Skip links

Skip to primary navigation
Skip to content

Η Εταιρεία
Υπηρεσίες
Marketplace
Apps
Υπηρεσίες Web & IT για Agencies
Νέα
Επικοινωνία

Client Area

Support
Ask IT Support Meeting

Κεντρικό Μενού

Η Εταιρεία
Υπηρεσίες
Marketplace
Apps
Υπηρεσίες Web & IT για Agencies
Νέα
Επικοινωνία

0

Cart 0

Δεν υπάρχουν προϊόντα στο καλάθι.

info@thinkeasy.gr

Join a meeting with us

WordPress Vulnerability Report – January 7, 2023

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

All In One WP Security & Firewall

PLUGIN: All-In-One Security (AIOS) – Security and Firewall
PLUGIN SLUG: all-in-one-wp-security-and-firewall
INSTALLATIONS: 1,000,000+
VULNERABILITY: Configuration Leak
PATCHED IN VERSION: 5.1.3
SEVERITY SCORE: Medium
CVE: 2022-4346

The vulnerability has been patched, so you should update to version 5.1.3.

WP Statistics

PLUGIN: WP Statistics
PLUGIN SLUG: wp-statistics
INSTALLATIONS: 600,000+
VULNERABILITY: Authenticated SQLi
PATCHED IN VERSION: 13.2.9
SEVERITY SCORE: High
CVE: 2022-4230

The vulnerability has been patched, so you should update to version 13.2.9.

Sassy Social Share

PLUGIN: Social Sharing Plugin – Sassy Social Share
PLUGIN SLUG: sassy-social-share
INSTALLATIONS: 100,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.3.45
SEVERITY SCORE: Medium
CVE: 2022-4451

The vulnerability has been patched, so you should update to version 3.3.45.

Google Analyticator

PLUGIN: Analyticator
PLUGIN SLUG: google-analyticator
INSTALLATIONS: 100,000+
VULNERABILITY: Admin+ PHP Object Injection
PATCHED IN VERSION: 6.5.6
SEVERITY SCORE: Low
CVE: 2022-4323

The vulnerability has been patched, so you should update to version 6.5.6.

Simple Sitemap

PLUGIN: Simple Sitemap – Create a Responsive HTML Sitemap
PLUGIN SLUG: simple-sitemap
INSTALLATIONS: 90,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.5.8
SEVERITY SCORE: Medium
CVE: 2022-4472

The vulnerability has been patched, so you should update to version 3.5.8.

Booster for WooCommerce

PLUGIN: Booster for WooCommerce
PLUGIN SLUG: woocommerce-jetpack
INSTALLATIONS: 70,000+
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

PLUGIN: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
PLUGIN SLUG: easy-facebook-likebox
INSTALLATIONS: 70,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 6.4.0
SEVERITY SCORE: Medium
CVE: 2022-4474

The vulnerability has been patched, so you should update to version 6.4.0.

Collapse-O-Matic

PLUGIN: Collapse-O-Matic
PLUGIN SLUG: jquery-collapse-o-matic
INSTALLATIONS: 60,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.8.3
SEVERITY SCORE: Medium
CVE: 2022-4475

The vulnerability has been patched, so you should update to version 1.8.3.

Search & Filter

PLUGIN: Search & Filter
PLUGIN SLUG: search-filter
INSTALLATIONS: 50,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.2.16
SEVERITY SCORE: Medium
CVE: 2022-4467

The vulnerability has been patched, so you should update to version 1.2.16.

Content Control

PLUGIN: Content Control – User Access Restriction Plugin
PLUGIN SLUG: content-control
INSTALLATIONS: 40,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.1.10
SEVERITY SCORE: Medium
CVE: 2022-4509

The vulnerability has been patched, so you should update to version 1.1.10.

Page-list

PLUGIN: Page-list
PLUGIN SLUG: page-list
INSTALLATIONS: 40,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 5.3
SEVERITY SCORE: Medium
CVE: 2022-4485

The vulnerability has been patched, so you should update to version 5.3.

OneClick Chat to Order

PLUGIN: OneClick Chat to Order
PLUGIN SLUG: oneclick-whatsapp-order
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.4.2
SEVERITY SCORE: Medium
CVE: 2022-4760

The vulnerability has been patched, so you should update to version 1.0.4.2.

