PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Vulnerability Report — December 6, 2023

WordPress Core — Security Update!

WordPress 6.4.1 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.

WordPress 6.4.1 was released on November 8, 2023, as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependencycURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.

WordPress 6.4 was released on November 7, 2023, as the third major release of the year. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.

WordPress Plugins — 124 Patched / 80 Unpatched

Nested Pages

Product image for Nested Pages.
Plugin Slug:wp-nested-pages
Installations:100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Aruba HiSpeed Cache

Product image for Aruba HiSpeed Cache.
Plugin Slug:aruba-hispeed-cache
Installations:90,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Simple Calendar – Google Calendar Plugin

Product image for Simple Calendar – Google Calendar Plugin.
Plugin Slug:google-calendar-events
Installations:60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Enhanced Text Widget

Product image for Enhanced Text Widget.
Plugin Slug:enhanced-text-widget
Installations:50,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Grow Social

Product image for Grow Social.
Plugin Slug:social-pug
Installations:50,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Site Offline Or Coming Soon Or Maintenance Mode

Product image for Site Offline Or Coming Soon Or Maintenance Mode.
Plugin Slug:site-offline
Installations:40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

GoDaddy Email Marketing

Product image for GoDaddy Email Marketing.
Plugin Slug:godaddy-email-marketing-sign-up-forms
Installations:30,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Restricted Site Access

Product image for Restricted Site Access.
Plugin Slug:restricted-site-access
Installations:20,000+
Vulnerability:Bypass Vulnerability
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Elementor Timeline Widget

Product image for Elementor Timeline Widget.
Plugin Slug:3r-elementor-timeline-widget
Installations:10,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Support – WordPress HelpDesk & Support Plugin

Product image for Awesome Support – WordPress HelpDesk & Support Plugin.
Plugin Slug:awesome-support
Installations:10,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Forms by CaptainForm – Form Builder for WordPress

Product image for Forms by CaptainForm – Form Builder for WordPress.
Plugin Slug:captainform
Installations:10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Coming soon and Maintenance mode

Product image for Coming soon and Maintenance mode.
Plugin Slug:coming-soon-page
Installations:10,000+
Vulnerability:Bypass Vulnerability
Patched in Version:No Fix
Severity Score:Low
The vulnerability has not been patched. You should deactivate the plugin.

Quantity Plus Minus Button for WooCommerce by CodeAstrology

Product image for Quantity Plus Minus Button for WooCommerce by CodeAstrology.
Plugin Slug:wc-quantity-plus-minus-button
Installations:10,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

MkRapel Regiones y Ciudades de Chile para WC

Product image for MkRapel Regiones y Ciudades de Chile para WC.
Plugin Slug:wc-ciudades-y-regiones-de-chile
Installations:8,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

SoundCloud Shortcode

Product image for SoundCloud Shortcode.
Plugin Slug:soundcloud-shortcode
Installations:7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Button Generator – easily Button Builder

Product image for Button Generator – easily Button Builder.
Plugin Slug:button-generation
Installations:6,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Button Generator – easily Button Builder

Product image for Button Generator – easily Button Builder.
Plugin Slug:button-generation
Installations:6,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Ads by datafeedr.com

Plugin Slug:ads-by-datafeedrcom
Installations:5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Aparat

Product image for Aparat.
Plugin:Aparat
Plugin Slug:aparat
Installations:5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Social Share Buttons & Analytics Plugin – GetSocial.io

Product image for Social Share Buttons & Analytics Plugin – GetSocial.io.
Plugin Slug:wp-share-buttons-analytics-by-getsocial
Installations:5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Client Dash

Product image for Client Dash.
Plugin Slug:client-dash
Installations:4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

CommentLuv

Product image for CommentLuv.
Plugin:CommentLuv
Plugin Slug:commentluv
Installations:4,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Campaign Monitor for WordPress

Product image for Campaign Monitor for WordPress.
Plugin Slug:forms-for-campaign-monitor
Installations:4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Product Size Chart For WooCommerce

Product image for Product Size Chart For WooCommerce.
Plugin Slug:product-size-chart-for-woo
Installations:4,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

which template file

Product image for which template file.
Plugin Slug:which-template-file
Installations:4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Database for CF7

Product image for Database for CF7.
Plugin Slug:database-for-cf7
Installations:3,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Formzu WP

