WordPress-Plugin-Schwachstellen mit Patches

Cybersecurity / Von / / security report, wordpress plugins / 17 minutes of reading
image_pdfimage_print

Inhaltsverzeichnis

WordPress-Plugin-Schwachstellen mit Patches

In diesem Abschnitt finden Sie die zuletzt offenbarten Schwachstellen von WordPress-Plugins, die mit einer neuen Version ihrer Autoren und Betreuer behoben wurden. Bitte wenden Sie die Updates an, wenn Sie davon betroffen sind!

Diese Schwachstellen wurden dank unserer Freunde bei Patchstack offengelegt und für ihren Schweregrad bewertet. Jede Plugin-Auflistung enthält die Art der Schwachstelle mit ihrer CVE-Nummer und CVSS-Schweregradbewertung mit Links zu weiteren technischen Details. Sie sehen auch die Anzahl der aktiven Websites, die das Plug-in verwenden, sowie die Version der Plug-in-Version, die die Schwachstelle behebt. Wir beginnen mit den beliebtesten Plugins, die das größte Angriffsziel für Angreifer darstellen.

UpdraftPlus PRO

Product image for UpdraftPlus WordPress Backup Plugin.PluginUpdraftPlus WordPress Backup PluginPlugin SlugupdraftplusInstallations3,000,000+VulnerabilityBroken Access ControlPatched in Version2.23.3Severity ScoreHighThe vulnerability has been patched, so you should update to version 2.23.3.

UpdraftPlus

Product image for UpdraftPlus WordPress Backup Plugin.PluginUpdraftPlus WordPress Backup PluginPlugin SlugupdraftplusInstallations3,000,000+VulnerabilityBroken Access ControlPatched in Version1.23.3Severity ScoreHighThe vulnerability has been patched, so you should update to version 1.23.3.

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin

Product image for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows.PluginSlider, Gallery, and Carousel by MetaSlider – Responsive WordPress SlideshowsPlugin Slugml-sliderInstallations700,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.28.1Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 3.28.1.

Easy Table of Contents

Product image for Easy Table of Contents.PluginEasy Table of ContentsPlugin Slugeasy-table-of-contentsInstallations400,000+VulnerabilityBroken Access ControlPatched in Version2.0.46Severity ScoreMediumCVE2023-25469The vulnerability has been patched, so you should update to version 2.0.46.

Happy Addons for Elementor

Product image for Happy Addons for Elementor.PluginHappy Addons for ElementorPlugin Slughappy-elementor-addonsInstallations300,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.8.0Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 3.8.0.

Squirrly SEO (Peaks)

Product image for SEO Plugin by Squirrly SEO.PluginSEO Plugin by Squirrly SEOPlugin Slugsquirrly-seoInstallations200,000+VulnerabilityBroken Access ControlPatched in Version12.1.21Severity ScoreMediumCVE2022-44626The vulnerability has been patched, so you should update to version 12.1.21.

Squirrly SEO (Peaks)

Product image for SEO Plugin by Squirrly SEO.PluginSEO Plugin by Squirrly SEOPlugin Slugsquirrly-seoInstallations200,000+VulnerabilityReflected Cross Site Scripting (XSS)Patched in Version12.1.21Severity ScoreHighCVE2022-45065The vulnerability has been patched, so you should update to version 12.1.21.

WP Mail Logging

Product image for WP Mail Logging.PluginWP Mail LoggingPlugin Slugwp-mail-loggingInstallations200,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.11.0Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.11.0.

WPML

PluginWPML – WordPress Multilingual Plugin SlugwpmlVulnerabilityCross Site Scripting (XSS)Patched in Version4.6.1Severity ScoreHighThe vulnerability has been patched, so you should update to version 4.6.1.

WordPress Ping Optimizer

Product image for WordPress Ping Optimizer.PluginWordPress Ping OptimizerPlugin Slugwordpress-ping-optimizerInstallations70,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.35.1.3.0Severity ScoreMediumCVE2022-30705The vulnerability has been patched, so you should update to version 2.35.1.3.0.

