WordPress Vulnerability Report � March 6, 2024

In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

WordPress Plugins � 73 Patched / 48 Unpatched

Plugin:: Slivery Extender
Plugin Slug:: slivery-extender
Installations: 2,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27191

Plugin:: IDonate � blood request management system
Plugin Slug:: idonate
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Adsmonetizer
Plugin Slug:: adsensei-b30
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1437

Plugin:: ArtiBot
Plugin Slug:: artibot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0449

Plugin:: Auto Refresh Single Page
Plugin Slug:: auto-refresh-single-page
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1731

Plugin:: BeePress
Plugin Slug:: beepress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27197

Plugin:: Blue Triad EZAnalytics
Plugin Slug:: blue-triad-ezanalytics
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1782

Plugin:: Change Memory Limit
Plugin Slug:: change-memory-limit
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1093

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6922

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1476

Plugin:: Configure SMTP
Plugin Slug:: configure-smtp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27192

Plugin:: Build & Control Block Patterns
Plugin Slug:: control-block-patterns
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1095

Plugin:: Custom fields shortcode
Plugin Slug:: custom-fields-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6809

Plugin:: Download Media
Plugin Slug:: download-media
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-27190

Plugin:: Duitku Payment Gateway
Plugin Slug:: duitku-social-payment-gateway
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0631

Plugin:: Easy!Appointments
Plugin Slug:: easyappointments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0698

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23501

Plugin:: Conversios.io
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0786

Plugin:: FeedWordPress
Plugin Slug:: feedwordpress
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0839

Plugin:: Fontific | Google Fonts
Plugin Slug:: fontific
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27194

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0431

Plugin:: Maintenance Mode by helderk
Plugin Slug:: hkdev-maintenance-mode
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1478

Plugin:: JM Twitter Cards
Plugin Slug:: jm-twitter-cards
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1769

Plugin:: Marketing Optimizer
Plugin Slug:: marketing-optimizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1976

Plugin:: Master Slider
Plugin Slug:: master-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0611

Plugin:: Master Slider
Plugin Slug:: master-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1449

Plugin:: Media Alt Renamer
Plugin Slug:: media-alt-renamer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1434

Plugin:: WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
Plugin Slug:: myshopkit-popup-smartbar-slidein
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1436

Plugin:: Page Builder Sandwich � Front-End Page Builder
Plugin Slug:: page-builder-sandwich
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1285

Plugin:: Page Builder Sandwich � Front-End Page Builder
Plugin Slug:: page-builder-sandwich
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1381

Plugin:: Page Restrict
Plugin Slug:: pagerestrict
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0682

Plugin:: Password Protected Store for WooCommerce
Plugin Slug:: password-protected-woo-store
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1088

Plugin:: PayU India
Plugin Slug:: payu-india
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27193

Plugin:: postMash � custom post order
Plugin Slug:: postmash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27196

Plugin:: Restaurant Solutions � Checklist
Plugin Slug:: restaurant-solutions-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1977

Plugin:: Rolo Slider
Plugin Slug:: rolo-slider
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1438

Plugin:: Simple Tweet
Plugin Slug:: simple-tweet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0700

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2132

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1398

Plugin:: User Shortcodes Plus
Plugin Slug:: user-shortcodes-plus
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6969

Plugin:: Vimeography: Vimeo Video Gallery WordPress Plugin
Plugin Slug:: vimeography
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0825

Plugin:: Watermark RELOADED
Plugin Slug:: watermark-reloaded
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-27195

Plugin:: WordPress Access Control
Plugin Slug:: wordpress-access-control
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0975

Plugin:: CodeMirror Blocks
Plugin Slug:: wp-codemirror-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1791

Plugin:: WP eCommerce
Plugin Slug:: wp-e-commerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1516

Plugin:: WP eCommerce
Plugin Slug:: wp-e-commerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-1514

Plugin:: Page Duplicator
Plugin Slug:: wp-page-duplicator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1368

