PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Location
Marousi-Attika
box 15124

WordPress Vulnerability Report — May 31 2024

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.


WordPress Plugins — 86 Patched / 32 Unpatched

Plugin Slug:photo-gallery
Installations200,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

Business Card

Plugin Slug:business-card-by-esterox-100
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

KKProgressbar2 Free – advanced progress bars

Plugin Slug:kkprogressbar
Installations10+
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.


WP Stacker

Plugin:WP Stacker
Plugin Slug:wp-stacker
Installations10+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.


AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Plugin:AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:adfoxly
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


ApplyOnline – Application Form Builder and Manager

Plugin:ApplyOnline – Application Form Builder and Manager
Plugin Slug:apply-online
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Automatic Translator with Auto Translate

Plugin:Automatic Translator with Auto Translate
Plugin Slug:auto-translate
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Button contact VR

Plugin:Button contact VR
Plugin Slug:button-contact-vr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Crafthemes Demo Import

Plugin:Crafthemes Demo Import
Plugin Slug:crafthemes-demo-import
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.

 Dextaz Ping

Plugin:Dextaz Ping
Plugin Slug:dextaz-ping
Vulnerability:Remote Code Execution (RCE)
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.


Easy Digital Downloads – Recent Purchases

Plugin:Easy Digital Downloads – Recent Purchases
Plugin Slug:edd-recent-purchases
Vulnerability:Remote File Inclusion
Patched in Version:No Fix
Severity Score:Critical
The vulnerability has not been patched. You should deactivate the plugin.


Elegant Addons for elementor

Plugin:Elegant Addons for elementor
Plugin Slug:elegant-addons-for-elementor
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Flattr

Plugin:Flattr
Plugin Slug:flattr
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


LuckyWP Table of Contents

Plugin:LuckyWP Table of Contents
Plugin Slug:luckywp-table-of-contents
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.


Opal Estate Pro

Plugin:Opal Estate Pro
Plugin Slug:opal-estate-pro
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode

Plugin:PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Pet Manager

Plugin:Pet Manager
Plugin Slug:pet-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.


Sailthru Triggermail

Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Sailthru Triggermail

Plugin Slug:sailthru-triggermail
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
The vulnerability has not been patched. You should deactivate the plugin.


Praison SEO WordPress

Plugin:Praison SEO WordPress
Plugin Slug:seo-wordpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Simple Popup Manager

Plugin:Simple Popup Manager
Plugin Slug:simple-popup-manager
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Toolbar Extras for Elementor & More

Plugin:Toolbar Extras for Elementor & More
Plugin Slug:toolbar-extras
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Woocommerce – Recent Purchases

Plugin:Woocommerce – Recent Purchases
Plugin Slug:woo-recent-purchases
Vulnerability:Local File Inclusion
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


WP Backpack

Plugin:WP Backpack
Plugin Slug:wp-backpack
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


WP Font Awesome Share Icons

Plugin:WP Font Awesome Share Icons
Plugin Slug:wp-font-awesome-share-icons
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


WP Next Post Navi

Plugin:WP Next Post Navi
Plugin Slug:wp-next-post-navi
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


WP Scraper

Plugin:WP Scraper
Plugin Slug:wp-scraper
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
The vulnerability has not been patched. You should deactivate the plugin.


Elementor Website Builder – More than Just a Page Builder

Plugin Slug:elementor
Installations10,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.21.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.21.6.
Plugin Slug:header-footer-elementor
Installations1,000,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.6.26.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.6.26.1.


WP Fastest Cache

Plugin Slug:wp-fastest-cache
Installations1,000,000+
Vulnerability:Arbitrary File Deletion
Patched in Version:1.2.7
Severity Score:High
The vulnerability has been patched, so you should update to version 1.2.7.


Premium Addons for Elementor

Plugin Slug:premium-addons-for-elementor
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.10.32
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.10.32.


Page Builder by SiteOrigin

Plugin Slug:siteorigin-panels
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.29.16
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.29.16.


Spectra – WordPress Gutenberg Blocks

Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.13.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.13.1.


Spectra – WordPress Gutenberg Blocks

Plugin Slug:ultimate-addons-for-gutenberg
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.12.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.12.9.


WP Shortcodes Plugin — Shortcodes Ultimate

Plugin Slug:shortcodes-ultimate
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.1.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.1.6.


SiteOrigin Widgets Bundle

Plugin Slug:so-widgets-bundle
Installations600,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.61.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.61.0.


WP Go Maps (formerly WP Google Maps)

Plugin Slug:wp-google-maps
Installations400,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:9.0.37
Severity Score:Medium
The vulnerability has been patched, so you should update to version 9.0.37.


Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:unlimited-elements-for-elementor
Installations200,000+
Vulnerability:SQL Injection
Patched in Version:1.5.108
Severity Score:High
The vulnerability has been patched, so you should update to version 1.5.108.


HT Mega – Absolute Addons For Elementor

Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.3.


HT Mega – Absolute Addons For Elementor

Plugin Slug:ht-mega-for-elementor
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.3.


Social Icons Widget & Block by WPZOOM

Plugin Slug:social-icons-widget-by-wpzoom
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.18
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.18.


LearnPress – WordPress LMS Plugin

Plugin Slug:learnpress
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.6.7
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.6.7.


Master Slider – Responsive Touch Slider

Plugin Slug:master-slider
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.10
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.9.10.


Brizy – Page Builder

Plugin Slug:brizy
Installations80,000+
Vulnerability:Broken Access Control
Patched in Version:2.4.44
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.4.44.


Email Log

Plugin:Email Log
Plugin Slug:email-log
Installations80,000+
Vulnerability:Other Vulnerability Type
Patched in Version:2.4.9
Severity Score:High
The vulnerability has been patched, so you should update to version 2.4.9.


Media Library Assistant

Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:SQL Injection
Patched in Version:3.16
Severity Score:High
The vulnerability has been patched, so you should update to version 3.16.


Media Library Assistant

Plugin Slug:media-library-assistant
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.16
Severity Score:High
The vulnerability has been patched, so you should update to version 3.16.
Plugin Slug:yith-woocommerce-ajax-search
Installations70,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.1
Severity Score:High
The vulnerability has been patched, so you should update to version 2.4.1.


Advanced iFrame

Plugin Slug:advanced-iframe
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2024.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2024.4.


WP Table Builder – WordPress Table Plugin

Plugin Slug:wp-table-builder
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.4.15
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.4.15.
Plugin Slug:carousel-slider
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.2.11
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.2.11.


Ditty – Responsive News Tickers, Sliders, and Lists

Plugin Slug:ditty-news-ticker
Installations40,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.36
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.36.


FV Flowplayer Video Player

Plugin Slug:fv-wordpress-flowplayer
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.5.46.7212
Severity Score:High
The vulnerability has been patched, so you should update to version 7.5.46.7212.


Reviews and Rating – Google Reviews

Plugin Slug:g-business-reviews-rating
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.3.


ND Shortcodes

Plugin Slug:nd-shortcodes
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.6.


WP DSGVO Tools (GDPR)

Plugin Slug:shapepress-dsgvo
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.33
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.1.33.


ShareThis Share Buttons

Plugin Slug:sharethis-share-buttons
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.3.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.3.1.


WPZOOM Addons for Elementor (Templates, Widgets)

Plugin Slug:wpzoom-elementor-addons
Installations20,000+
Vulnerability:Local File Inclusion
Patched in Version:1.1.38
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.1.38.


LA-Studio Element Kit for Elementor

Plugin Slug:lastudio-element-kit
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.8
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.8.


WP Photo Album Plus

Plugin Slug:wp-photo-album-plus
Installations10,000+
Vulnerability:Content Injection
Patched in Version:8.7.00.004
Severity Score:Medium
The vulnerability has been patched, so you should update to version 8.7.00.004.


WP TripAdvisor Review Slider

Plugin Slug:wp-tripadvisor-review-slider
Installations10,000+
Vulnerability:SQL Injection
Patched in Version:12.7
Severity Score:High
The vulnerability has been patched, so you should update to version 12.7.


WordPress + Microsoft Office 365 / Azure AD | LOGIN

Plugin Slug:wpo365-login
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:28.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 28.0.


140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:xpro-elementor-addons
Installations10,000+
Vulnerability:PHP Object Injection
Patched in Version:1.4.3.2
Severity Score:High
The vulnerability has been patched, so you should update to version 1.4.3.2.


Videojs HTML5 Player

Plugin Slug:videojs-html5-player
Installations9,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.12
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.12.


Awesome Contact Form7 for Elementor

Plugin Slug:awesome-contact-form7-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.0.


Primary Addon for Elementor

Plugin Slug:primary-addon-for-elementor
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.6.


Hash Elements

Plugin Slug:hash-elements
Installations7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.9.


Survey Maker – Best WordPress Survey Plugin

Plugin Slug:survey-maker
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.9
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.2.9.
Plugin Slug:testimonials-carousel-elementor
Installations6,000+
Vulnerability:Broken Access Control
Patched in Version:10.2.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 10.2.1.