Bookly

Product image for WordPress Online Booking and Scheduling Plugin – Bookly.PluginWordPress Online Booking and Scheduling Plugin – BooklyPlugin Slugbookly-responsive-appointment-booking-toolInstallations60,000+VulnerabilityUnauthenticated Stored Cross-Site Scripting via Name vulnerabilityPatched in Version21.5.1Severity ScoreHighCVE2023-1172The vulnerability has been patched, so you should update to version 21.5.1.

User Registration

Product image for User Registration – Custom Registration Form, Login Form And User Profile For WordPress.PluginUser Registration – Custom Registration Form, Login Form And User Profile For WordPressPlugin Sluguser-registrationInstallations60,000+VulnerabilityAuthenticated PHP Object InjectionPatched in Version2.3.3Severity ScoreHighCVE2023-27459The vulnerability has been patched, so you should update to version 2.3.3.

Exclusive Addons for Elementor

Product image for Exclusive Addons for Elementor.PluginExclusive Addons for ElementorPlugin Slugexclusive-addons-for-elementorInstallations40,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.6.2Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 2.6.2.

Ecwid Ecommerce Shopping Cart

Product image for Ecwid Ecommerce Shopping Cart.PluginEcwid Ecommerce Shopping CartPlugin Slugecwid-shopping-cartInstallations30,000+VulnerabilityCross Site Scripting (XSS)Patched in Version6.11.5Severity ScoreMediumCVE2023-24408The vulnerability has been patched, so you should update to version 6.11.5.

Subscribe2 – Form, Email Subscribers & Newsletters

Product image for Subscribe2 – Form, Email Subscribers & Newsletters.PluginSubscribe2 – Form, Email Subscribers & NewslettersPlugin Slugsubscribe2Installations30,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version10.38Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 10.38.

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin

Product image for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin.PluginWP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission PluginPlugin Slugwp-user-frontendInstallations30,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.6.1Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 3.6.1.

Advanced Product Labels for WooCommerce

Product image for Advanced Product Labels for WooCommerce.PluginAdvanced Product Labels for WooCommercePlugin Slugadvanced-product-labels-for-woocommerceInstallations20,000+VulnerabilityBroken Access ControlPatched in Version1.2.4.1Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.2.4.1.

Branda

Product image for Branda – White Label WordPress, Custom Login Page Customizer.PluginBranda – White Label WordPress, Custom Login Page CustomizerPlugin Slugbranda-white-labelingInstallations20,000+VulnerabilityAuthenticated (Administrator+) Stored Cross-Site ScriptingPatched in Version3.4.9Severity ScoreMediumThe vulnerability has been patched, so you should update to version 3.4.9.

Dashboard Welcome for Elementor

Product image for Dashboard Welcome for Elementor.PluginDashboard Welcome for ElementorPlugin Slugdashboard-welcome-for-elementorInstallations20,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.0.7Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.0.7.

Load More Products for WooCommerce

Product image for Load More Products for WooCommerce.PluginLoad More Products for WooCommercePlugin Slugload-more-products-for-woocommerceInstallations20,000+VulnerabilityBroken Access ControlPatched in Version1.1.9.8Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.1.9.8.

Min and Max Quantity for WooCommerce

Product image for Min and Max Quantity for WooCommerce.PluginMin and Max Quantity for WooCommercePlugin Slugminmax-quantity-for-woocommerceInstallations20,000+VulnerabilityBroken Access ControlPatched in Version1.3.2.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.3.2.7.

Product image for Product Gallery Slider for WooCommerce.PluginProduct Gallery Slider for WooCommercePlugin Slugwoo-product-gallery-sliderInstallations20,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.2.7Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 2.2.7.

