PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Plugin Vulnerabilities – No Known Fix – March 20 2023

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

WooCommerce Weight Based Shipping

Product image for WooCommerce Weight Based Shipping.

PLUGIN SLUGweight-based-shipping-for-woocommerce
INSTALLATIONS60,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Product image for Print Invoice & Delivery Notes for WooCommerce.

PLUGIN SLUGwoocommerce-delivery-notes
INSTALLATIONS40,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Data Tables Generator by Supsystic

Product image for Data Tables Generator by Supsystic.

PLUGIN SLUGdata-tables-generator-by-supsystic
INSTALLATIONS30,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Google XML Sitemap for Videos

PLUGIN SLUGxml-sitemaps-for-videos
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

CF7 Invisible reCAPTCHA

Product image for CF7 Invisible reCAPTCHA.

PLUGIN SLUGcf7-invisible-recaptcha
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Google XML Sitemap for Images

PLUGIN SLUGgoogle-image-sitemap
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Redirect & Thank You Page

PLUGIN SLUGcf7-redirect-thank-you-page
INSTALLATIONS6,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Yandex.News Feed by Teplitsa

Product image for Yandex.News Feed by Teplitsa.

PLUGIN SLUGyandexnews-feed-by-teplitsa
INSTALLATIONS6,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Daily Prayer Time

Product image for Daily Prayer Time.

PLUGIN SLUGdaily-prayer-time-for-mosques
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Daily Prayer Time

Product image for Daily Prayer Time.

PLUGIN SLUGdaily-prayer-time-for-mosques
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Kopa Framework

Product image for Kopa Framework.

PLUGIN SLUGkopatheme
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Store Locator for WordPress with Google Maps – LotsOfLocales

Product image for Store Locator for WordPress with Google Maps – LotsOfLocales.

PLUGIN SLUGstore-locator
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

xili-tidy-tags

Product image for xili-tidy-tags.

PLUGIN SLUGxili-tidy-tags
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

WP-Advanced-Search

PLUGIN SLUGwp-advanced-search
INSTALLATIONS800+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

CMS Press

PLUGIN CMS Press
PLUGIN SLUGcms-press
INSTALLATIONS700+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Backup Bank: WordPress Backup

Product image for Backup Bank: WordPress Backup Plugin.

PLUGIN SLUGwp-backup-bank
INSTALLATIONS700+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Chronoforms

Product image for Chronoforms.

PLUGIN Chronoforms
PLUGIN SLUGchronoforms
INSTALLATIONS400+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

WP Basic Elements

Product image for WP Basic Elements.

PLUGIN SLUGwp-basic-elements
INSTALLATIONS300+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Exxp

Product image for Exxp.

PLUGIN Exxp
PLUGIN SLUGexxp-wp
INSTALLATIONS200+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

WH Testimonials

PLUGIN SLUGwh-testimonials
INSTALLATIONS90+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Console

PLUGIN SLUGwordpress-console
INSTALLATIONS40+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCORELow
The vulnerability has not been patched. You should deactivate the plugin.

LOGIN AND REGISTRATION ATTEMPTS LIMIT

PLUGIN SLUGlogin-attempts-limit-wp
INSTALLATIONS10+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Admin side data storage for Contact Form 7

PLUGIN SLUGadmin-side-data-storage-for-contact-form-7
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
The vulnerability has not been patched. You should deactivate the plugin.

Easy Event calendar

PLUGIN SLUGeasy-event-calendar
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
The vulnerability has not been patched. You should deactivate the plugin.

Tags Cloud Manager

Product image for Tags Cloud Manager.

PLUGIN SLUGtags-cloud-manager
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
The vulnerability has not been patched. You should deactivate the plugin.