Sitemap

PLUGIN: Sitemap
PLUGIN SLUG: sitemap
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 4.4
SEVERITY SCORE: Medium
CVE: 2022-4545

The vulnerability has been patched, so you should update to version 4.4.

Compact WP Audio Player

PLUGIN: Compact WP Audio Player
PLUGIN SLUG: compact-wp-audio-player
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 1.9.8
SEVERITY SCORE: Medium
CVE: 2022-4542

The vulnerability has been patched, so you should update to version 1.9.8.

WP Popups

PLUGIN: WP Popups – WordPress Popup builder
PLUGIN SLUG: wp-popups-lite
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 2.1.4.8
SEVERITY SCORE: Medium
CVE: 2022-4716

The vulnerability has been patched, so you should update to version 2.1.4.8.

Top 10

PLUGIN: Top 10 – Popular posts plugin for WordPress
PLUGIN SLUG: top-10
INSTALLATIONS: 30,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 3.2.3
SEVERITY SCORE: Medium
CVE: 2022-4570

The vulnerability has been patched, so you should update to version 3.2.3.

Login Logout Menu

PLUGIN: Login Logout Menu
PLUGIN SLUG: login-logout-menu
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.4.0
SEVERITY SCORE: Medium
CVE: 2022-4625

The vulnerability has been patched, so you should update to version 1.4.0.

ShiftNav – Responsive Mobile Menu

PLUGIN: ShiftNav – Responsive Mobile Menu
PLUGIN SLUG: shiftnav-responsive-mobile-menu
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.7.2
SEVERITY SCORE: Medium
CVE: 2022-4627

The vulnerability has been patched, so you should update to version 1.7.2.

Product Slider for WooCommerce

PLUGIN: Product Slider for WooCommerce
PLUGIN SLUG: woo-product-slider
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 2.6.4
SEVERITY SCORE: Medium
CVE: 2022-4629

The vulnerability has been patched, so you should update to version 2.6.4.

Mongoose Page Plugin

PLUGIN: Mongoose Page Plugin
PLUGIN SLUG: facebook-page-feed-graph-api
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.9.0
SEVERITY SCORE: Medium
CVE: 2022-4675

The vulnerability has been patched, so you should update to version 1.9.0.

Rate my Post – WP Rating System

PLUGIN: Rate my Post – WP Rating System
PLUGIN SLUG: rate-my-post
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 3.3.9
SEVERITY SCORE: Medium
CVE: 2022-4673

The vulnerability has been patched, so you should update to version 3.3.9.

WordPress Simple Shopping Cart

PLUGIN: WordPress Simple Shopping Cart
PLUGIN SLUG: wordpress-simple-paypal-shopping-cart
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 4.6.2
SEVERITY SCORE: Medium
CVE: 2022-4672

The vulnerability has been patched, so you should update to version 4.6.2.

Structured Content

PLUGIN: Structured Content (JSON-LD) #wpsc
PLUGIN SLUG: structured-content
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 1.5.1
SEVERITY SCORE: Medium
CVE: 2022-4715

The vulnerability has been patched, so you should update to version 1.5.1.

GS Logo Slider

PLUGIN: GS Logo Slider – Ticker, Grid, List, Table & Filter Views
PLUGIN SLUG: gs-logo-slider
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 3.3.8
SEVERITY SCORE: Medium
CVE: 2022-4624

The vulnerability has been patched, so you should update to version 3.3.8.

Video Conferencing with Zoom

PLUGIN: Video Conferencing with Zoom
PLUGIN SLUG: video-conferencing-with-zoom-api
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: 4.0.10
SEVERITY SCORE: Medium
CVE: 2022-4578

The vulnerability has been patched, so you should update to version 4.0.10.

Easy Appointments

PLUGIN: Easy Appointments
PLUGIN SLUG: easy-appointments
INSTALLATIONS: 20,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 3.11.2
SEVERITY SCORE: Medium
CVE: 2022-4668

The vulnerability has been patched, so you should update to version 3.11.2.

