WordPress Core Vulnerabilities — Patched
WordPress Plugin Vulnerabilities — Patched
In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!
These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.
WooCommerce Stripe Payment Gateway
PLUGIN SLUGwoocommerce-gateway-stripe
INSTALLATIONS900,000+
VULNERABILITYUnauthenticated Broken Access Control
PATCHED IN VERSION7.4.1
SEVERITY SCOREHigh
CVE2023-35049
WooCommerce Stripe Payment Gateway
PLUGIN SLUGwoocommerce-gateway-stripe
INSTALLATIONS900,000+
VULNERABILITYInsecure Direct Object References (IDOR)
PATCHED IN VERSION7.4.1
SEVERITY SCOREHigh
CVE2023-34000
Password Protected
PLUGINPassword Protected
PLUGIN SLUGpassword-protected
INSTALLATIONS300,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.6.3
SEVERITY SCOREMedium
CVE2023-32580
Photo Gallery by 10Web
PLUGIN SLUGphoto-gallery
INSTALLATIONS200,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION1.8.16
SEVERITY SCOREMedium
CVE2023-33995
Unlimited Elements For Elementor
PLUGIN SLUGunlimited-elements-for-elementor
INSTALLATIONS200,000+
VULNERABILITYUnrestricted Zip Extraction
PATCHED IN VERSION1.5.67
SEVERITY SCORECritical
CVE2023-33930
Download Monitor
PLUGINDownload Monitor
PLUGIN SLUGdownload-monitor
INSTALLATIONS100,000+
VULNERABILITYArbitrary File Upload
PATCHED IN VERSION4.8.4
SEVERITY SCORECritical
CVE2023-34007
WooCommerce Square
PLUGINWooCommerce Square
PLUGIN SLUGwoocommerce-square
INSTALLATIONS100,000+
VULNERABILITYInsecure Direct Object References (IDOR)
PATCHED IN VERSION3.8.2
SEVERITY SCOREHigh
CVE2023-35876
Conditional Menus
PLUGINConditional Menus
PLUGIN SLUGconditional-menus
INSTALLATIONS70,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION1.2.1
SEVERITY SCOREHigh
CVE2023-2654
Dokan
PLUGIN SLUGdokan-lite
INSTALLATIONS60,000+
VULNERABILITYPHP Object Injection
PATCHED IN VERSION3.7.20
SEVERITY SCOREMedium
CVE2023-34382
WordPress Plugin Vulnerabilities — Unpatched
This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.
Seed Fonts
PLUGINSeed Fonts
PLUGIN SLUGseed-fonts
INSTALLATIONS20,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35779
Flo Forms
PLUGIN SLUGflo-forms
INSTALLATIONS10,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35095
MasterStudy LMS
PLUGIN SLUGmasterstudy-lms-learning-management-system
INSTALLATIONS10,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35090
MasterStudy LMS
PLUGIN SLUGmasterstudy-lms-learning-management-system
INSTALLATIONS10,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35093
Form Builder
PLUGIN SLUGcontact-form-add
INSTALLATIONS6,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-23795
Google Map Shortcode
PLUGINGoogle Map Shortcode
PLUGIN SLUGgoogle-map-shortcode
INSTALLATIONS4,000+
VULNERABILITYReflected Cross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-35772
WP Matterport Shortcode
PLUGINWP Matterport Shortcode
PLUGIN SLUGshortcode-gallery-for-matterport-showcase
INSTALLATIONS4,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35094
Sermon’e – Sermons Online
PLUGIN SLUGsermone-online-sermons-management
INSTALLATIONS3,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35776
Template Debugger
PLUGINTemplate Debugger
PLUGIN SLUGquick-edit-template-link
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35773
Recent Posts Slider
PLUGINRecent Posts Slider
PLUGIN SLUGrecent-posts-slider
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35778
Recent Posts Slider
PLUGINRecent Posts Slider
PLUGIN SLUGrecent-posts-slider
INSTALLATIONS2,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-35043
Securimage-WP
PLUGINSecurimage-WP
PLUGIN SLUGsecurimage-wp
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35044
breadcrumb simple
PLUGINbreadcrumb simple
PLUGIN SLUGbreadcrumb-simple
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35092
Fat Rat Collect
PLUGIN
PLUGIN SLUGfat-rat-collect
INSTALLATIONS1,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35045
Galleria
PLUGINGalleria
PLUGIN SLUGgalleria
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-35780
Who Hit The Page – Hit Counter
PLUGIN SLUGwho-hit-the-page-hit-counter
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-25466
WordPress NextGen GalleryView
PLUGIN SLUGwordpress-nextgen-galleryview
INSTALLATIONS1,000+
VULNERABILITYReflected Cross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-35098
WP Affiliate Links
PLUGINWP Affiliate Links
PLUGIN SLUGwp-affiliate-links
INSTALLATIONS1,000+
VULNERABILITYReflected Cross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-35097
WP Backup Manager
PLUGINWP Backup Manager
PLUGIN SLUGwp-backup-manager
INSTALLATIONS1,000+
VULNERABILITYReflected Cross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREHigh
CVE2023-35775
MojoPlug Slide Panel
PLUGINMojoPlug Slide Panel
PLUGIN SLUGmojoplug-slide-panel
INSTALLATIONS800+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-23807
Smoothscroller
PLUGINSmoothscroller
PLUGIN SLUGsmoothscroller
INSTALLATIONS800+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-23811
wpView
PLUGIN SLUGwpview
INSTALLATIONS200+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-33213
Login Configurator
PLUGINLogin Configurator
PLUGIN SLUGlogin-configurator
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-34369
Upload Resume
PLUGINUpload Resume
PLUGIN SLUGresume-upload-form
VULNERABILITYCaptcha Bypass Vulnerability
PATCHED IN VERSIONNo Fix
SEVERITY SCOREMedium
CVE2023-2751