Plugin:: WP Private Content Plus
Plugin Slug:: wp-private-content-plus
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0680

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.0.1
Severity Score:: High
CVE:: 2023-45000

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.0.1
Severity Score:: High
CVE:: 2023-40000

Plugin:: Complianz � GDPR/CCPA Cookie Consent
Plugin Slug:: complianz-gdpr
Installations: 900,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.0.0
Severity Score:: Medium
CVE:: 2024-1592

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.22
Severity Score:: Medium
CVE:: 2024-1680

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.4
Severity Score:: Medium
CVE:: 2024-1808

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.8
Severity Score:: Medium
CVE:: 2024-1723

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.2
Severity Score:: Medium
CVE:: 2024-0438

Plugin:: Nextend Social Login and Register
Plugin Slug:: nextend-facebook-connect
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.13
Severity Score:: High
CVE:: 2024-1775

Plugin:: GenerateBlocks
Plugin Slug:: generateblocks
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-1452

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2023-7115

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.32
Severity Score:: Medium
CVE:: 2024-1323

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium
CVE:: 2024-1499

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.3
Severity Score:: Medium
CVE:: 2024-1074

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.86
Severity Score:: Medium
CVE:: 2023-6954

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.85
Severity Score:: Medium
CVE:: 2023-6785

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.2
Severity Score:: Medium
CVE:: 2024-1854

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.7
Severity Score:: Medium
CVE:: 2024-0614

Plugin:: WP Show Posts
Plugin Slug:: wp-show-posts
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-1479

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.2
Severity Score:: Medium
CVE:: 2024-1341

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2024-0378

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.99
Severity Score:: High
CVE:: 2024-1484

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium
CVE:: 2024-1414

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium
CVE:: 2024-1234

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium
CVE:: 2024-2028

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.1
Severity Score:: Medium
CVE:: 2024-1413

Plugin:: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.7.0
Severity Score:: Medium
CVE:: 2023-6880

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.57
Severity Score:: High
CVE:: 2024-2020

Plugin:: Custom Field Suite
Plugin Slug:: custom-field-suite
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-0689

Plugin:: NotificationX � Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
Plugin Slug:: notificationx
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.3
Severity Score:: Critical
CVE:: 2024-1698

Plugin:: WP Dashboard Notes
Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2023-7198

Plugin:: MainWP Dashboard � WordPress Manager for Multiple Websites Maintenance
Plugin Slug:: mainwp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.0
Severity Score:: Medium
CVE:: 2024-1642

Plugin:: Giveaways and Contests by RafflePress � Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.7
Severity Score:: High
CVE:: 2024-1935

Plugin:: Restrict User Access � Ultimate Membership & Content Protection
Plugin Slug:: restrict-user-access
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium
CVE:: 2024-0687

Plugin:: Seraphinite Accelerator
Plugin Slug:: seraphinite-accelerator
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.21
Severity Score:: Medium
CVE:: 2024-1568

Plugin:: NextMove Lite � Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.18.1
Severity Score:: Medium
CVE:: 2024-1120

Plugin:: Easy PayPal & Stripe Buy Now Button
Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-1719

Plugin:: Easy PayPal & Stripe Buy Now Button
Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-1719

Plugin:: WP Event Manager � Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.42
Severity Score:: High
CVE:: 2024-0976

Plugin:: Wp Social Login and Register Social Counter
Plugin Slug:: wp-social
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-1763

Plugin:: AWeber � Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
Plugin Slug:: aweber-web-form-widget
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.3.15
Severity Score:: High
CVE:: 2024-1793

Plugin:: Contact Form 7 � PayPal & Stripe Add-on
Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium
CVE:: 2024-1719

Plugin:: Contact Form 7 � PayPal & Stripe Add-on
Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium
CVE:: 2024-1719

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-0766

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-0767

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-0768

Plugin:: LifterLMS � WordPress LMS Plugin for eLearning
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.2
Severity Score:: Medium
CVE:: 2024-0377

Plugin:: SportsPress � Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.18
Severity Score:: Medium
CVE:: 2024-1178