Plugin:Formzu WP
Plugin Slug:formzu-wp
Installations:3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Add to Cart Text Changer and Customize Button, Add Custom Icon

Product image for Add to Cart Text Changer and Customize Button, Add Custom Icon.
Plugin Slug:woo-add-to-cart-text-change
Installations:3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Login Redirect

Product image for WooCommerce Login Redirect.
Plugin Slug:woo-login-redirect
Installations:3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Crypto Converter ? Widget

Product image for Crypto Converter ? Widget.
Plugin Slug:crypto-converter-widget
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.
Plugin Slug:doofinder-for-woocommerce
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.
Product image for File Gallery.
Plugin Slug:file-gallery
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Product Enquiry for WooCommerce

Product image for Product Enquiry for WooCommerce.
Plugin Slug:gm-woocommerce-quote-popup
Installations:2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Multiple Post Passwords

Product image for Multiple Post Passwords.
Plugin Slug:multiple-post-passwords
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Sign In Scheduling Online Appointment Booking System

Product image for Sign In Scheduling Online Appointment Booking System.
Plugin Slug:10to8-online-booking
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

360 Javascript Viewer

Product image for 360 Javascript Viewer.
Plugin Slug:360deg-javascript-viewer
Installations:1,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Product image for AdFoxly – Ad Manager, AdSense Ads & Ads.txt.
Plugin Slug:adfoxly
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Automatic Youtube Video Posts Plugin

Product image for Automatic Youtube Video Posts Plugin.
Plugin Slug:automatic-youtube-video-posts
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Block for Font Awesome

Product image for Block for Font Awesome.
Plugin Slug:block-for-font-awesome
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Bulk Edit Post Titles

Product image for Bulk Edit Post Titles.
Plugin Slug:bulk-edit-post-titles
Installations:1,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

canvasio3D Light

Product image for canvasio3D Light.
Plugin Slug:canvasio3d-light
Installations:1,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Credit Tracker

Product image for Credit Tracker.
Plugin Slug:credit-tracker
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Currency Converter Calculator

Product image for Currency Converter Calculator.
Plugin Slug:currency-converter-calculator
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Event post

Product image for Event post.
Plugin:Event post
Plugin Slug:event-post
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

KP Fastest Tawk.to Chat

Product image for KP Fastest Tawk.to Chat.
Plugin Slug:kp-fastest-tawk-to-chat
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

List all posts by Authors, nested Categories and Titles

Product image for List all posts by Authors, nested Categories and Titles.
Plugin Slug:list-all-posts-by-authors-nested-categories-and-titles
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Parallax Slider Block

Product image for Parallax Slider Block.
Plugin Slug:parallax-slider-block
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Prevent Landscape Rotation

Product image for Prevent Landscape Rotation.
Plugin Slug:prevent-landscape-rotation
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

SVGator – Add Animated SVG Easily

Product image for SVGator – Add Animated SVG Easily.
Plugin Slug:svgator
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

WP Catalogue

Product image for WP Catalogue.
Plugin Slug:wp-catalogue
Installations:1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

WP CleanFix

Product image for WP CleanFix.
Plugin Slug:wp-cleanfix
Installations:1,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

WPsoonOnlinePage

Product image for WPsoonOnlinePage.
Plugin Slug:wp-soononline-page
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

BigCommerce For WordPress

Product image for BigCommerce For WordPress.
Plugin Slug:bigcommerce
Installations:900+
Vulnerability:Sensitive Data Exposure
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.
Plugin Slug:hdw-player-video-player-video-gallery
Installations:900+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Track Geolocation Of Users Using Contact Form 7

Product image for Track Geolocation Of Users Using Contact Form 7.
Plugin Slug:track-geolocation-of-users-using-contact-form-7
Installations:600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Bravo Translate

Product image for Bravo Translate.
Plugin Slug:bravo-translate
Installations:500+
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.
Product image for GDPR Cookie Consent by Supsystic.
Plugin Slug:gdpr-compliance-by-supsystic
Installations:500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Simple Long Form

Product image for Simple Long Form.
Plugin Slug:simple-long-form
Installations:90+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

WP Pocket URLs

Product image for WP Pocket URLs.
Plugin Slug:wp-pocket-urls
Installations:80+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