WP Simple Shopping Cart

Product image for WordPress Simple Shopping Cart.PluginWordPress Simple Shopping CartPlugin Slugwordpress-simple-paypal-shopping-cartInstallations20,000+VulnerabilitySensitive Data ExposurePatched in Version4.6.4Severity ScoreMediumCVE2023-1431The vulnerability has been patched, so you should update to version 4.6.4.

Store Locator WordPress

Product image for Store Locator WordPress.PluginStore Locator WordPressPlugin Slugagile-store-locatorInstallations10,000+VulnerabilityCross Site Scripting (XSS)Patched in Version1.4.10Severity ScoreMediumCVE2023-27618The vulnerability has been patched, so you should update to version 1.4.10.

Contact Form 7 – PayPal & Stripe Add-on

Product image for Contact Form 7 – PayPal & Stripe Add-on.PluginContact Form 7 – PayPal & Stripe Add-onPlugin Slugcontact-form-7-paypal-add-onInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.9.4Severity ScoreMediumCVE2023-24405The vulnerability has been patched, so you should update to version 1.9.4.

Contact Form Email

Product image for Contact Form Email.PluginContact Form EmailPlugin Slugcontact-form-to-emailInstallations10,000+VulnerabilityMissing Authorization Leading To Feedback SubmissionPatched in Version1.3.32Severity ScoreMediumCVE2023-28494The vulnerability has been patched, so you should update to version 1.3.32.

eCommerce Product Catalog

Product image for eCommerce Product Catalog Plugin for WordPress.PlugineCommerce Product Catalog Plugin for WordPressPlugin Slugecommerce-product-catalogInstallations10,000+VulnerabilityAuthenticated (Administrator+) Stored Cross-Site ScriptingPatched in Version3.3.9Severity ScoreMediumCVE2023-1470The vulnerability has been patched, so you should update to version 3.3.9.

Hotel Booking Lite

Product image for Hotel Booking Lite.PluginHotel Booking LitePlugin Slugmotopress-hotel-booking-liteInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version4.7.0Severity ScoreMediumCVE2023-28498The vulnerability has been patched, so you should update to version 4.7.0.

Product image for Slideshow Gallery LITE.PluginSlideshow Gallery LITEPlugin Slugslideshow-galleryInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.7.7Severity ScoreMediumCVE2023-28497The vulnerability has been patched, so you should update to version 1.7.7.

Product image for Slideshow Gallery LITE.PluginSlideshow Gallery LITEPlugin Slugslideshow-galleryInstallations10,000+VulnerabilitySQL InjectionPatched in Version1.7.7Severity ScoreMediumCVE2023-28491The vulnerability has been patched, so you should update to version 1.7.7.

Woostify Sites Library

Product image for Woostify Sites Library.PluginWoostify Sites LibraryPlugin Slugwoostify-sites-libraryInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.4.4Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.4.4.

WP Dark Mode – Best Dark Mode & Social Sharing Plugin for WordPress

Product image for WP Dark Mode – Best Dark Mode & Social Sharing Plugin for WordPress.PluginWP Dark Mode – Best Dark Mode & Social Sharing Plugin for WordPressPlugin Slugwp-dark-modeInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.0.5Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 3.0.5.

WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Product image for WP VR – 360 Panorama and Virtual Tour Builder For WordPress.PluginWP VR – 360 Panorama and Virtual Tour Builder For WordPressPlugin SlugwpvrInstallations10,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version8.2.6Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 8.2.6.

Fluid Checkout for WooCommerce – Lite

Product image for Fluid Checkout for WooCommerce – Lite.PluginFluid Checkout for WooCommerce – LitePlugin Slugfluid-checkoutInstallations9,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.3.2Severity ScoreMediumThe vulnerability has been patched, so you should update to version 2.3.2.

Event Manager for WooCommerce

Product image for Event Manager and Tickets Selling Plugin for WooCommerce.PluginEvent Manager and Tickets Selling Plugin for WooCommercePlugin Slugmage-eventpressInstallations9,000+VulnerabilityCross Site Scripting (XSS)Patched in Version3.8.7Severity ScoreMediumCVE2023-28422The vulnerability has been patched, so you should update to version 3.8.7.

