21.

 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

 Side Menu Lite – add sticky fixed buttons

Plugin Slug:side-menu-lite
Installations6,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:5.3.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.3.2.

 Super block slider – Responsive image & content slider

 Themify Builder

Plugin Slug:themify-builder
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.6.7
Severity Score:High
The vulnerability has been patched, so you should update to version 7.6.7.

 Button Generator – easily Button Builder

Plugin Slug:button-generation
Installations5,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.2.

 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

 ElementInvader Addons for Elementor

Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.4.

 ElementInvader Addons for Elementor

Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Broken Access Control
Patched in Version:1.3.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.2.

 ElementInvader Addons for Elementor

Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.1.

 Variation Swatches for WooCommerce

Plugin Slug:th-variation-swatches
Installations5,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.3.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.3.

 Custom Product Tabs Lite for WooCommerce

Plugin Slug:woocommerce-custom-product-tabs-lite
Installations5,000+
Vulnerability:PHP Object Injection
Patched in Version:1.9.1
Severity Score:High
The vulnerability has been patched, so you should update to version 1.9.1.

 Import WP – Export and Import CSV and XML files to WordPress

 Popup Box: Create Popups Easily

Plugin Slug:popup-box
Installations4,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.2.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.5.

 RSVP and Event Management

Plugin Slug:rsvp
Installations4,000+
Vulnerability:SQL Injection
Patched in Version:2.7.15
Severity Score:High
The vulnerability has been patched, so you should update to version 2.7.15.

 Premium Packages – Sell Digital Products Securely

 XML for Google Merchant Center

Plugin Slug:xml-for-google-merchant-center
Installations4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0.12
Severity Score:High
The vulnerability has been patched, so you should update to version 3.0.12.

 HelloAsso

Plugin:HelloAsso
Plugin Slug:helloasso
Installations3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.12
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.12.

 Multiple Page Generator Plugin – MPG

Plugin Slug:multiple-pages-generator-by-porthas
Installations3,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:4.0.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.0.6.

 Patreon WordPress

Plugin Slug:patreon-connect
Installations3,000+
Vulnerability:Broken Access Control
Patched in Version:1.9.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.9.2.

 Paytium: Mollie payment forms & donations

Plugin Slug:paytium
Installations3,000+
Vulnerability:Full Path Disclosure (FPD)
Patched in Version:4.4.12
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.4.12.

 Ultimate Coming Soon & Maintenance

Plugin Slug:ultimate-coming-soon
Installations3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.0.

 Ultimate Coming Soon & Maintenance

Plugin Slug:ultimate-coming-soon
Installations3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.0.

 Auction Nudge – Your eBay on Your Site

Plugin Slug:auction-nudge
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.2.1.

 Chained Quiz

Plugin Slug:chained-quiz
Installations2,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.3.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.3.

 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site

 Email Subscription Popup

Plugin Slug:email-subscribe
Installations2,000+
Vulnerability:SQL Injection
Patched in Version:<= 1.2.24
Severity Score:High
The vulnerability has been patched, so you should update to version <= 1.2.24.

 Social Proof Popups & Real-Time Notifications – Herd Effects

 Plethora Plugins Tabs + Accordions

Plugin Slug:plethora-tabs-accordions
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.

 Plethora Plugins Tabs + Accordions

Plugin Slug:plethora-tabs-accordions
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.1.

 Comment Edit Core – Simple Comment Editing

Plugin Slug:simple-comment-editing
Installations2,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:3.1.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.0.

 Product Table by WBW

Plugin Slug:woo-product-tables
Installations2,000+
Vulnerability:SQL Injection
Patched in Version:2.1.3
Severity Score:Critical
The vulnerability has been patched, so you should update to version 2.1.3.

 WooCommerce Quick View

Plugin Slug:woo-quick-view
Installations2,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.1.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.3.

 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

 Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

 Visual Website Collaboration, Feedback & Project Management – Atarim

 Bubble Menu – Sticky Navigation with Floating Button Menu Solution

 Event post

Plugin:Event post
Plugin Slug:event-post
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.9.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.9.8.

 Flexmls® IDX Plugin

Plugin Slug:flexmls-idx
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.14.27
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.14.27.

 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin

Plugin Slug:ninja-gdpr-compliance
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:2.7.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.7.2.

 GoHero Store Customizer for WooCommerce

Plugin Slug:personalize-woocommerce-cart-page
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:4.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.0.