BrainCert – HTML5 Virtual Classroom

Product image for BrainCert – HTML5 Virtual Classroom.
Plugin Slug:html5-virtual-classroom
Installations:70+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

MSync

Product image for MSync.
Plugin:MSync
Plugin Slug:msync
Installations:10+
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

MyTube PlayList

Product image for MyTube PlayList.
Plugin Slug:mytube
Installations:10+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

WooDiscuz – WooCommerce Comments

Plugin:WooDiscuz – WooCommerce Comments
Plugin Slug:woodiscuz-woocommerce-comments
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Powr Pack

Plugin:Powr Pack
Plugin Slug:powr-pack
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Machic Core

Plugin:Machic Core
Plugin Slug:machic-core
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

Delete Post Revisions In WordPress

Plugin:Delete Post Revisions In WordPress
Plugin Slug:delete-post-revisions-on-single-click
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

CSprite

Plugin:CSprite
Plugin Slug:csprite
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7

Product image for Contact Form 7.
Plugin Slug:contact-form-7
Installations:5,000,000+
Vulnerability:Arbitrary File Upload
Patched in Version:5.8.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.8.4.

Antispam Bee

Product image for Antispam Bee.
Plugin Slug:antispam-bee
Installations:700,000+
Vulnerability:Bypass Vulnerability
Patched in Version:2.11.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.11.4.

Ocean Extra

Product image for Ocean Extra.
Plugin Slug:ocean-extra
Installations:700,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.3.

WP Shortcodes Plugin — Shortcodes Ultimate

Product image for WP Shortcodes Plugin — Shortcodes Ultimate.
Plugin Slug:shortcodes-ultimate
Installations:600,000+
Vulnerability:Insecure Direct Object References (IDOR)
Patched in Version:7.0.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.0.0.

WP Shortcodes Plugin — Shortcodes Ultimate

Product image for WP Shortcodes Plugin — Shortcodes Ultimate.
Plugin Slug:shortcodes-ultimate
Installations:600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.0.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.0.0.

SiteOrigin Widgets Bundle

Product image for SiteOrigin Widgets Bundle.
Plugin Slug:so-widgets-bundle
Installations:600,000+
Vulnerability:Local File Inclusion
Patched in Version:1.51.0
Severity Score:High
The vulnerability has been patched, so you should update to version 1.51.0.

MW WP Form

Product image for MW WP Form.
Plugin:MW WP Form
Plugin Slug:mw-wp-form
Installations:200,000+
Vulnerability:Arbitrary File Upload
Patched in Version:5.0.2
Severity Score:Critical
The vulnerability has been patched, so you should update to version 5.0.2.
Product image for Responsive Lightbox & Gallery.
Plugin Slug:responsive-lightbox
Installations:200,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.6.

Advanced Database Cleaner

Product image for Advanced Database Cleaner.
Plugin Slug:advanced-database-cleaner
Installations:100,000+
Vulnerability:SQL Injection
Patched in Version:3.1.3
Severity Score:High
The vulnerability has been patched, so you should update to version 3.1.3.

Email Address Encoder

Product image for Email Address Encoder.
Plugin Slug:email-address-encoder
Installations:100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.0.23
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.0.23.

SpeedyCache – Cache, Optimization, Performance

Product image for SpeedyCache – Cache, Optimization, Performance.
Plugin Slug:speedycache
Installations:100,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.1.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.3.

HUSKY – Products Filter for WooCommerce Professional

Product image for HUSKY – Products Filter for WooCommerce Professional.
Plugin Slug:woocommerce-products-filter
Installations:100,000+
Vulnerability:SQL Injection
Patched in Version:1.3.4.3
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.3.4.3.

Backup Migration

Product image for Backup Migration.
Plugin Slug:backup-backup
Installations:90,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.3.7
Severity Score:High
The vulnerability has been patched, so you should update to version 1.3.7.

NextScripts: Social Networks Auto-Poster

Product image for NextScripts: Social Networks Auto-Poster.
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Installations:60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.4.3
Severity Score:High
The vulnerability has been patched, so you should update to version 4.4.3.

Razorpay for WooCommerce

Product image for Razorpay for WooCommerce.
Plugin Slug:woo-razorpay
Installations:60,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.5.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.5.7.

