PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Vulnerability Report – March 15, 2023

WordPress Plugin Vulnerabilities with Patches

In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!

These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.

Updraft Plus

Product image for UpdraftPlus WordPress Backup Plugin.

PLUGIN SLUGupdraftplus
INSTALLATIONS3,000,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.23.1
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 1.23.1.

Product image for Popup Maker – Popup for opt-ins, lead gen, & more.

PLUGIN SLUGpopup-maker
INSTALLATIONS700,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.18.1
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 1.18.1.

Product image for Complianz – GDPR/CCPA Cookie Consent.

PLUGIN SLUGcomplianz-gdpr
INSTALLATIONS600,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.4.2
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 6.4.2.

301 Redirects – Easy Redirect Manager

Product image for 301 Redirects – Easy Redirect Manager.

PLUGIN SLUGeps-301-redirects
INSTALLATIONS200,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.73
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 2.73.

Product image for External Links – nofollow, noopener & new window.

PLUGIN SLUGwp-external-links
INSTALLATIONS100,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.58
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 2.58.

WP Maps

Product image for WordPress Plugin for Google Maps – WP MAPS.

PLUGIN SLUGwp-google-map-plugin
INSTALLATIONS100,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION4.4.3
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 4.4.3.

 Ajax Load More

Product image for WordPress Infinite Scroll – Ajax Load More.

PLUGIN SLUGajax-load-more
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION5.6.0.3
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 5.6.0.3.

Site Reviews

Product image for Site Reviews.

PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 6.6.0.

Site Reviews

Product image for Site Reviews.

PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 6.6.0.

Site Reviews

Product image for Site Reviews.

PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 6.6.0.

Klaviyo

PLUGIN Klaviyo
PLUGIN SLUGklaviyo
INSTALLATIONS30,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION3.0.8
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 3.0.8.

Customify

Product image for Customify – Intuitive Website Styling.

PLUGIN SLUGcustomify
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.10.5
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 2.10.5.

Redirect Redirection

Product image for Redirection.

PLUGIN Redirection
PLUGIN SLUGredirect-redirection
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.1.5
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 1.1.5.

Reusable Blocks Extended

Product image for Reusable Blocks Extended.

PLUGIN SLUGreusable-blocks-extended
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION0.9.1
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 0.9.1.

Weaver Xtreme Theme Support

PLUGIN SLUGweaverx-theme-support
INSTALLATIONS10,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.2.5
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 6.2.5.

Woo Products Widgets For Elementor

PLUGIN SLUGwoo-products-widgets-for-elementor
INSTALLATIONS8,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION1.0.8
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 1.0.8.

W4 Post List

Product image for W4 Post List.

PLUGIN W4 Post List
PLUGIN SLUGw4-post-list
INSTALLATIONS5,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.4.5
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 2.4.5.

Stock Ticker

Product image for Stock Ticker.

PLUGIN Stock Ticker
PLUGIN SLUGstock-ticker
INSTALLATIONS4,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION3.23.1
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 3.23.1.

Auto Prune Posts

PLUGIN SLUGauto-prune-posts
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.0.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 2.0.0.

RapidLoad Power-Up for Autoptimize

Product image for RapidLoad Power-Up for Autoptimize.

PLUGIN SLUGunusedcss
INSTALLATIONS2,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION1.7.2
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 1.7.2.

RapidLoad Power-Up for Autoptimize

Product image for RapidLoad Power-Up for Autoptimize.

PLUGIN SLUGunusedcss
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.7.2
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 1.7.2.

Mass Delete Unused Tags

PLUGIN SLUGmass-delete-unused-tags
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION3.0.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 3.0.0.

PhonePe Payment Solutions

PLUGIN SLUGphonepe-payment-solutions
INSTALLATIONS1,000+
VULNERABILITYServer Side Request Forgery (SSRF)
PATCHED IN VERSION2.0.0
SEVERITY SCOREMedium
The vulnerability has been patched, so you should update to version 2.0.0.

Webmention

Product image for Webmention.

PLUGIN Webmention
PLUGIN SLUGwebmention
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION4.0.9
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 4.0.9.

LeadSnap

Product image for LeadSnap.

PLUGIN LeadSnap
PLUGIN SLUGleadsnap
INSTALLATIONS800+
VULNERABILITYPHP Object Injection
PATCHED IN VERSION1.24
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 1.24.

Mass Delete Taxonomies

PLUGIN SLUGmass-delete-tags
INSTALLATIONS300+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION4.0.0
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 4.0.0.