Home
About Us
Services
Ours Projects
Marketplace
Apps
Blog
Contact Us
EL

Email

info@thinkeasy.gr

Client Area
My account
Cart

Email:info@thinkeasy.gr

PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location

Marousi-Attika
box 15124

Email

info@thinkeasy.gr
dpo@thinkeasy.gr

Home
About Us
Services
Ours Projects
Marketplace
Apps
Blog
Contact Us
EL

WordPress Vulnerability Report – January 7, 2023

HomeWordPress Vulnerability Report – January 7, 2023

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

All In One WP Security & Firewall

PLUGIN: All-In-One Security (AIOS) – Security and Firewall
PLUGIN SLUG: all-in-one-wp-security-and-firewall
INSTALLATIONS: 1,000,000+
VULNERABILITY: Configuration Leak
PATCHED IN VERSION: 5.1.3
SEVERITY SCORE: Medium
CVE: 2022-4346

The vulnerability has been patched, so you should update to version 5.1.3.

WP Statistics

PLUGIN: WP Statistics
PLUGIN SLUG: wp-statistics
INSTALLATIONS: 600,000+
VULNERABILITY: Authenticated SQLi
PATCHED IN VERSION: 13.2.9
SEVERITY SCORE: High
CVE: 2022-4230

The vulnerability has been patched, so you should update to version 13.2.9.

Sassy Social Share

PLUGIN: Social Sharing Plugin – Sassy Social Share
PLUGIN SLUG: sassy-social-share
INSTALLATIONS: 100,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.3.45
SEVERITY SCORE: Medium
CVE: 2022-4451

The vulnerability has been patched, so you should update to version 3.3.45.

Google Analyticator

PLUGIN: Analyticator
PLUGIN SLUG: google-analyticator
INSTALLATIONS: 100,000+
VULNERABILITY: Admin+ PHP Object Injection
PATCHED IN VERSION: 6.5.6
SEVERITY SCORE: Low
CVE: 2022-4323

The vulnerability has been patched, so you should update to version 6.5.6.

Simple Sitemap

PLUGIN: Simple Sitemap – Create a Responsive HTML Sitemap
PLUGIN SLUG: simple-sitemap
INSTALLATIONS: 90,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.5.8
SEVERITY SCORE: Medium
CVE: 2022-4472

The vulnerability has been patched, so you should update to version 3.5.8.

Booster for WooCommerce

PLUGIN: Booster for WooCommerce
PLUGIN SLUG: woocommerce-jetpack
INSTALLATIONS: 70,000+
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

PLUGIN: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
PLUGIN SLUG: easy-facebook-likebox
INSTALLATIONS: 70,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 6.4.0
SEVERITY SCORE: Medium
CVE: 2022-4474

The vulnerability has been patched, so you should update to version 6.4.0.

Collapse-O-Matic

PLUGIN: Collapse-O-Matic
PLUGIN SLUG: jquery-collapse-o-matic
INSTALLATIONS: 60,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.8.3
SEVERITY SCORE: Medium
CVE: 2022-4475

The vulnerability has been patched, so you should update to version 1.8.3.

Search & Filter

PLUGIN: Search & Filter
PLUGIN SLUG: search-filter
INSTALLATIONS: 50,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.2.16
SEVERITY SCORE: Medium
CVE: 2022-4467

The vulnerability has been patched, so you should update to version 1.2.16.

Content Control

PLUGIN: Content Control – User Access Restriction Plugin
PLUGIN SLUG: content-control
INSTALLATIONS: 40,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.1.10
SEVERITY SCORE: Medium
CVE: 2022-4509

The vulnerability has been patched, so you should update to version 1.1.10.

Page-list

PLUGIN: Page-list
PLUGIN SLUG: page-list
INSTALLATIONS: 40,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 5.3
SEVERITY SCORE: Medium
CVE: 2022-4485

The vulnerability has been patched, so you should update to version 5.3.

OneClick Chat to Order

PLUGIN: OneClick Chat to Order
PLUGIN SLUG: oneclick-whatsapp-order
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.4.2
SEVERITY SCORE: Medium
CVE: 2022-4760

The vulnerability has been patched, so you should update to version 1.0.4.2.

Sitemap

PLUGIN: Sitemap
PLUGIN SLUG: sitemap
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 4.4
SEVERITY SCORE: Medium
CVE: 2022-4545

The vulnerability has been patched, so you should update to version 4.4.

Compact WP Audio Player

PLUGIN: Compact WP Audio Player
PLUGIN SLUG: compact-wp-audio-player
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.9.8
SEVERITY SCORE: Medium
CVE: 2022-4542

The vulnerability has been patched, so you should update to version 1.9.8.