Razorpay for WooCommerce

Product image for Razorpay for WooCommerce.
Plugin Slug:woo-razorpay
Installations:60,000+
Vulnerability:Broken Access Control
Patched in Version:4.5.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.5.7.

CF7 Google Sheets Connector

Product image for CF7 Google Sheets Connector.
Plugin Slug:cf7-google-sheets-connector
Installations:40,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:5.0.6
Severity Score:High
The vulnerability has been patched, so you should update to version 5.0.6.

JetFormBuilder — Dynamic Blocks Form Builder

Product image for JetFormBuilder — Dynamic Blocks Form Builder.
Plugin Slug:jetformbuilder
Installations:40,000+
Vulnerability:Content Injection
Patched in Version:3.1.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.5.

Media File Renamer: Rename Files (Manual, Auto & AI)

Product image for Media File Renamer: Rename Files (Manual, Auto & AI).
Plugin Slug:media-file-renamer
Installations:40,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:5.7.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.7.0.

Ultimate Addons for Contact Form 7

Product image for Ultimate Addons for Contact Form 7.
Plugin Slug:ultimate-addons-for-contact-form-7
Installations:30,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.2.1
Severity Score:High
The vulnerability has been patched, so you should update to version 3.2.1.

Abandoned Cart Lite for WooCommerce

Product image for Abandoned Cart Lite for WooCommerce.
Plugin Slug:woocommerce-abandoned-cart
Installations:30,000+
Vulnerability:Broken Access Control
Patched in Version:5.16.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.16.2.

Rate my Post – WP Rating System

Product image for Rate my Post – WP Rating System.
Plugin Slug:rate-my-post
Installations:20,000+
Vulnerability:Insecure Direct Object References (IDOR)
Patched in Version:3.4.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.4.2.

Seraphinite Accelerator

Product image for Seraphinite Accelerator.
Plugin Slug:seraphinite-accelerator
Installations:20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.20.29
Severity Score:High
The vulnerability has been patched, so you should update to version 2.20.29.

Video PopUp

Plugin Slug:video-popup
Installations:20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.4.

YASR – Yet Another Star Rating Plugin for WordPress

Product image for YASR – Yet Another Star Rating Plugin for WordPress.
Plugin Slug:yet-another-stars-rating
Installations:20,000+
Vulnerability:Broken Access Control
Patched in Version:3.4.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.4.4.

Participants Database

Product image for Participants Database.
Plugin Slug:participants-database
Installations:10,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.6.

Qode Essential Addons

Product image for Qode Essential Addons.
Plugin Slug:qode-essential-addons
Installations:10,000+
Vulnerability:Remote Code Execution (RCE)
Patched in Version:1.5.3
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.5.3.

WP Tripadvisor Review Widgets

Product image for WP Tripadvisor Review Widgets.
Plugin Slug:review-widgets-for-tripadvisor
Installations:10,000+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Swift Performance Lite

Product image for Swift Performance Lite.
Plugin Slug:swift-performance-lite
Installations:10,000+
Vulnerability:Broken Access Control
Patched in Version:2.3.6.15
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.6.15.

WP Booking System – Booking Calendar

Product image for WP Booking System – Booking Calendar.
Plugin Slug:wp-booking-system
Installations:10,000+
Vulnerability:Broken Access Control
Patched in Version:2.0.19.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.19.3.

Chatbot for WordPress ??

Product image for Chatbot for WordPress ??.
Plugin Slug:collectchat
Installations:8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.0.

Widgets for Reviews & Recommendations

Product image for Widgets for Reviews & Recommendations.
Plugin Slug:free-facebook-reviews-and-recommendations-widgets
Installations:7,000+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Guest Author

Plugin Slug:guest-author
Installations:7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.

Export WP Page to Static HTML/CSS

Product image for Export WP Page to Static HTML/CSS.
Plugin Slug:export-wp-page-to-static-html
Installations:6,000+
Vulnerability:Broken Access Control
Patched in Version:2.2.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.0.

Void Elementor Post Grid Addon for Elementor Page builder

Product image for Void Elementor Post Grid Addon for Elementor Page builder.
Plugin Slug:void-elementor-post-grid-addon-for-elementor-page-builder
Installations:6,000+
Vulnerability:Broken Access Control
Patched in Version:2.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.

Dashboard Widgets Suite

Product image for Dashboard Widgets Suite.
Plugin Slug:dashboard-widgets-suite
Installations:5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.4.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.4.2.