GeoDirectory

PLUGIN: GeoDirectory – WordPress Business Directory Plugin and Classified Ads Listings
PLUGIN SLUG: geodirectory
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.2.22
SEVERITY SCORE: Medium
CVE: 2022-4775

The vulnerability has been patched, so you should update to version 2.2.22.

Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio

PLUGIN: Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio
PLUGIN SLUG: portfolio-elementor
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.3.1
SEVERITY SCORE: Medium
CVE: 2022-4765

The vulnerability has been patched, so you should update to version 2.3.1.

WP Google My Business Auto Publish

PLUGIN: Auto Publish for Google My Business
PLUGIN SLUG: wp-google-my-business-auto-publish
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 3.4
SEVERITY SCORE: Medium
CVE: 2022-4790

The vulnerability has been patched, so you should update to version 3.4.

Landing Page Builder

PLUGIN: Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages
PLUGIN SLUG: page-builder-add
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Cross-Site Scripting via Shortcode
PATCHED IN VERSION: 1.4.9.9
SEVERITY SCORE: Medium
CVE: 2022-4718

The vulnerability has been patched, so you should update to version 1.4.9.9.

WPZOOM Portfolio

PLUGIN: WPZOOM Portfolio
PLUGIN SLUG: wpzoom-portfolio
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.2.2
SEVERITY SCORE: Medium
CVE: 2022-4789

The vulnerability has been patched, so you should update to version 1.2.2.

10WebMapBuilder

PLUGIN: 10WebMapBuilder
PLUGIN SLUG: wd-google-maps
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.72
SEVERITY SCORE: Medium
CVE: 2022-4758

The vulnerability has been patched, so you should update to version 1.0.72.

Word Balloon

PLUGIN: Word Balloon
PLUGIN SLUG: word-balloon
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 4.19.3
SEVERITY SCORE: Medium
CVE: 2022-4751

The vulnerability has been patched, so you should update to version 4.19.3.

PDF Viewer

PLUGIN: PDF Viewer
PLUGIN SLUG: pdf-viewer
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.0.0
SEVERITY SCORE: Medium
CVE: 2023-0033

The vulnerability has been patched, so you should update to version 1.0.0.

Print-O-Matic

PLUGIN: Print-O-Matic
PLUGIN SLUG: print-o-matic
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.1.8
SEVERITY SCORE: Medium
CVE: 2022-4753

The vulnerability has been patched, so you should update to version 2.1.8.

HashBar – WordPress Notification Bar

PLUGIN: HashBar – WordPress Notification Bar
PLUGIN SLUG: hashbar-wp-notification-bar
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.3.6
SEVERITY SCORE: Medium
CVE: 2022-4650

The vulnerability has been patched, so you should update to version 1.3.6.

PixCodes

PLUGIN: PixCodes
PLUGIN SLUG: pixcodes
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS in Shortcode
PATCHED IN VERSION: 2.3.7
SEVERITY SCORE: Medium
CVE: 2022-4671

The vulnerability has been patched, so you should update to version 2.3.7.

Genesis Columns Advanced

PLUGIN: Genesis Columns Advanced
PLUGIN SLUG: genesis-columns-advanced
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 2.0.4
SEVERITY SCORE: Medium
CVE: 2022-4706

The vulnerability has been patched, so you should update to version 2.0.4.

Passster

PLUGIN: Passster – Password Protection
PLUGIN SLUG: content-protector
INSTALLATIONS: 10,000+
VULNERABILITY: Protection Bypass & Arbitrary Post Access; Contributor+ Stored Cross-Site Scripting
PATCHED IN VERSION: 3.5.5.9
SEVERITY SCORE: High
CVE: 2021-24881

The vulnerability has been patched, so you should update to version 3.5.5.9.

Bold Timeline Lite

PLUGIN: Bold Timeline Lite
PLUGIN SLUG: bold-timeline-lite
INSTALLATIONS: 10,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.1.5
SEVERITY SCORE: Medium
CVE: 2022-4828

The vulnerability has been patched, so you should update to version 1.1.5.

Icon Widget

PLUGIN: Icon Widget
PLUGIN SLUG: icon-widget
INSTALLATIONS: 9,000+
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.3.0
SEVERITY SCORE: Medium
CVE: 2022-4763

The vulnerability has been patched, so you should update to version 1.3.0.