Event Manager and Tickets Selling Plugin for WooCommerce

Product image for Event Manager and Tickets Selling Plugin for WooCommerce.PluginEvent Manager and Tickets Selling Plugin for WooCommercePlugin Slugmage-eventpressInstallations9,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.7.8Severity ScoreMediumCVE2022-47164The vulnerability has been patched, so you should update to version 3.7.8.

Team Member – Team with Slider

Product image for Team Member – Team with Slider.PluginTeam Member – Team with SliderPlugin Slugteam-showcase-supremeInstallations9,000+VulnerabilityCross Site Scripting (XSS)Patched in Version4.5Severity ScoreMediumCVE2023-23647The vulnerability has been patched, so you should update to version 4.5.

SMTP2GO

Product image for SMTP2GO – Email Made Easy.PluginSMTP2GO – Email Made EasyPlugin Slugsmtp2goInstallations8,000+VulnerabilityCross Site Scripting (XSS)Patched in Version1.5.0Severity ScoreMediumCVE2023-28496The vulnerability has been patched, so you should update to version 1.5.0.

ProfileGrid

Product image for ProfileGrid – User Profiles, Memberships, Groups and Communities.PluginProfileGrid – User Profiles, Memberships, Groups and CommunitiesPlugin Slugprofilegrid-user-profiles-groups-and-communitiesInstallations7,000+VulnerabilityBroken Access ControlPatched in Version5.0.4Severity ScoreMediumCVE2022-36352The vulnerability has been patched, so you should update to version 5.0.4.

Brands for WooCommerce

Product image for Brands for WooCommerce.PluginBrands for WooCommercePlugin Slugbrands-for-woocommerceInstallations6,000+VulnerabilityBroken Access ControlPatched in Version3.7.0.6Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.7.0.6.

Contact Form 7 Redirect & Thank You Page

PluginContact Form 7 Redirect & Thank You PagePlugin Slugcf7-redirect-thank-you-pageInstallations6,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.0.4Severity ScoreMediumCVE2023-24395The vulnerability has been patched, so you should update to version 1.0.4.

Product image for Boostify Header Footer Builder for Elementor.PluginBoostify Header Footer Builder for ElementorPlugin Slugboostify-header-footer-builderInstallations5,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.9Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.2.9.

Modern Footnotes

Product image for Modern Footnotes.PluginModern FootnotesPlugin Slugmodern-footnotesInstallations5,000+VulnerabilityCross Site Scripting (XSS)Patched in Version1.4.16Severity ScoreMediumCVE2023-28423The vulnerability has been patched, so you should update to version 1.4.16.

Open Graphite

Product image for Open Graphite.PluginOpen GraphitePlugin Slugopen-graphiteInstallations5,000+VulnerabilityCross Site Scripting (XSS)Patched in Version1.6.1Severity ScoreHighCVE2022-47439The vulnerability has been patched, so you should update to version 1.6.1.

W4 Post List

Product image for W4 Post List.PluginW4 Post ListPlugin Slugw4-post-listInstallations5,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.4.3Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 2.4.3.

Grid List View for WooCommerce

Product image for Grid/List View for WooCommerce.PluginGrid/List View for WooCommercePlugin Sluggridlist-view-for-woocommerceInstallations4,000+VulnerabilityBroken Access ControlPatched in Version1.1.3.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.1.3.7.

Cart Notices for WooCommerce

Product image for Cart Notices for WooCommerce.PluginCart Notices for WooCommercePlugin Slugcart-notices-for-woocommerceInstallations3,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Click to top

Product image for Click to top.PluginClick to topPlugin Slugclick-to-topInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.20Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.2.20.

Force First and Last Name as Display Name

Product image for Force First and Last Name as Display Name.PluginForce First and Last Name as Display NamePlugin Slugforce-first-lastInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.1Severity ScoreMediumCVE2023-28419The vulnerability has been patched, so you should update to version 1.2.1.