Gift Up Gift Cards for WordPress and WooCommerce

Product image for Gift Up Gift Cards for WordPress and WooCommerce.
Plugin Slug:gift-up
Installations:5,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.22
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.22.

Widgets for Booking.com Reviews

Product image for Widgets for Booking.com Reviews.
Plugin Slug:review-widgets-for-booking-com
Installations:5,000+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Airbnb Reviews

Product image for Widgets for Airbnb Reviews.
Plugin Slug:review-widgets-for-airbnb
Installations:3,000+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Spiffy Calendar

Product image for Spiffy Calendar.
Plugin Slug:spiffy-calendar
Installations:3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.9.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.9.6.

UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping

Plugin Slug:wc-multishipping
Installations:3,000+
Vulnerability:Broken Access Control
Patched in Version:2.3.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.8.

affiliate-toolkit – WordPress Affiliate Plugin

Product image for affiliate-toolkit – WordPress Affiliate Plugin.
Plugin Slug:affiliate-toolkit-starter
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.4.4
Severity Score:High
The vulnerability has been patched, so you should update to version 3.4.4.

BSK Forms Blacklist

Plugin Slug:bsk-gravityforms-blacklist
Installations:2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.7.

Customer Reviews Collector for WooCommerce

Product image for Customer Reviews Collector for WooCommerce.
Plugin Slug:customer-reviews-collector-for-woocommerce
Installations:2,000+
Vulnerability:Arbitrary File Upload
Patched in Version:4.0
Severity Score:High
The vulnerability has been patched, so you should update to version 4.0.

DoFollow Case by Case

Product image for DoFollow Case by Case.
Plugin Slug:dofollow-case-by-case
Installations:2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.5.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.5.0.

teachPress

Plugin:teachPress
Plugin Slug:teachpress
Installations:2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:9.0.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 9.0.6.

teachPress

Plugin:teachPress
Plugin Slug:teachpress
Installations:2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:9.0.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 9.0.5.

Debug Log Manager

Product image for Debug Log Manager.
Plugin Slug:debug-log-manager
Installations:1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.2.

IdeaPush

Product image for IdeaPush.
Plugin:IdeaPush
Plugin Slug:ideapush
Installations:1,000+
Vulnerability:Broken Access Control
Patched in Version:8.58
Severity Score:Medium
The vulnerability has been patched, so you should update to version 8.58.

Widgets for Amazon Reviews

Product image for Widgets for Amazon Reviews.
Plugin Slug:review-widgets-for-amazon
Installations:1,000+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

12 Step Meeting List

Product image for 12 Step Meeting List.
Plugin Slug:12-step-meeting-list
Installations:900+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:3.14.25
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.14.25.

Widgets for Yelp Reviews

Product image for Widgets for Yelp Reviews.
Plugin Slug:reviews-widgets-for-yelp
Installations:800+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Best Chart Plugin – Chartify

Product image for Best Chart Plugin – Chartify.
Plugin Slug:chart-builder
Installations:500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.9.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.9.7.

Widgets for Thumbtack Reviews

Product image for Widgets for Thumbtack Reviews.
Plugin Slug:widgets-for-thumbtack-reviews
Installations:300+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Ebay Reviews

Product image for Widgets for Ebay Reviews.
Plugin Slug:widgets-for-ebay-reviews
Installations:200+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Capterra Reviews

Product image for Widgets for Capterra Reviews.
Plugin Slug:review-widgets-for-capterra
Installations:100+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Zillow Reviews

Product image for Widgets for Zillow Reviews.
Plugin Slug:widgets-for-zillow-reviews
Installations:100+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for WordPress Reviews

Product image for Widgets for WordPress Reviews.
Plugin Slug:reviews-widgets
Installations:50+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Expedia Reviews

Product image for Widgets for Expedia Reviews.
Plugin Slug:widgets-for-expedia-reviews
Installations:40+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Opentable Reviews

Product image for Widgets for Opentable Reviews.
Plugin Slug:review-widgets-for-opentable
Installations:30+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Hotels.com Reviews

Product image for Widgets for Hotels.com Reviews.
Plugin Slug:review-widgets-for-hotels-com
Installations:20+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Árukeres? Reviews