WP Popups

PLUGIN: WP Popups – WordPress Popup builder
PLUGIN SLUG: wp-popups-lite
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 2.1.4.8
SEVERITY SCORE: Medium
CVE: 2022-4716

The vulnerability has been patched, so you should update to version 2.1.4.8.

Top 10

PLUGIN: Top 10 – Popular posts plugin for WordPress
PLUGIN SLUG: top-10
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.2.3
SEVERITY SCORE: Medium
CVE: 2022-4570

The vulnerability has been patched, so you should update to version 3.2.3.

Login Logout Menu

PLUGIN: Login Logout Menu
PLUGIN SLUG: login-logout-menu
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.4.0
SEVERITY SCORE: Medium
CVE: 2022-4625

The vulnerability has been patched, so you should update to version 1.4.0.

ShiftNav – Responsive Mobile Menu

PLUGIN: ShiftNav – Responsive Mobile Menu
PLUGIN SLUG: shiftnav-responsive-mobile-menu
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.7.2
SEVERITY SCORE: Medium
CVE: 2022-4627

The vulnerability has been patched, so you should update to version 1.7.2.

Product Slider for WooCommerce

PLUGIN: Product Slider for WooCommerce
PLUGIN SLUG: woo-product-slider
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 2.6.4
SEVERITY SCORE: Medium
CVE: 2022-4629

The vulnerability has been patched, so you should update to version 2.6.4.

Mongoose Page Plugin

PLUGIN: Mongoose Page Plugin
PLUGIN SLUG: facebook-page-feed-graph-api
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.9.0
SEVERITY SCORE: Medium
CVE: 2022-4675

The vulnerability has been patched, so you should update to version 1.9.0.

Rate my Post – WP Rating System

PLUGIN: Rate my Post – WP Rating System
PLUGIN SLUG: rate-my-post
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 3.3.9
SEVERITY SCORE: Medium
CVE: 2022-4673

The vulnerability has been patched, so you should update to version 3.3.9.

WordPress Simple Shopping Cart

PLUGIN: WordPress Simple Shopping Cart
PLUGIN SLUG: wordpress-simple-paypal-shopping-cart
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 4.6.2
SEVERITY SCORE: Medium
CVE: 2022-4672

The vulnerability has been patched, so you should update to version 4.6.2.

Structured Content

PLUGIN: Structured Content (JSON-LD) #wpsc
PLUGIN SLUG: structured-content
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.5.1
SEVERITY SCORE: Medium
CVE: 2022-4715

The vulnerability has been patched, so you should update to version 1.5.1.

GS Logo Slider

PLUGIN: GS Logo Slider – Ticker, Grid, List, Table & Filter Views
PLUGIN SLUG: gs-logo-slider
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 3.3.8
SEVERITY SCORE: Medium
CVE: 2022-4624

The vulnerability has been patched, so you should update to version 3.3.8.

Video Conferencing with Zoom

PLUGIN: Video Conferencing with Zoom
PLUGIN SLUG: video-conferencing-with-zoom-api
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 4.0.10
SEVERITY SCORE: Medium
CVE: 2022-4578

The vulnerability has been patched, so you should update to version 4.0.10.

Easy Appointments

PLUGIN: Easy Appointments
PLUGIN SLUG: easy-appointments
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 3.11.2
SEVERITY SCORE: Medium
CVE: 2022-4668

The vulnerability has been patched, so you should update to version 3.11.2.

GeoDirectory

PLUGIN: GeoDirectory – WordPress Business Directory Plugin and Classified Ads Listings
PLUGIN SLUG: geodirectory
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.2.22
SEVERITY SCORE: Medium
CVE: 2022-4775

The vulnerability has been patched, so you should update to version 2.2.22.

Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio

PLUGIN: Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio
PLUGIN SLUG: portfolio-elementor
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.3.1
SEVERITY SCORE: Medium
CVE: 2022-4765

The vulnerability has been patched, so you should update to version 2.3.1.

WP Google My Business Auto Publish

PLUGIN: Auto Publish for Google My Business
PLUGIN SLUG: wp-google-my-business-auto-publish
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 3.4
SEVERITY SCORE: Medium
CVE: 2022-4790

The vulnerability has been patched, so you should update to version 3.4.

Landing Page Builder

PLUGIN: Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages
PLUGIN SLUG: page-builder-add
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Cross-Site Scripting via Shortcode
PATCHED IN VERSION: 1.4.9.9
SEVERITY SCORE: Medium
CVE: 2022-4718

The vulnerability has been patched, so you should update to version 1.4.9.9.