WPKoi Templates for Elementor

Plugin Slug:wpkoi-templates-for-elementor
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.11
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.5.11.


AI ChatBot for WordPress – WPBot

Plugin Slug:chatbot
Installations5,000+
Vulnerability:Broken Access Control
Patched in Version:5.3.6
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.3.6.


WP Ultimate Post Grid

Plugin Slug:wp-ultimate-post-grid
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.9.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.9.2.


PopupAlly

Plugin:PopupAlly
Plugin Slug:popupally
Installations4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.1.2.


Move Addons for Elementor

Plugin Slug:move-addons
Installations3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.3.2.


Debug Log – Manger Tool

Plugin Slug:debug-log-config-tool
Installations2,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.5.


LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor

Plugin Slug:include-lottie-animation-for-elementor
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.10.10
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.10.10.


Event post

Plugin:Event post
Plugin Slug:event-post
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:5.9.5
Severity Score:Medium
The vulnerability has been patched, so you should update to version 5.9.5.


Fastly

Plugin:Fastly
Plugin Slug:fastly
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:1.2.26
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.2.26.


Hash Form – Drag & Drop Form Builder

Plugin Slug:hash-form
Installations1,000+
Vulnerability:PHP Object Injection
Patched in Version:1.1.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.1.1.


Hash Form – Drag & Drop Form Builder

Plugin Slug:hash-form
Installations1,000+
Vulnerability:Remote Code Execution (RCE)
Patched in Version:1.1.1
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.1.1.


Tainacan

Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 0.21.4.


Tainacan

Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.21.4
Severity Score:High
The vulnerability has been patched, so you should update to version 0.21.4.


Web Directory Free

Plugin Slug:web-directory-free
Installations600+
Vulnerability:SQL Injection
Patched in Version:1.7.0
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.7.0.


WP-ViperGB

Plugin:WP-ViperGB
Plugin Slug:wp-vipergb
Installations600+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.6.2.


Atarim

Plugin:Atarim
Plugin Slug:atarim-visual-collaboration
Vulnerability:Other Vulnerability Type
Patched in Version:3.30
Severity Score:High
The vulnerability has been patched, so you should update to version 3.30.


Country State City Dropdown CF7

Plugin:Country State City Dropdown CF7
Plugin Slug:country-state-city-auto-dropdown
Vulnerability:SQL Injection
Patched in Version:2.7.3
Severity Score:Critical
The vulnerability has been patched, so you should update to version 2.7.3.


ElementsKit Pro

Plugin:ElementsKit Pro
Plugin Slug:elementskit
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.6.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.6.2.

 

layerSlider

Plugin:LayerSlider
Plugin Slug:layerslider
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.11.1
Severity Score:Medium
The vulnerability has been patched, so you should update to version 7.11.1.


Contact Form & Lead Form Elementor Builder

Plugin:Contact Form & Lead Form Elementor Builder
Plugin Slug:lead-form-builder
Vulnerability:Content Injection
Patched in Version:1.9.2
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.9.2.


Memberpress

Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.11.30
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.11.30.


Memberpress

Plugin:Memberpress
Plugin Slug:memberpress
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.11.30
Severity Score:Medium
The vulnerability has been patched, so you should update to version 1.11.30.


Pie Register (Add on) – Social Sites Login

Plugin:Pie Register (Add on) – Social Sites Login
Plugin Slug:pie-register-social-site
Vulnerability:Broken Authentication
Patched in Version:1.7.8
Severity Score:Critical
The vulnerability has been patched, so you should update to version 1.7.8.


NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Sensitive Data Exposure
Patched in Version:4.4.4
Severity Score:High
The vulnerability has been patched, so you should update to version 4.4.4.


NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.4.4
Severity Score:Medium
The vulnerability has been patched, so you should update to version 4.4.4.


NextScripts

Plugin:NextScripts
Plugin Slug:social-networks-auto-poster-facebook-twitter-g
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.4.4
Severity Score:High
The vulnerability has been patched, so you should update to version 4.4.4.


Uber Menu

Plugin:Uber Menu
Plugin Slug:ubermenu
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.8.3
Severity Score:Medium
The vulnerability has been patched, so you should update to version 3.8.3.


Userpro

Plugin:Userpro
Plugin Slug:userpro
Vulnerability:Privilege Escalation
Patched in Version:5.1.9
Severity Score:Critical
The vulnerability has been patched, so you should update to version 5.1.9.


WordPress Themes — 1 Patched / 0 Unpatched

 Blocksy

Theme:Blocksy
Theme Slug:blocksy
Downloads3,232,407
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.0.47
Severity Score:Medium
The vulnerability has been patched, so you should update to version 2.0.47.