Product image for Widgets for Árukeres? Reviews.
Plugin Slug:review-widgets-for-arukereso
Installations:10+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Foursquare Reviews

Product image for Widgets for Foursquare Reviews.
Plugin Slug:review-widgets-for-foursquare
Installations:10+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Review Widgets for Szallas.hu

Product image for Review Widgets for Szallas.hu.
Plugin Slug:review-widgets-for-szallas-hu
Installations:10+
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for SourceForge Reviews

Product image for Widgets for SourceForge Reviews.
Plugin Slug:widgets-for-sourceforge-reviews
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for AliExpress Reviews

Product image for Widgets for AliExpress Reviews.
Plugin Slug:widgets-for-aliexpress-reviews
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Widgets for Alibaba Reviews

Product image for Widgets for Alibaba Reviews.
Plugin Slug:widgets-for-alibaba-reviews
Vulnerability:Arbitrary File Upload
Patched in Version:11.1
Severity Score:High
The vulnerability has been patched, so you should update to version 11.1.

Theme My Login 2FA

Plugin:Theme My Login 2FA
Plugin Slug:tml-2fa
Vulnerability:Bypass Vulnerability
Patched in Version:1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.

PowerPack Pro for Elementor

Plugin:PowerPack Pro for Elementor
Plugin Slug:powerpack-elements
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.9.24
Severity Score:High
The vulnerability has been patched, so you should update to version 2.9.24.

JetProductGallery

Plugin:JetProductGallery
Plugin Slug:jet-woo-product-gallery
Vulnerability:Broken Access Control
Patched in Version:2.1.13.2
Severity Score:High
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetProductGallery

Plugin:JetProductGallery
Plugin Slug:jet-woo-product-gallery
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.13.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetProductGallery

Plugin:JetProductGallery
Plugin Slug:jet-woo-product-gallery
Vulnerability:Broken Access Control
Patched in Version:2.1.13.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.13.2.

JetWooBuilder

Plugin:JetWooBuilder
Plugin Slug:jet-woo-builder
Vulnerability:Broken Access Control
Patched in Version:2.1.7.3
Severity Score:High
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetWooBuilder

Plugin:JetWooBuilder
Plugin Slug:jet-woo-builder
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.7.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetWooBuilder

Plugin:JetWooBuilder
Plugin Slug:jet-woo-builder
Vulnerability:Broken Access Control
Patched in Version:2.1.7.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.7.3.

JetTricks

Plugin:JetTricks
Plugin Slug:jet-tricks
Vulnerability:Broken Access Control
Patched in Version:1.4.6.2
Severity Score:High
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetTricks

Plugin:JetTricks
Plugin Slug:jet-tricks
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.4.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetTricks

Plugin:JetTricks
Plugin Slug:jet-tricks
Vulnerability:Broken Access Control
Patched in Version:1.4.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.4.6.2.

JetThemeCore

Plugin:JetThemeCore
Plugin Slug:jet-theme-core
Vulnerability:Broken Access Control
Patched in Version:2.1.2.2
Severity Score:High
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetThemeCore

Plugin:JetThemeCore
Plugin Slug:jet-theme-core
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.2.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetThemeCore

Plugin:JetThemeCore
Plugin Slug:jet-theme-core
Vulnerability:Broken Access Control
Patched in Version:2.1.2.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.2.2.

JetTabs

Plugin:JetTabs
Plugin Slug:jet-tabs
Vulnerability:Broken Access Control
Patched in Version:2.1.25.2
Severity Score:High
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetTabs

Plugin:JetTabs
Plugin Slug:jet-tabs
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.25.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetTabs

Plugin:JetTabs
Plugin Slug:jet-tabs
Vulnerability:Broken Access Control
Patched in Version:2.1.25.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.25.2.

JetSmartFilters

Plugin:JetSmartFilters
Plugin Slug:jet-smart-filters
Vulnerability:Broken Access Control
Patched in Version:3.2.2.1
Severity Score:High
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSmartFilters

Plugin:JetSmartFilters
Plugin Slug:jet-smart-filters
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.2.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSmartFilters

Plugin:JetSmartFilters
Plugin Slug:jet-smart-filters
Vulnerability:Broken Access Control
Patched in Version:3.2.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.2.1.

JetSearch

Plugin:JetSearch
Plugin Slug:jet-search
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.1.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.2.1.