User Verification

PLUGIN: User Verification
PLUGIN SLUG: user-verification
INSTALLATIONS: 5,000+
VULNERABILITY: Authentication Bypass
PATCHED IN VERSION: 1.0.94
SEVERITY SCORE: Critical
CVE: 2022-4693

The vulnerability has been patched, so you should update to version 1.0.94.

Survey Maker

PLUGIN: Survey Maker – Best WordPress Survey Plugin
PLUGIN SLUG: survey-maker
INSTALLATIONS: 3,000+
VULNERABILITY: Unauthenticated Stored XSS
PATCHED IN VERSION: 3.1.4
SEVERITY SCORE: High
CVE: 2023-0038

The vulnerability has been patched, so you should update to version 3.1.4.

Pardakht Delkhah

PLUGIN: ?????? ?????? ??????
PLUGIN SLUG: pardakht-delkhah
INSTALLATIONS: 1,000+
VULNERABILITY: Unauthenticated Stored XSS
PATCHED IN VERSION: 2.9.3
SEVERITY SCORE: High
CVE: 2022-4307

The vulnerability has been patched, so you should update to version 2.9.3.

Optimize images ALT Text (alt tag) & names for SEO using AI

PLUGIN: Optimize images ALT Text (alt tag) & names for SEO using AI
PLUGIN SLUG: imageseo
INSTALLATIONS: 1,000+
VULNERABILITY: Settings Update via CSRF
PATCHED IN VERSION: 2.0.8
SEVERITY SCORE: Low
CVE: 2022-4548

The vulnerability has been patched, so you should update to version 2.0.8.

FluentAuth

PLUGIN: FluentAuth – The Ultimate Authorization & Security Plugin for WordPress
PLUGIN SLUG: fluent-security
INSTALLATIONS: 700+
VULNERABILITY: Bypass blocks by IP Spoofing
PATCHED IN VERSION: 1.0.2
SEVERITY SCORE: Medium
CVE: 2022-4746

The vulnerability has been patched, so you should update to version 1.0.2.

Login as User or Customer

PLUGIN: Login as User or Customer
PLUGIN SLUG: login-as-customer-or-user
INSTALLATIONS: 400+
VULNERABILITY: Unauthenticated Privilege Escalation to Admin
PATCHED IN VERSION: 3.3
SEVERITY SCORE: Critical
CVE: 2022-4305

The vulnerability has been patched, so you should update to version 3.3.

Booster for WooCommerce

PLUGIN: Booster Elite for WooCommerce
PLUGIN SLUG: booster-elite-for-woocommerce
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

BruteBank – WP Security & Firewall

PLUGIN: BruteBank – WP Security & Firewall
PLUGIN SLUG: brutebank
VULNERABILITY: Settings Update via CSRF
PATCHED IN VERSION: 1.9
SEVERITY SCORE: Medium
CVE: 2022-4443

The vulnerability has been patched, so you should update to version 1.9.

Booster for WooCommerce

PLUGIN: Booster Plus for WooCommerce
PLUGIN SLUG: booster-plus-for-woocommerce
VULNERABILITY: Multiple CSRF
PATCHED IN VERSION: 6.0.1
SEVERITY SCORE: Medium
CVE: 2022-4017

The vulnerability has been patched, so you should update to version 6.0.1.

Justified Gallery

PLUGIN: Justified Gallery
PLUGIN SLUG: justified-gallery
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: 1.7.1
SEVERITY SCORE: Medium
CVE: 2022-4651

The vulnerability has been patched, so you should update to version 1.7.1.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the plugin.

WP Limit Login Attempts

PLUGIN: WP Limit Login Attempts
PLUGIN SLUG: wp-limit-login-attempts
INSTALLATIONS: 20,000+
VULNERABILITY: IP Spoofing
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4303

The vulnerability has not been patched. You should deactivate the plugin.

