PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Vulnerability Report — May 31 2024

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.


WordPress Plugins — 86 Patched / 32 Unpatched

Plugin Slug:photo-gallery
Installations200,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Business Card

Plugin Slug:business-card-by-esterox-100
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 

WP Stacker

Plugin:WP Stacker
Plugin Slug:wp-stacker
Installations10+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Plugin:AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:adfoxly
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

ApplyOnline – Application Form Builder and Manager

Plugin:ApplyOnline – Application Form Builder and Manager
Plugin Slug:apply-online
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Automatic Translator with Auto Translate

Plugin:Automatic Translator with Auto Translate
Plugin Slug:auto-translate
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Button contact VR

Plugin:Button contact VR
Plugin Slug:button-contact-vr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Crafthemes Demo Import

Plugin:Crafthemes Demo Import
Plugin Slug:crafthemes-demo-import
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Dextaz Ping

Plugin:Dextaz Ping
Plugin Slug:dextaz-ping
Vulnerability:Remote Code Execution (RCE)
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.

 

Easy Digital Downloads – Recent Purchases

Plugin:Easy Digital Downloads – Recent Purchases
Plugin Slug:edd-recent-purchases
Vulnerability:Remote File Inclusion
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.

 

Elegant Addons for elementor

Plugin:Elegant Addons for elementor
Plugin Slug:elegant-addons-for-elementor
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Flattr

Plugin:Flattr
Plugin Slug:flattr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 

Opal Estate Pro

Plugin:Opal Estate Pro
Plugin Slug:opal-estate-pro
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode

Plugin:PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Pet Manager

Plugin:Pet Manager
Plugin Slug:pet-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 

Sailthru Triggermail

Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Sailthru Triggermail

Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 

Praison SEO WordPress

Plugin:Praison SEO WordPress
Plugin Slug:seo-wordpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Simple Popup Manager

Plugin:Simple Popup Manager
Plugin Slug:simple-popup-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Toolbar Extras for Elementor & More

Plugin:Toolbar Extras for Elementor & More
Plugin Slug:toolbar-extras
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Woocommerce – Recent Purchases

Plugin:Woocommerce – Recent Purchases
Plugin Slug:woo-recent-purchases
Vulnerability:Local File Inclusion
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

WP Backpack

Plugin:WP Backpack
Plugin Slug:wp-backpack
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

WP Font Awesome Share Icons

Plugin:WP Font Awesome Share Icons
Plugin Slug:wp-font-awesome-share-icons
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

WP Next Post Navi

Plugin:WP Next Post Navi
Plugin Slug:wp-next-post-navi
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

WP Scraper

Plugin:WP Scraper
Plugin Slug:wp-scraper
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

 

Elementor Website Builder – More than Just a Page Builder

Plugin Slug:elementor
Installations10,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.21.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.21.6.
Plugin Slug:header-footer-elementor
Installations1,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.6.26.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.6.26.1.

 

WP Fastest Cache

Plugin Slug:wp-fastest-cache
Installations1,000,000+
Vulnerability:Arbitrary File Deletion
Patched in Version:1.2.7
Severity Score:High
The vulnerability has been patched, so you should update to version 1.2.7.

 

Premium Addons for Elementor

Plugin Slug:premium-addons-for-elementor
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.10.32
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.10.32.

 

Page Builder by SiteOrigin

Plugin Slug:siteorigin-panels
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.29.16
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.29.16.

 

Spectra – WordPress Gutenberg Blocks

Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.13.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.13.1.

 

Spectra – WordPress Gutenberg Blocks

Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.12.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.12.9.

 

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin Slug:shortcodes-ultimate
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.1.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.1.6.

 

SiteOrigin Widgets Bundle

Plugin Slug:so-widgets-bundle
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.61.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.61.0.

 

WP Go Maps (formerly WP Google Maps)

Plugin Slug:wp-google-maps
Installations400,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:9.0.37
Severity Score:Medium
The vulnerability has been patched, so you should update to version 9.0.37.

 

HT Mega – Absolute Addons For Elementor

Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.3.

