WordPress Plugin Vulnerabilities – No Known Fix
This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.
WooCommerce Weight Based Shipping
PLUGIN SLUGweight-based-shipping-for-woocommerce
INSTALLATIONS60,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-46794
Print Invoice & Delivery Notes for WooCommerce
PLUGIN SLUGwoocommerce-delivery-notes
INSTALLATIONS40,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-46795
Data Tables Generator by Supsystic
PLUGIN SLUGdata-tables-generator-by-supsystic
INSTALLATIONS30,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-25043
Google XML Sitemap for Videos
PLUGIN SLUGxml-sitemaps-for-videos
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-25055
CF7 Invisible reCAPTCHA
PLUGIN CF7 Invisible reCAPTCHA
PLUGIN SLUGcf7-invisible-recaptcha
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-28167
Google XML Sitemap for Images
PLUGIN SLUGgoogle-image-sitemap
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-28173
Contact Form 7 Redirect & Thank You Page
PLUGIN SLUGcf7-redirect-thank-you-page
INSTALLATIONS6,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-24395
Yandex.News Feed by Teplitsa
PLUGIN Yandex.News Feed by Teplitsa
PLUGIN SLUGyandexnews-feed-by-teplitsa
INSTALLATIONS6,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-25052
Coming Soon Landing Page and Maintenance Mode
PLUGIN SLUG8-degree-coming-soon-page
INSTALLATIONS2,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47429
Daily Prayer Time
PLUGIN Daily Prayer Time
PLUGIN SLUGdaily-prayer-time-for-mosques
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-27632
Daily Prayer Time
PLUGIN Daily Prayer Time
PLUGIN SLUGdaily-prayer-time-for-mosques
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-27631
Kopa Framework
PLUGIN Kopa Framework
PLUGIN SLUGkopatheme
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47180
Store Locator for WordPress with Google Maps – LotsOfLocales
PLUGIN SLUGstore-locator
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47446
xili-tidy-tags
PLUGIN xili-tidy-tags
PLUGIN SLUGxili-tidy-tags
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47448
WP-Advanced-Search
PLUGIN WordPress WP-Advanced-Search
PLUGIN SLUGwp-advanced-search
INSTALLATIONS800+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47447
CMS Press
PLUGIN CMS Press
PLUGIN SLUGcms-press
INSTALLATIONS700+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-25452
Backup Bank: WordPress Backup
PLUGIN SLUGwp-backup-bank
INSTALLATIONS700+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-28165
Chronoforms
PLUGIN Chronoforms
PLUGIN SLUGchronoforms
INSTALLATIONS400+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47135
WP Basic Elements
PLUGIN WP Basic Elements
PLUGIN SLUGwp-basic-elements
INSTALLATIONS300+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47139
Exxp
PLUGIN Exxp
PLUGIN SLUGexxp-wp
INSTALLATIONS200+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-45812
Solidres
PLUGIN SLUGsolidres
INSTALLATIONS100+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-1374
WH Testimonials
PLUGIN WH Testimonials
PLUGIN SLUGwh-testimonials
INSTALLATIONS90+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE 2023-1372
WordPress Console
PLUGIN WordPress Console
PLUGIN SLUGwordpress-console
INSTALLATIONS40+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCORELow
CVE 2023-28168
LOGIN AND REGISTRATION ATTEMPTS LIMIT
PLUGIN SLUGlogin-attempts-limit-wp
INSTALLATIONS10+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2022-47138
Admin side data storage for Contact Form 7
PLUGIN SLUGadmin-side-data-storage-for-contact-form-7
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE 2023-24420
Easy Event calendar
PLUGIN Easy Event calendar
PLUGIN SLUGeasy-event-calendar
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE 2023-28169
Tags Cloud Manager
PLUGIN Tags Cloud Manager
PLUGIN SLUGtags-cloud-manager
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE 2023-28166