Members Import

PLUGIN: Members Import
PLUGIN SLUG: members-import
VULNERABILITY: XSS via Imported CSV
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4663

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Accordion Shortcodes

PLUGIN: Accordion Shortcodes
PLUGIN SLUG: accordion-shortcodes
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4781

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

CPT Bootstrap Carousel

PLUGIN: CPT Bootstrap Carousel
PLUGIN SLUG: cpt-bootstrap-carousel
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4834

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Meteor Slides

PLUGIN: Meteor Slides
PLUGIN SLUG: meteor-slides
VULNERABILITY: Contributor+ Stored XSS
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4486

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

CBX Petition for WordPress

PLUGIN: CBX Petition for WordPress
PLUGIN SLUG: cbxpetition
VULNERABILITY: Unauthenticated SQLi
PATCHED IN VERSION: No Fix
SEVERITY SCORE: High
CVE: 2022-4383

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Social Sharing Toolkit

PLUGIN: Social Sharing Toolkit
PLUGIN SLUG: social-sharing-toolkit
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4835

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

MediaElement.js – HTML5 Video & Audio Player

PLUGIN: MediaElement.js – HTML5 Video & Audio Player
PLUGIN SLUG: media-element-html5-video-and-audio-player
VULNERABILITY: Contributor+ Stored XSS via Shortcode
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Medium
CVE: 2022-4699

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

EU Cookie Law

PLUGIN: EU Cookie Law for GDPR/CCPA
PLUGIN SLUG: eu-cookie-law
VULNERABILITY: Admin+ Stored XSS
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Low
CVE: 2022-3811

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

In this section, the latest WordPress theme vulnerabilities have been disclosed. Each theme listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

Multiple themes – Unauthenticated Arbitrary File Upload

THEME: WeStand
THEME SLUG: westand
VULNERABILITY: RCE
PATCHED IN VERSION: 2.1
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has been patched, so you should update to version 2.1.

WordPress Theme Vulnerabilities – No Known Fix

This section contains theme vulnerabilities with no known fix. Until a patch is available, immediately uninstall and delete the theme.

Aidreform

THEME: aidreform
THEME SLUG: aidreform
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Kingclub-theme

THEME: kingclub-theme
THEME SLUG: kingclub-theme
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Footysquare

THEME: footysquare
THEME SLUG: footysquare
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Spikes-black

THEME: spikes-black
THEME SLUG: spikes-black
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Stratfort

THEME: stratfort
THEME SLUG: statfort
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Spikes

THEME: spikes
THEME SLUG: spikes
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Club-theme

THEME: club-theme
THEME SLUG: club-theme
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Soundblast

THEME: soundblast
THEME SLUG: soundblast
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Bolster

THEME: bolster
THEME SLUG: bolster
VULNERABILITY: Unauthenticated Arbitrary File Upload
PATCHED IN VERSION: No Fix
SEVERITY SCORE: Critical
CVE: 2022-0316

The vulnerability has not been patched. You should switch themes.

Share On

Previous Article Previous Article WordPress Vulnerability Report – December 28, 2022

Next Article Next Article Νέος τιμοκατάλογος Domain / Registry / Hosting

Μπορεί επίσης να σας αρέσει

Ασφάλεια

ChatGPT vs Gemini: ασφάλεια δεδομένων και enterprise controls για επιχειρήσεις

Ασφάλεια

WordPress Vulnerability Report — Feb 11 206

Request Technical Proposal

Στείλτε μας το είδος έργου σας, βασικές απαιτήσεις και ενδεικτικό χρονοδιάγραμμα, ώστε να επιστρέψουμε δομημένη τεχνική πρόταση με scope και στάδια υλοποίησης.

Κείστε το ραντεβού σας.

Υποστήριξη IT, Hosting & Ψηφιακών Έργων από την ThinkEasy

Είμαστε εδώ για να απαντήσουμε σε κάθε ερώτημα και να σας βοηθήσουμε να λύσετε αποτελεσματικά οποιοδήποτε τεχνικό ή λειτουργικό θέμα.