 

HT Mega – Absolute Addons For Elementor

Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.3.

 

Social Icons Widget & Block by WPZOOM

Plugin Slug:social-icons-widget-by-wpzoom
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.18
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.18.

 

LearnPress – WordPress LMS Plugin

Plugin Slug:learnpress
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.6.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.6.7.

 

Master Slider – Responsive Touch Slider

Plugin Slug:master-slider
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.10
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.9.10.

 

Brizy – Page Builder

Plugin Slug:brizy
Installations80,000+
Vulnerability:Broken Access Control
Patched in Version:2.4.44
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.44.

 

Email Log

Plugin:Email Log
Plugin Slug:email-log
Installations80,000+
Vulnerability:Other Vulnerability Type
Patched in Version:2.4.9
Severity Score:High
The vulnerability has been patched, so you should update to version 2.4.9.

 

Media Library Assistant

Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:SQL Injection
Patched in Version:3.16
Severity Score:High
The vulnerability has been patched, so you should update to version 3.16.

 

Media Library Assistant

Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.16
Severity Score:High
The vulnerability has been patched, so you should update to version 3.16.
Plugin Slug:yith-woocommerce-ajax-search
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.4.1.

 

Advanced iFrame

Plugin Slug:advanced-iframe
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2024.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2024.4.

 

WP Table Builder – WordPress Table Plugin

Plugin Slug:wp-table-builder
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.4.15
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.4.15.
Plugin Slug:carousel-slider
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.2.11
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.11.

 

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin Slug:ditty-news-ticker
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.36
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.36.

 

FV Flowplayer Video Player

Plugin Slug:fv-wordpress-flowplayer
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.5.46.7212
Severity Score:High
The vulnerability has been patched, so you should update to version 7.5.46.7212.

 

Reviews and Rating – Google Reviews

Plugin Slug:g-business-reviews-rating
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.3.

 

ND Shortcodes

Plugin Slug:nd-shortcodes
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.6.

 

WP DSGVO Tools (GDPR)

Plugin Slug:shapepress-dsgvo
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.33
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.33.

 

ShareThis Share Buttons

Plugin Slug:sharethis-share-buttons
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.3.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.1.

 

WPZOOM Addons for Elementor (Templates, Widgets)

Plugin Slug:wpzoom-elementor-addons
Installations20,000+
Vulnerability:Local File Inclusion
Patched in Version:1.1.38
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.1.38.

 

LA-Studio Element Kit for Elementor

Plugin Slug:lastudio-element-kit
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.8.

 

WP Photo Album Plus

Plugin Slug:wp-photo-album-plus
Installations10,000+
Vulnerability:Content Injection
Patched in Version:8.7.00.004
Severity Score:Medium
The vulnerability has been patched, so you should update to version 8.7.00.004.

 

WP TripAdvisor Review Slider

Plugin Slug:wp-tripadvisor-review-slider
Installations10,000+
Vulnerability:SQL Injection
Patched in Version:12.7
Severity Score:High
The vulnerability has been patched, so you should update to version 12.7.

 

WordPress + Microsoft Office 365 / Azure AD | LOGIN

Plugin Slug:wpo365-login
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:28.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 28.0.

 

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:xpro-elementor-addons
Installations10,000+
Vulnerability:PHP Object Injection
Patched in Version:1.4.3.2
Severity Score:High
The vulnerability has been patched, so you should update to version 1.4.3.2.

 

Videojs HTML5 Player

Plugin Slug:videojs-html5-player
Installations9,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.12
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.12.

 

Awesome Contact Form7 for Elementor

Plugin Slug:awesome-contact-form7-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.0.

 

Primary Addon for Elementor

Plugin Slug:primary-addon-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.6.

 

Hash Elements

Plugin Slug:hash-elements
Installations7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.9.

 

Survey Maker – Best WordPress Survey Plugin

Plugin Slug:survey-maker
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.9.
Plugin Slug:testimonials-carousel-elementor
Installations6,000+
Vulnerability:Broken Access Control
Patched in Version:10.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 10.2.1.