 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates

 Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates

 Save as PDF Plugin by Pdfcrowd

Plugin Slug:save-as-pdf-by-pdfcrowd
Installations1,000+
Vulnerability:PHP Object Injection
Patched in Version:4.4.1
Severity Score:Critical
The vulnerability has been patched, so you should update to version 4.4.1.

 Tainacan

Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:SQL Injection
Patched in Version:0.21.13
Severity Score:High
The vulnerability has been patched, so you should update to version 0.21.13.

 Tamara Checkout

Plugin Slug:tamara-checkout
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.9.9.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.9.9.1.

 Toocheke Companion

Plugin Slug:toocheke-companion
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.167
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.167.

 Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking

Plugin Slug:woocommerce-cloak-affiliate-links
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.0.36
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.0.36.

 MDTF – Meta Data and Taxonomies Filter

Plugin Slug:wp-meta-data-filter-and-taxonomy-filter
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.3.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.3.7.

 12 Step Meeting List

Plugin Slug:12-step-meeting-list
Installations800+
Vulnerability:Sensitive Data Exposure
Patched in Version:3.16.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.16.6.

 12 Step Meeting List

Plugin Slug:12-step-meeting-list
Installations800+
Vulnerability:Arbitrary Content Deletion
Patched in Version:3.16.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.16.6.

 Booking Calendar Contact Form

Plugin Slug:booking-calendar-contact-form
Installations700+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.56
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.56.
Plugin Slug:easy-youtube-gallery
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.0.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.0.5.

 FireCask Like & Share Button

Plugin Slug:facebook-like-send-button
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.

 Wishlist for WooCommerce

Plugin Slug:wt-woocommerce-wishlist
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.3.

 Create with Code

Plugin Slug:create-with-code
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.

 Job Board Manager

Plugin Slug:job-board-manager
Installations500+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.60
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.60.

 Ketchup Shortcodes

Plugin Slug:ketchup-shortcodes-pack
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.2.1.

 Listamester

Plugin Slug:listamester
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.3.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.5.

 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO

 WP Multi Store Locator

Plugin Slug:wp-multi-store-locator
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.5.1.

 Form Builder CP

Plugin Slug:cp-easy-form-builder
Installations400+
Vulnerability:SQL Injection
Patched in Version:1.2.42
Severity Score:High
The vulnerability has been patched, so you should update to version 1.2.42.

 MachForm Shortcode

Plugin Slug:machform-shortcode
Installations400+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.5.0
Severity Score:High
The vulnerability has been patched, so you should update to version 1.5.0.

 SERPed.net

Plugin:SERPed.net
Plugin Slug:serped-net
Installations400+
Vulnerability:SQL Injection
Patched in Version:4.6
Severity Score:High
The vulnerability has been patched, so you should update to version 4.6.

 aDirectory – WordPress Directory Listing Plugin

 All Embed – Elementor Addons

Plugin Slug:all-embed-addons-for-elementor
Installations300+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.4.

 Gutenberg Blocks and Page Layouts – Attire Blocks

 WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

 RSVPMaker

Plugin:RSVPMaker
Plugin Slug:rsvpmaker
Installations300+
Vulnerability:Broken Access Control
Patched in Version:11.4.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 11.4.6.

 Build Private Store For Woocommerce

Plugin Slug:build-private-store-for-woocommerce
Installations200+
Vulnerability:Broken Access Control
Patched in Version:1..1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1..1.

 WP Duplicate – WordPress Migration Plugin

 Magic the Gathering Card Tooltips

Plugin Slug:magic-the-gathering-card-tooltips
Installations200+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.5.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.5.0.

 ShMapper by Teplitsa

Plugin Slug:shmapper-by-teplitsa
Installations200+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.1.

 Taxonomy/Term and Role based Discounts for WooCommerce

 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

 Advanced Notifications

Plugin Slug:advanced-notifications
Installations100+
Vulnerability:Broken Access Control
Patched in Version:1.2.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.8.

 Blur Text

Plugin:Blur Text
Plugin Slug:blur-text
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.0.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.0.

 Target Video Easy Publish

Plugin Slug:brid-video-easy-publish
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.8.4
Severity Score:High
The vulnerability has been patched, so you should update to version 3.8.4.

 Bug Library

Plugin Slug:bug-library
Installations100+
Vulnerability:SQL Injection
Patched in Version:2.1.5
Severity Score:High
The vulnerability has been patched, so you should update to version 2.1.5.

