WordPress Plugin Vulnerabilities with Patches
In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities that have been fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!
These vulnerabilities have been disclosed and scored for their severity thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, which represent the largest target for attackers.
Updraft Plus
PLUGIN SLUGupdraftplus
INSTALLATIONS3,000,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.23.1
SEVERITY SCORE Medium
Popup Maker
PLUGIN SLUGpopup-maker
INSTALLATIONS700,000+
VULNERABILITYSensitive Data Exposure
PATCHED IN VERSION1.18.0
SEVERITY SCOREMedium
CVE 2022-47597
Popup Maker
PLUGIN SLUGpopup-maker
INSTALLATIONS700,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION1.18.0
SEVERITY SCORELow
CVE 2022-45819
Popup Maker
PLUGIN SLUGpopup-maker
INSTALLATIONS700,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.18.1
SEVERITY SCORE Medium
Complianz – GDPR/CCPA Cookie Consent
PLUGIN SLUGcomplianz-gdpr
INSTALLATIONS600,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.4.2
SEVERITY SCOREMedium
CVE 2023-1069
Formidable Forms
PLUGIN SLUGformidable
INSTALLATIONS300,000+
VULNERABILITYBypass Vulnerability
PATCHED IN VERSION6.1
SEVERITY SCOREMedium
CVE 2023-0816
301 Redirects – Easy Redirect Manager
PLUGIN SLUGeps-301-redirects
INSTALLATIONS200,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.73
SEVERITY SCORE Medium
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYArbitrary Content Deletion
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2023-23672
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2022-40211
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYCSV Injection
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2023-22719
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYServer Side Request Forgery (SSRF)
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2022-40312
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2023-23668
GiveWP
PLUGIN SLUGgive
INSTALLATIONS100,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.25.2
SEVERITY SCOREMedium
CVE 2023-25450
External Links
PLUGIN SLUGwp-external-links
INSTALLATIONS100,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.58
SEVERITY SCOREMedium
WP Maps
PLUGIN SLUGwp-google-map-plugin
INSTALLATIONS100,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION4.4.3
SEVERITY SCOREMedium
CVE 2023-28172
Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files
PLUGIN SLUGembed-any-document
INSTALLATIONS70,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.7.2
SEVERITY SCOREMedium
CVE 2023-23707
Ajax Load More
PLUGIN SLUGajax-load-more
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION5.6.0.3
SEVERITY SCOREMedium
CVE 2022-4466
Robo Gallery
PLUGIN SLUGrobo-gallery
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION3.2.13
SEVERITY SCOREMedium
CVE 2023-27620
Site Reviews
PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
CVE 2023-27625
Site Reviews
PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
CVE 2023-27612
Site Reviews
PLUGIN Site Reviews
PLUGIN SLUGsite-reviews
INSTALLATIONS50,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.6.0
SEVERITY SCOREMedium
CVE 2023-27629
Klaviyo
PLUGIN Klaviyo
PLUGIN SLUGklaviyo
INSTALLATIONS30,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION3.0.8
SEVERITY SCOREMedium
CVE 2023-25456
Customify
PLUGIN SLUGcustomify
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.10.5
SEVERITY SCOREMedium
CVE 2023-27633
Redirect Redirection
PLUGIN Redirection
PLUGIN SLUGredirect-redirection
INSTALLATIONS20,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.1.5
SEVERITY SCORE Medium
Reusable Blocks Extended
PLUGIN Reusable Blocks Extended
PLUGIN SLUGreusable-blocks-extended
INSTALLATIONS10,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION0.9.1
SEVERITY SCOREMedium
CVE 2023-27611
Weaver Xtreme Theme Support
PLUGIN Weaver Xtreme Theme Support
PLUGIN SLUGweaverx-theme-support
INSTALLATIONS10,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION6.2.5
SEVERITY SCORE Medium
Woo Products Widgets For Elementor
PLUGIN SLUGwoo-products-widgets-for-elementor
INSTALLATIONS8,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION1.0.8
SEVERITY SCOREMedium
CVE 2022-4661
W4 Post List
PLUGIN W4 Post List
PLUGIN SLUGw4-post-list
INSTALLATIONS5,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION2.4.5
SEVERITY SCOREMedium
CVE 2023-27413
Stock Ticker
PLUGIN Stock Ticker
PLUGIN SLUGstock-ticker
INSTALLATIONS4,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION3.23.1
SEVERITY SCOREMedium
CVE 2023-27626
Auto Prune Posts
PLUGINA uto Prune Posts
PLUGIN SLUGauto-prune-posts
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION2.0.0
SEVERITY SCOREMedium
CVE 2023-27423
RapidLoad Power-Up for Autoptimize
PLUGIN SLUGunusedcss
INSTALLATIONS2,000+
VULNERABILITYBroken Access Control
PATCHED IN VERSION1.7.2
SEVERITY SCOREMedium
CVE 2023-1339
RapidLoad Power-Up for Autoptimize
PLUGIN SLUGunusedcss
INSTALLATIONS2,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION1.7.2
SEVERITY SCOREMedium
CVE 2023-1340
Mass Delete Unused Tags
PLUGIN Mass Delete Unused Tags
PLUGIN SLUGmass-delete-unused-tags
INSTALLATIONS1,000+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION3.0.0
SEVERITY SCOREMedium
CVE2 023-27430
PhonePe Payment Solutions
PLUGIN PhonePe Payment Solutions
PLUGIN SLUGphonepe-payment-solutions
INSTALLATIONS1,000+
VULNERABILITYServer Side Request Forgery (SSRF)
PATCHED IN VERSION2.0.0
SEVERITY SCOREMedium
CVE 2022-45835
Webmention
PLUGIN Webmention
PLUGIN SLUGwebmention
INSTALLATIONS1,000+
VULNERABILITYCross Site Scripting (XSS)
PATCHED IN VERSION4.0.9
SEVERITY SCORE High
LeadSnap
PLUGIN LeadSnap
PLUGIN SLUGleadsnap
INSTALLATIONS800+
VULNERABILITYPHP Object Injection
PATCHED IN VERSION1.24
SEVERITY SCORE Medium
Mass Delete Taxonomies
PLUGIN Mass Delete Taxonomies
PLUGIN SLUGmass-delete-tags
INSTALLATIONS300+
VULNERABILITYCross Site Request Forgery (CSRF)
PATCHED IN VERSION4.0.0
SEVERITY SCORE Medium