Product image for Gallery Box.PluginGallery BoxPlugin Sluggallery-boxInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.7.31Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.7.31.

Magical Posts Display – Elementor & Gutenberg Posts Blocks

Product image for Magical Posts Display – Elementor Advanced Posts widgets.PluginMagical Posts Display – Elementor Advanced Posts widgetsPlugin Slugmagical-posts-displayInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.16Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.2.16.

wePOS – Point Of Sale (POS) for WooCommerce

Product image for wePOS – Point Of Sale (POS) for WooCommerce.PluginwePOS – Point Of Sale (POS) for WooCommercePlugin SlugweposInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.6Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.2.6.

WP Email Capture

Product image for WordPress Email Marketing Plugin – WP Email Capture.PluginWordPress Email Marketing Plugin – WP Email CapturePlugin Slugwp-email-captureInstallations3,000+VulnerabilitySensitive Data ExposurePatched in Version3.11Severity ScoreMediumCVE2023-28421The vulnerability has been patched, so you should update to version 3.11.

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

Product image for Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD.PluginCart Lift – Abandoned Cart Recovery for WooCommerce and EDDPlugin Slugcart-liftInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version3.1.4Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 3.1.4.

WP Markdown Editor (Formerly Dark Mode)

Product image for WP Markdown Editor (Formerly Dark Mode).PluginWP Markdown Editor (Formerly Dark Mode)Plugin Slugdark-modeInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version4.1.3Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 4.1.3.

GS Testimonial Slider

Product image for GS Testimonial Slider.PluginGS Testimonial SliderPlugin Sluggs-testimonialInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.9.8Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.9.8.

Product Tabs Manager for WooCommerce

Product image for Product Tabs Manager for WooCommerce.PluginProduct Tabs Manager for WooCommercePlugin Slugproduct-tabs-manager-for-woocommerceInstallations2,000+VulnerabilityBroken Access ControlPatched in Version1.1.5.8Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.1.5.8.

Product Watermark for WooCommerce

Product image for Product Watermark for WooCommerce.PluginProduct Watermark for WooCommercePlugin Slugproduct-watermark-for-woocommerceInstallations2,000+VulnerabilityBroken Access ControlPatched in Version1.3.5.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 1.3.5.7.

Stylish Cost Calculator

Product image for Stylish Cost Calculator.PluginStylish Cost CalculatorPlugin Slugstylish-cost-calculatorInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version7.3.7Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 7.3.7.

Terms and Conditions Popup for WooCommerce

Product image for Terms and Conditions Popup for WooCommerce.PluginTerms and Conditions Popup for WooCommercePlugin Slugterms-and-conditions-popup-for-woocommerceInstallations2,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Webinar and Video Conference with Jitsi Meet

Product image for Webinar and Video Conference with Jitsi Meet.PluginWebinar and Video Conference with Jitsi MeetPlugin Slugwebinar-and-video-conference-with-jitsi-meetInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.0.0Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 2.0.0.

Wiremo – Product Reviews for WooCommerce

Product image for Wiremo – Product Reviews for WooCommerce.PluginWiremo – Product Reviews for WooCommercePlugin Slugwoo-reviews-by-wiremoInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.4.97Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.4.97.

Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form

Product image for Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form.PluginWp Edit Password Protected – Create Member/User Only Page & Design Password Protected FormPlugin Slugwp-edit-password-protectedInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.4Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 1.2.4.

Products Suggestions for WooCommerce

Product image for Products Suggestions for WooCommerce.PluginProducts Suggestions for WooCommercePlugin Slugcart-products-suggestions-for-woocommerceInstallations1,000+VulnerabilityBroken Access ControlPatched in Version 3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Calendar Event Multi View

Product image for Calendar Event Multi View.PluginCalendar Event Multi ViewPlugin Slugcp-multi-view-calendarInstallations1,000+VulnerabilityMissing Authorization Leading To Feedback SubmissionPatched in Version1.4.11Severity ScoreMediumCVE2023-28492The vulnerability has been patched, so you should update to version 1.4.11.