 Linet ERP-Woocommerce Integration Plugin

Plugin Slug:linet-erp-woocommerce-integration
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.5.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.5.8.

 Morkva UA Shipping

Plugin Slug:morkva-ua-shipping
Installations100+
Vulnerability:Local File Inclusion
Patched in Version:1.0.20
Severity Score:High
The vulnerability has been patched, so you should update to version 1.0.20.

 Orbisius Simple Notice

Plugin Slug:orbisius-simple-notice
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.4.

 People Lists

Plugin Slug:people-lists
Installations100+
Vulnerability:Broken Access Control
Patched in Version:2.0.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.0.

 Precious Metals Charts and Widgets for WordPress

Plugin Slug:precious-metals-chart-and-widgets
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.9.

 Roi Calculator

Plugin Slug:roi-calculator
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1
Severity Score:High
The vulnerability has been patched, so you should update to version 1.1.

 Show/Hide Shortcode

Plugin Slug:showhide-shortcode
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.0.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.0.1.

 Simple Downloads List

Plugin Slug:simple-downloads-list
Installations100+
Vulnerability:SQL Injection
Patched in Version:1.4.3
Severity Score:High
The vulnerability has been patched, so you should update to version 1.4.3.

 FV Thoughtful Comments

Plugin Slug:thoughtful-comments
Installations100+
Vulnerability:Broken Access Control
Patched in Version:0.3.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.3.6.

 WC Affiliate – A Complete WooCommerce Affiliate Plugin

 WC Affiliate – A Complete WooCommerce Affiliate Plugin

 WP-BibTeX

Plugin:WP-BibTeX
Plugin Slug:wp-bibtex
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0.2
Severity Score:High
The vulnerability has been patched, so you should update to version 3.0.2.

 PDF Invoices for WooCommerce + Drag and Drop Template Builder

 Dynamic URL SEO

Plugin Slug:dynamic-url-seo
Installations80+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.

 Restrict Anonymous Access

Plugin Slug:restrict-anonymous-access
Installations80+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.1.

 WPBookit

Plugin:WPBookit
Plugin Slug:wpbookit
Installations80+
Vulnerability:Arbitrary File Upload
Patched in Version:1.6.10
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.6.10.
Plugin Slug:simple-gallery-with-filter
Installations70+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.

 Bilingual Linker

Plugin Slug:bilingual-linker
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.1.

 Cliptakes

Plugin:Cliptakes
Plugin Slug:cliptakes
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.5.

 FAQ Builder AYS

Plugin Slug:faq-builder-ays
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.7.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.7.4.

 Radius Blocks – WordPress Gutenberg Blocks

Plugin Slug:radius-blocks
Installations60+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.0.

 wp-greet

Plugin:wp-greet
Plugin Slug:wp-greet
Installations60+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:6.3
Severity Score:High
The vulnerability has been patched, so you should update to version 6.3.

 Boom Fest

Plugin:Boom Fest
Plugin Slug:boom-fest
Installations50+
Vulnerability:Broken Access Control
Patched in Version:2.2.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.2.
Plugin Slug:caching-compatible-cookie-optin-and-javascript
Installations30+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.0.11
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.0.11.

 Subscription DNA®

Plugin Slug:subscriptiondna
Installations20+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2
Severity Score:High
The vulnerability has been patched, so you should update to version 2.2.

 KBucket: Your Curated Content in WordPress

Plugin Slug:kbucket
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.2.2
Severity Score:High
The vulnerability has been patched, so you should update to version 4.2.2.

 ReviewsTap

Plugin:ReviewsTap
Plugin Slug:reviewstap
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.3
Severity Score:High
The vulnerability has been patched, so you should update to version 1.1.3.

 Admin and Site Enhancements (ASE) Pro

Plugin:Admin and Site Enhancements (ASE) Pro
Plugin Slug:admin-site-enhancements-pro
Vulnerability:Broken Access Control
Patched in Version:7.6.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.6.3.

 BMLT Meeting Map

Plugin:BMLT Meeting Map
Plugin Slug:bmlt-meeting-map
Vulnerability:Local File Inclusion
Patched in Version:2.6.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.6.1.

 Bridge Core

Plugin:Bridge Core
Plugin Slug:bridge-core
Vulnerability:Broken Access Control
Patched in Version:3.3.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.3.1.

 Fusion Builder

Plugin:Fusion Builder
Plugin Slug:fusion-builder
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.11.12
Severity Score:Medium