WPZOOM Portfolio

PLUGIN: WPZOOM Portfolio
PLUGIN SLUG: wpzoom-portfolio
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.2.2
SEVERITY SCORE: Medium
CVE: 2022-4789

The vulnerability has been patched, so you should update to version 1.2.2.

10WebMapBuilder

PLUGIN: 10WebMapBuilder
PLUGIN SLUG: wd-google-maps
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.72
SEVERITY SCORE: Medium
CVE: 2022-4758

The vulnerability has been patched, so you should update to version 1.0.72.

Word Balloon

PLUGIN: Word Balloon
PLUGIN SLUG: word-balloon
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 4.19.3
SEVERITY SCORE: Medium
CVE: 2022-4751

The vulnerability has been patched, so you should update to version 4.19.3.

PDF Viewer

PLUGIN: PDF Viewer
PLUGIN SLUG: pdf-viewer
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.0
SEVERITY SCORE: Medium
CVE: 2023-0033

The vulnerability has been patched, so you should update to version 1.0.0.

Print-O-Matic

PLUGIN: Print-O-Matic
PLUGIN SLUG: print-o-matic
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.1.8
SEVERITY SCORE: Medium
CVE: 2022-4753

The vulnerability has been patched, so you should update to version 2.1.8.

HashBar – WordPress Notification Bar

PLUGIN: HashBar – WordPress Notification Bar
PLUGIN SLUG: hashbar-wp-notification-bar
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.3.6
SEVERITY SCORE: Medium
CVE: 2022-4650

The vulnerability has been patched, so you should update to version 1.3.6.

PixCodes

PLUGIN: PixCodes
PLUGIN SLUG: pixcodes
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 2.3.7
SEVERITY SCORE: Medium
CVE: 2022-4671

The vulnerability has been patched, so you should update to version 2.3.7.

Genesis Columns Advanced

PLUGIN: Genesis Columns Advanced
PLUGIN SLUG: genesis-columns-advanced
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.0.4
SEVERITY SCORE: Medium
CVE: 2022-4706

The vulnerability has been patched, so you should update to version 2.0.4.

Passster

PLUGIN: Passster – Password Protection
PLUGIN SLUG: content-protector
INSTALLATIONS: 10,000+
VULNERABILITY: Protection Bypass & Arbitrary Post Access; Contributor+ Stored Cross-Site Scripting
PATCHED IN VERSION: 3.5.5.9
SEVERITY SCORE: High
CVE: 2021-24881

The vulnerability has been patched, so you should update to version 3.5.5.9.

Bold Timeline Lite

PLUGIN: Bold Timeline Lite
PLUGIN SLUG: bold-timeline-lite
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.1.5
SEVERITY SCORE: Medium
CVE: 2022-4828

The vulnerability has been patched, so you should update to version 1.1.5.

Icon Widget

PLUGIN: Icon Widget
PLUGIN SLUG: icon-widget
INSTALLATIONS: 9,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.3.0
SEVERITY SCORE: Medium
CVE: 2022-4763

The vulnerability has been patched, so you should update to version 1.3.0.

User Verification

PLUGIN: User Verification
PLUGIN SLUG: user-verification
INSTALLATIONS: 5,000+
VULNERABILITY: Authentication Bypass
PATCHED IN VERSION: 1.0.94
SEVERITY SCORE: Critical
CVE: 2022-4693

The vulnerability has been patched, so you should update to version 1.0.94.

Survey Maker

PLUGIN: Survey Maker – Best WordPress Survey Plugin
PLUGIN SLUG: survey-maker
INSTALLATIONS: 3,000+
VULNERABILITY: Unauthenticated Stored XSS
PATCHED IN VERSION: 3.1.4
SEVERITY SCORE: High
CVE: 2023-0038

The vulnerability has been patched, so you should update to version 3.1.4.

Pardakht Delkhah

PLUGIN: ?????? ?????? ??????
PLUGIN SLUG: pardakht-delkhah
INSTALLATIONS: 1,000+
VULNERABILITY: Unauthenticated Stored XSS
PATCHED IN VERSION: 2.9.3
SEVERITY SCORE: High
CVE: 2022-4307

The vulnerability has been patched, so you should update to version 2.9.3.

Optimize images ALT Text (alt tag) & names for SEO using AI

PLUGIN: Optimize images ALT Text (alt tag) & names for SEO using AI
PLUGIN SLUG: imageseo
INSTALLATIONS: 1,000+
VULNERABILITY: Settings Update via CSRF
PATCHED IN VERSION: 2.0.8
SEVERITY SCORE: Low
CVE: 2022-4548

The vulnerability has been patched, so you should update to version 2.0.8.