HT Feed

Product image for HT Feed.PluginHT FeedPlugin Slught-instagramInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.2.8Severity ScoreMediumCVE2023-23804The vulnerability has been patched, so you should update to version 1.2.8.

Dynamics 365 Integration

Product image for Dynamics 365 Integration.PluginDynamics 365 IntegrationPlugin Slugintegration-dynamicsInstallations1,000+VulnerabilityBroken Access ControlPatched in Version1.3.13Severity ScoreMediumCVE2023-28417The vulnerability has been patched, so you should update to version 1.3.13.

Open RDW kenteken voertuiginformatie

Product image for Open RDW kenteken voertuiginformatie.PluginOpen RDW kenteken voertuiginformatiePlugin Slugopen-rdw-kenteken-voertuiginformatieInstallations1,000+VulnerabilityCross Site Scripting (XSS)Patched in Version2.1.0Severity ScoreHighCVE2022-47431The vulnerability has been patched, so you should update to version 2.1.0.

Pagination Styler for WooCommerce

Product image for Pagination Styler for WooCommerce.PluginPagination Styler for WooCommercePlugin Slugpagination-styler-for-woocommerceInstallations1,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Products Compare for WooCommerce

Product image for Products Compare for WooCommerce.PluginProducts Compare for WooCommercePlugin Slugproducts-compare-for-woocommerceInstallations1,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.8Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.8.

Sales Report for WooCommerce

Product image for Sales Report for WooCommerce.PluginSales Report for WooCommercePlugin Slugsales-report-for-woocommerceInstallations1,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Sequential Order Numbers for WooCommerce

Product image for Sequential Order Numbers for WooCommerce.PluginSequential Order Numbers for WooCommercePlugin Slugsequential-order-numbers-for-woocommerceInstallations1,000+VulnerabilityBroken Access ControlPatched in Version3.5.7.7Severity ScoreMediumCVE2022-45813The vulnerability has been patched, so you should update to version 3.5.7.7.

Sheets To WP Table Live Sync

Product image for Sheets To WP Table Live Sync.PluginSheets To WP Table Live SyncPlugin Slugsheets-to-wp-table-live-syncInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version2.12.15Severity ScoreMediumCVE2022-47150The vulnerability has been patched, so you should update to version 2.12.15.

Userlike – WordPress Live Chat plugin

Product image for Userlike – WordPress Live Chat plugin.PluginUserlike – WordPress Live Chat pluginPlugin SluguserlikeInstallations1,000+VulnerabilityCross Site Scripting (XSS)Patched in Version2.3Severity ScoreMediumCVE2023-23734The vulnerability has been patched, so you should update to version 2.3.

WordPress WP Express Checkout

Product image for WP Express Checkout (Accept PayPal Payments Easily).PluginWP Express Checkout (Accept PayPal Payments Easily)Plugin Slugwp-express-checkoutInstallations1,000+VulnerabilityAuthenticated (Admin+) Stored Cross-Site ScriptingPatched in Version2.2.9Severity ScoreMediumCVE2023-1469The vulnerability has been patched, so you should update to version 2.2.9.

WordPress GamiPress – Youtube integration

Product image for GamiPress – Youtube integration.PluginGamiPress – Youtube integrationPlugin Sluggamipress-youtube-integrationInstallations700+VulnerabilityAuthenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched in Version1.0.8Severity ScoreMediumThe vulnerability has been patched, so you should update to version 1.0.8.

Branded Social Images

Product image for Branded Social Images – Open Graph Images with logo and extra text layer.PluginBranded Social Images – Open Graph Images with logo and extra text layerPlugin Slugbranded-social-imagesInstallations600+VulnerabilityBroken Access ControlPatched in Version1.1.1Severity ScoreMediumCVE2023-28536The vulnerability has been patched, so you should update to version 1.1.1.