 

WPKoi Templates for Elementor

Plugin Slug:wpkoi-templates-for-elementor
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.11
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.11.

 

AI ChatBot for WordPress – WPBot

Plugin Slug:chatbot
Installations5,000+
Vulnerability:Broken Access Control
Patched in Version:5.3.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.3.6.

 

WP Ultimate Post Grid

Plugin Slug:wp-ultimate-post-grid
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.9.2.

 

PopupAlly

Plugin:PopupAlly
Plugin Slug:popupally
Installations4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.2.

 

Move Addons for Elementor

Plugin Slug:move-addons
Installations3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.2.

 

Debug Log – Manger Tool

Plugin Slug:debug-log-config-tool
Installations2,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.

 

LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor

Plugin Slug:include-lottie-animation-for-elementor
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.10.10
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.10.10.

 

Event post

Plugin:Event post
Plugin Slug:event-post
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:5.9.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.9.5.

 

Fastly

Plugin:Fastly
Plugin Slug:fastly
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:1.2.26
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.26.

 

Hash Form – Drag & Drop Form Builder

Plugin Slug:hash-form
Installations1,000+
Vulnerability:PHP Object Injection
Patched in Version:1.1.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.1.

 

Hash Form – Drag & Drop Form Builder

Plugin Slug:hash-form
Installations1,000+
Vulnerability:Remote Code Execution (RCE)
Patched in Version:1.1.1
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.1.1.

 

Tainacan

Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.21.4.

 

Tainacan

Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:High
The vulnerability has been patched, so you should update to version 0.21.4.

 

Web Directory Free

Plugin Slug:web-directory-free
Installations600+
Vulnerability:SQL Injection
Patched in Version:1.7.0
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.7.0.

 

WP-ViperGB

Plugin:WP-ViperGB
Plugin Slug:wp-vipergb
Installations600+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.6.2.

 

Atarim

Plugin:Atarim
Plugin Slug:atarim-visual-collaboration
Vulnerability:Other Vulnerability Type
Patched in Version:3.30
Severity Score:High
The vulnerability has been patched, so you should update to version 3.30.

 

Country State City Dropdown CF7

Plugin:Country State City Dropdown CF7
Plugin Slug:country-state-city-auto-dropdown
Vulnerability:SQL Injection
Patched in Version:2.7.3
Severity Score:Critical
The vulnerability has been patched, so you should update to version 2.7.3.

 

ElementsKit Pro

Plugin:ElementsKit Pro
Plugin Slug:elementskit
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.6.2.

 

layerSlider

Plugin:LayerSlider
Plugin Slug:layerslider
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.11.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.11.1.


Contact Form & Lead Form Elementor Builder

Plugin:Contact Form & Lead Form Elementor Builder
Plugin Slug:lead-form-builder
Vulnerability:Content Injection
Patched in Version:1.9.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.9.2.

 

Memberpress

Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.11.30
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.11.30.

 

Memberpress

Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.11.30
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.11.30.

 

Pie Register (Add on) – Social Sites Login

Plugin:Pie Register (Add on) – Social Sites Login
Plugin Slug:pie-register-social-site
Vulnerability:Broken Authentication
Patched in Version:1.7.8
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.7.8.

 

NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Sensitive Data Exposure
Patched in Version:4.4.4
Severity Score:High
The vulnerability has been patched, so you should update to version 4.4.4.

 

NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.4.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.4.4.

 

NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.4.4
Severity Score:High
The vulnerability has been patched, so you should update to version 4.4.4.

 

Uber Menu

Plugin:Uber Menu
Plugin Slug:ubermenu
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.8.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.8.3.

 

Userpro

Plugin:Userpro
Plugin Slug:userpro
Vulnerability:Privilege Escalation
Patched in Version:5.1.9
Severity Score:Critical
The vulnerability has been patched, so you should update to version 5.1.9.

 

WordPress Themes — 1 Patched / 0 Unpatched

 Blocksy

Theme:Blocksy
Theme Slug:blocksy
Downloads3,232,407
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.0.47
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.47.