Plugin:: Smart Forms � when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.87
Severity Score:: Medium
CVE:: 2023-7203

Plugin:: WPvivid Backup for MainWP
Plugin Slug:: wpvivid-backup-mainwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.33
Severity Score:: High
CVE:: 2024-1383

Plugin:: Finale Lite � Sales Countdown Timer & Discount for WooCommerce
Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.18.0
Severity Score:: Medium
CVE:: 2024-1120

Plugin:: SoundCloud Shortcode
Plugin Slug:: soundcloud-shortcode
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-25936

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-1489

Plugin:: Thank You Page Customizer for WooCommerce � Increase Your Sales
Plugin Slug:: woo-thank-you-page-customizer
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-1687

Plugin:: Thank You Page Customizer for WooCommerce � Increase Your Sales
Plugin Slug:: woo-thank-you-page-customizer
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-1686

Plugin:: Coming Soon Page & Maintenance Mode
Plugin Slug:: responsive-coming-soon
Installations: 4,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-1136

Plugin:: Chat Bubble � Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
Plugin Slug:: chat-bubble
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: Medium
CVE:: 2024-0898

Plugin:: Slider Responsive Slideshow � Image slider, Gallery slideshow
Plugin Slug:: slider-responsive-slideshow
Installations: 3,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.0
Severity Score:: High
CVE:: 2024-1859

Plugin:: Spiffy Calendar
Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.9
Severity Score:: Medium
CVE:: 2024-0855

Plugin:: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
Plugin Slug:: antihacker
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.52
Severity Score:: Medium
CVE:: 2024-1860

Plugin:: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
Plugin Slug:: antihacker
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.53
Severity Score:: Medium
CVE:: 2024-1861

Plugin:: Friends
Plugin Slug:: friends
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.8.6
Severity Score:: Medium
CVE:: 2024-1978

Plugin:: Oliver POS � A WooCommerce Point of Sale (POS)
Plugin Slug:: oliver-pos
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.1.9
Severity Score:: Medium
CVE:: 2024-1954

Plugin:: Page Restriction WordPress (WP) � Protect WP Pages/Post
Plugin Slug:: page-and-post-restriction
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-0681

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.1
Severity Score:: Medium
CVE:: 2024-27950

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.2.1
Severity Score:: Medium
CVE:: 2024-27949

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 0.20.7
Severity Score:: Medium
CVE:: 2024-1435

Plugin:: Comments Extra Fields For Post,Pages and CPT
Plugin Slug:: wp-comment-fields
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1
Severity Score:: Medium
CVE:: 2024-0830

Plugin:: Comments Extra Fields For Post,Pages and CPT
Plugin Slug:: wp-comment-fields
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1
Severity Score:: Medium
CVE:: 2024-0829

Plugin:: Backup
Plugin Slug:: backup2
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.9.9
Severity Score:: High
CVE:: 2023-7165

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.19.3
Severity Score:: Medium
CVE:: 2024-23523

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.3.4
Severity Score:: Critical
CVE:: 2023-6585

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Broken Authentication
Patched in Version:: 2.3.4
Severity Score:: Critical
CVE:: 2023-6584

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2024-27189

WordPress Themes � 4 Patched / 1 Unpatched

Theme:: Atahualpa
Theme Slug:: atahualpa
Downloads: 1,333,690
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-27948

Theme:: Yuki
Theme Slug:: yuki
Downloads: 133,433
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.14
Severity Score:: Medium
CVE:: 2024-1388

Theme:: Yuki
Theme Slug:: yuki
Downloads: 133,433
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-1943

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.11.6
Severity Score:: Medium
CVE:: 2024-1668

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.11.5
Severity Score:: Critical
CVE:: 2024-1468

WordPress Vulnerability Report � March 6, 2024

WordPress Core

WordPress Plugins � 73 Patched / 48 Unpatched

WordPress Themes � 4 Patched / 1 Unpatched

Related articles

Wait! Get exclusive hosting insights