JetSearch

Plugin:JetSearch
Plugin Slug:jet-search
Vulnerability:Broken Access Control
Patched in Version:3.1.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.2.1.

JetReviews

Plugin:JetReviews
Plugin Slug:jet-reviews
Vulnerability:Broken Access Control
Patched in Version:2.3.2.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetReviews

Plugin:JetReviews
Plugin Slug:jet-reviews
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.3.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetReviews

Plugin:JetReviews
Plugin Slug:jet-reviews
Vulnerability:Broken Access Control
Patched in Version:2.3.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.2.1.

JetPopup

Plugin:JetPopup
Plugin Slug:jet-popup
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.0.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.2.1.

JetPopup

Plugin:JetPopup
Plugin Slug:jet-popup
Vulnerability:Broken Access Control
Patched in Version:2.0.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.2.1.

JetMenu

Plugin:JetMenu
Plugin Slug:jet-menu
Vulnerability:Broken Access Control
Patched in Version:2.4.2
Severity Score:High
The vulnerability has been patched, so you should update to version 2.4.2.

JetMenu

Plugin:JetMenu
Plugin Slug:jet-menu
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.4.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.2.

JetMenu

Plugin:JetMenu
Plugin Slug:jet-menu
Vulnerability:Broken Access Control
Patched in Version:2.4.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.2.

JetEngine

Plugin:JetEngine
Plugin Slug:jet-engine
Vulnerability:Privilege Escalation
Patched in Version:3.2.5
Severity Score:High
The vulnerability has been patched, so you should update to version 3.2.5.
Plugin:JetEngine
Plugin Slug:jet-engine
Vulnerability:Broken Access Control
Patched in Version:3.2.5
Severity Score:High
The vulnerability has been patched, so you should update to version 3.2.5.

JetEngine

Plugin:JetEngine
Plugin Slug:jet-engine
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.2.5.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.5.2.

JetEngine

Plugin:JetEngine
Plugin Slug:jet-engine
Vulnerability:Broken Access Control
Patched in Version:3.2.5.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.2.5.2.

JetElements For Elementor

Plugin:JetElements For Elementor
Plugin Slug:jet-elements
Vulnerability:Arbitrary File Download
Patched in Version:2.6.13.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:JetElements For Elementor
Plugin Slug:jet-elements
Vulnerability:Broken Access Control
Patched in Version:2.6.13.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:JetElements For Elementor
Plugin Slug:jet-elements
Vulnerability:Broken Access Control
Patched in Version:2.6.13.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetElements For Elementor

Plugin:JetElements For Elementor
Plugin Slug:jet-elements
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.6.13.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.6.13.1.

JetCompareWishlist

Plugin:JetCompareWishlist
Plugin Slug:jet-compare-wishlist
Vulnerability:Broken Access Control
Patched in Version:1.5.5.2
Severity Score:High
The vulnerability has been patched, so you should update to version 1.5.5.2.

JetCompareWishlist

Plugin:JetCompareWishlist
Plugin Slug:jet-compare-wishlist
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.5.5.2
Severity Score:Medium
 

JetCompareWishlist

Plugin:JetCompareWishlist
Plugin Slug:jet-compare-wishlist
Vulnerability:Broken Access Control
Patched in Version:1.5.5.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.5.2.

JetBlog

Plugin:JetBlog
Plugin Slug:jet-blog
Vulnerability:Broken Access Control
Patched in Version:2.3.5.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlog

Plugin:JetBlog
Plugin Slug:jet-blog
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.3.5.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlog

Plugin:JetBlog
Plugin Slug:jet-blog
Vulnerability:Broken Access Control
Patched in Version:2.3.5.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.5.1.

JetBlocks For Elementor

Plugin:JetBlocks For Elementor
Plugin Slug:jet-blocks
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.8.1
Severity Score:High
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:JetBlocks For Elementor
Plugin Slug:jet-blocks
Vulnerability:Broken Access Control
Patched in Version:1.3.8.1
Severity Score:High
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:JetBlocks For Elementor
Plugin Slug:jet-blocks
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.3.8.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.8.1.

JetBlocks For Elementor

Plugin:JetBlocks For Elementor
Plugin Slug:jet-blocks
Vulnerability:Broken Access Control
Patched in Version:1.3.8.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.8.1.