Υποστήριξη IT & Τεχνική Βοήθεια

Η ομάδα μας παρέχει τεχνική υποστήριξη IT για ιστοσελίδες, υποδομές, εταιρικά συστήματα και καθημερινά τεχνικά ζητήματα.

it@thinkeasy.gr

Έχετε κάποιο Project ή ιδέα;

Αναλαμβάνουμε ψηφιακά έργα, ιστοσελίδες, eshop, custom λύσεις και IT projects. Αν έχετε μια ιδέα ή χρειάζεστε τεχνική καθοδήγηση, μπορούμε να σας βοηθήσουμε.

info@thinkeasy.gr

Online Συνάντηση (Google Meet)

Μπορούμε να οργανώσουμε online συνάντηση μέσω Google Meet για ανάλυση αναγκών ή τεχνική καθοδήγηση.

info@thinkeasy.gr

Υποστήριξη Hosting 24/7

Η υποστήριξη hosting της ThinkEasy λειτουργεί 24/7/365, για θέματα διαθεσιμότητας, ταχύτητας, ασφάλειας και server issues.

support@thinkeasy.gr

— copy email: info@thinkeasy.gr

Εταιρεία

Σχετικά με εμάς
Marketplace
Apps Νέο
Agencies

Υπηρεσίες

Website Development
Custom Development
Hosting Services
Business IT Support

Βοηθήματα

Πολιτική Απορρήτου
Όροι Χρήσης
Παράρτημα Α
Cookies

Επιλογή Γλώσσας

2026 Develop & Design by ThinkEasy.

Facebook Instagram

Λογαριασμός

Αναζήτηση

Διαχείριση Συγκατάθεσης

Για να παρέχουμε την καλύτερη εμπειρία, χρησιμοποιούμε τεχνολογίες όπως cookies για την αποθήκευση ή/και την πρόσβαση σε πληροφορίες συσκευών. Η συγκατάθεση για τις εν λόγω τεχνολογίες θα μας επιτρέψει να επεξεργαστούμε δεδομένα προσωπικού χαρακτήρα, όπως συμπεριφορά περιήγησης ή μοναδικά αναγνωριστικά σε αυτόν τον ιστότοπο. Η μη συγκατάθεση ή η ανάκληση της συγκατάθεσης, μπορεί να επηρεάσει αρνητικά ορισμένες λειτουργίες και δυνατότητες.

Λειτουργικά Λειτουργικά Πάντα ενεργό

Η τεχνική αποθήκευση ή πρόσβαση είναι απολύτως απαραίτητη για τον νόμιμο σκοπό της δυνατότητας χρήσης συγκεκριμένης υπηρεσίας που ζητείται ρητά από τον συνδρομητή ή τον χρήστη ή με αποκλειστικό σκοπό τη μετάδοση επικοινωνίας μέσω δικτύου ηλεκτρονικών επικοινωνιών.

Προτιμήσεις Προτιμήσεις

Η τεχνική αποθήκευση ή πρόσβαση είναι απαραίτητη για τον νόμιμο σκοπό της αποθήκευσης προτιμήσεων που δεν ζητούνται από τον συνδρομητή ή τον χρήστη.

Στατιστικά Στατιστικά

Η τεχνική αποθήκευση ή πρόσβαση που χρησιμοποιείται αποκλειστικά για στατιστικούς σκοπούς. Η τεχνική αποθήκευση ή πρόσβαση που χρησιμοποιείται αποκλειστικά για ανώνυμους στατιστικούς σκοπούς. Χωρίς κλήτευση, η εθελοντική συμμόρφωση εκ μέρους του Παρόχου Υπηρεσιών Διαδικτύου ή πρόσθετες καταγραφές από τρίτο μέρος, οι πληροφορίες που αποθηκεύονται ή ανακτώνται για το σκοπό αυτό από μόνες τους δεν μπορούν συνήθως να χρησιμοποιηθούν για την αναγνώρισή σας.

Εμπορικής Προώθησης Εμπορικής Προώθησης

Η τεχνική αποθήκευση ή πρόσβαση απαιτείται για τη δημιουργία προφίλ χρηστών, για την αποστολή διαφημίσεων ή για την καταγραφή του χρήστη σε έναν ιστότοπο ή σε διάφορους ιστότοπους για παρόμοιους σκοπούς εμπορικής προώθησης.

Διαχείριση επιλογών
Διαχείριση υπηρεσιών
Manage {vendor_count} vendors
Διαβάστε περισσότερα για αυτούς τους σκοπούς

Προβολή προτιμήσεων

{title}
{title}
{title}

Explore

Drag