FluentAuth

PLUGIN: FluentAuth – The Ultimate Authorization & Security Plugin for WordPress
PLUGIN SLUG: fluent-security
INSTALLATIONS: 700+
VULNERABILITY: Bypass blocks by IP Spoofing
PATCHED IN VERSION: 1.0.2
SEVERITY SCORE: Medium
CVE: 2022-4746

The vulnerability has been patched, so you should update to version 1.0.2.

Login as User or Customer

PLUGIN: Login as User or Customer
PLUGIN SLUG: login-as-customer-or-user
INSTALLATIONS: 400+
VULNERABILITY: Unauthenticated Privilege Escalation to Admin
PATCHED IN VERSION: 3.3
SEVERITY SCORE: Critical
CVE: 2022-4305

The vulnerability has been patched, so you should update to version 3.3.

Booster for WooCommerce

PLUGIN: Booster Elite for WooCommerce
PLUGIN SLUG: booster-elite-for-woocommerce
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

BruteBank – WP Security & Firewall

PLUGIN: BruteBank – WP Security & Firewall
PLUGIN SLUG: brutebank
VULNERABILITY: Settings Update via CSRF
PATCHED IN VERSION: 1.9
SEVERITY SCORE: Medium
CVE: 2022-4443

The vulnerability has been patched, so you should update to version 1.9.

Booster for WooCommerce

PLUGIN: Booster Plus for WooCommerce
PLUGIN SLUG: booster-plus-for-woocommerce
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

Justified Gallery

PLUGIN: Justified Gallery
PLUGIN SLUG: justified-gallery
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.7.1
SEVERITY SCORE: Medium
CVE: 2022-4651

The vulnerability has been patched, so you should update to version 1.7.1.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin.

WP Limit Login Attempts

PLUGIN: WP Limit Login Attempts
PLUGIN SLUG: wp-limit-login-attempts
INSTALLATIONS: 20,000+
VULNERABILITY: IP Spoofing
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4303

The vulnerability has not been patched. You should deactivate the plugin.

Members Import

PLUGIN: Members Import
PLUGIN SLUG: members-import
VULNERABILITY: XSS via Imported CSV
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4663

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Accordion Shortcodes

PLUGIN: Accordion Shortcodes
PLUGIN SLUG: accordion-shortcodes
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4781

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

CPT Bootstrap Carousel

PLUGIN: CPT Bootstrap Carousel
PLUGIN SLUG: cpt-bootstrap-carousel
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4834

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Meteor Slides

PLUGIN: Meteor Slides
PLUGIN SLUG: meteor-slides
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4486

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

CBX Petition for WordPress

PLUGIN: CBX Petition for WordPress
PLUGIN SLUG: cbxpetition
VULNERABILITY: Unauthenticated SQLi
PATCHED IN VERSION: No Fix
SEVERITY SCORE: High
CVE: 2022-4383

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Social Sharing Toolkit

PLUGIN: Social Sharing Toolkit
PLUGIN SLUG: social-sharing-toolkit
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4835

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

MediaElement.js – HTML5 Video & Audio Player

PLUGIN: MediaElement.js – HTML5 Video & Audio Player
PLUGIN SLUG: media-element-html5-video-and-audio-player
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4699

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

EU Cookie Law

PLUGIN: EU Cookie Law for GDPR/CCPA
PLUGIN SLUG: eu-cookie-law
VULNERABILITY: Admin+ Stored XSS
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Low
CVE: 2022-3811

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

Multiple themes – Unauthenticated Arbitrary File Upload

THEME: WeStand
THEME SLUG: westand
VULNERABILITY: RCE
PATCHED IN VERSION: 2.1
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has been patched, so you should update to version 2.1.

WordPress Theme Vulnerabilities – No Known Fix

This section contains theme vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the theme.

Aidreform

THEME: aidreform
THEME SLUG: aidreform
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Kingclub-theme

THEME: kingclub-theme
THEME SLUG: kingclub-theme
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Footysquare

THEME: footysquare
THEME SLUG: footysquare
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Spikes-black

THEME: spikes-black
THEME SLUG: spikes-black
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Stratfort

THEME: stratfort
THEME SLUG: statfort
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Spikes

THEME: spikes
THEME SLUG: spikes
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Club-theme

THEME: club-theme
THEME SLUG: club-theme
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Soundblast

THEME: soundblast
THEME SLUG: soundblast
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Bolster

THEME: bolster
THEME SLUG: bolster
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Privacy Policy
Cookie Policy
Terms and Conditions
G.E.MI.: 153523903000

2023 ThinkEasy. All Rights reserved.