Enhanced Plugin Admin

Product image for Enhanced Plugin Admin.PluginEnhanced Plugin AdminPlugin Slugenhanced-plugin-adminInstallations200+VulnerabilityCross Site Request Forgery (CSRF)Patched in Version1.17Severity ScoreMediumCVE2023-28618The vulnerability has been patched, so you should update to version 1.17.

WordPress Auto Rename Media On Upload

Product image for Auto Rename Media On Upload.PluginAuto Rename Media On UploadPlugin Slugauto-rename-media-on-uploadInstallations100+VulnerabilityAuthenticated (Administrator+) Stored Cross-Site ScriptingPatched in Version1.1.0Severity ScoreMediumThe vulnerability has been patched, so you should update to version 1.1.0.

WSB Brands

Product image for WSB Brands.PluginWSB BrandsPlugin Slugwsb-brandsInstallations100+VulnerabilityCross Site Scripting (XSS)Patched in Version1.2Severity ScoreMediumCVE2022-47437The vulnerability has been patched, so you should update to version 1.2.

WordPress Amazon S3 Plugin

PluginWordPress Amazon S3 PluginPlugin Slugwp-s3Installations10+VulnerabilityCross Site Scripting (XSS)Patched in Version1.6Severity ScoreHighThe vulnerability has been patched, so you should update to version 1.6.

Cyberus Key

Product image for Cyberus Key.PluginCyberus KeyPlugin Slugcyberus-keyVulnerabilityCross Site Scripting (XSS)Patched in Version1.1Severity ScoreMediumCVE2023-28620The vulnerability has been patched, so you should update to version 1.1.

WordPress Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard

PluginDrag and Drop Multiple File Upload PROPlugin Slugdrag-n-drop-upload-cf7-proVulnerabilityCross Site Scripting (XSS)Patched in Version2.11.1Severity ScoreHighThe vulnerability has been patched, so you should update to version 2.11.1.

WordPress WooCommerce Multiple Customer Addresses & Shipping

PluginWooCommerce Multiple Customer Addresses & ShippingPlugin Slugwoocommerce-multiple-customer-addressesVulnerabilityInsecure Direct Object References (IDOR)Patched in Version21.7Severity ScoreMediumCVE2023-0865The vulnerability has been patched, so you should update to version 21.7.

WordPress Plugin Vulnerabilities – No Known Fix

This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.

Slide Anything

Product image for Slide Anything – Responsive Content / HTML Slider and Carousel.PluginSlide Anything – Responsive Content / HTML Slider and CarouselPlugin Slugslide-anythingInstallations100,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-28499The vulnerability has not been patched. You should deactivate the plugin.

Custom Field Template

Product image for Custom Field Template.PluginCustom Field TemplatePlugin Slugcustom-field-templateInstallations50,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-22695The vulnerability has not been patched. You should deactivate the plugin.

Website Monetization by MageNet

Product image for Website Monetization by MageNet.PluginWebsite Monetization by MageNetPlugin Slugwebsite-monetization-by-magenetInstallations40,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-22673The vulnerability has not been patched. You should deactivate the plugin.

Read More Without Refresh

Product image for Read More Without Refresh.PluginRead More Without RefreshPlugin Slugread-more-without-refreshInstallations20,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23793The vulnerability has not been patched. You should deactivate the plugin.

WP Shortcode by MyThemeShop

Product image for WP Shortcode by MyThemeShop.PluginWP Shortcode by MyThemeShopPlugin Slugwp-shortcodeInstallations20,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-28495The vulnerability has not been patched. You should deactivate the plugin.

PB SEO Friendly Images plugin

Product image for PB SEO Friendly Images.PluginPB SEO Friendly ImagesPlugin Slugpb-seo-friendly-imagesInstallations10,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47434The vulnerability has not been patched. You should deactivate the plugin.

Import External Images

Product image for Import External Images.PluginImport External ImagesPlugin Slugimport-external-imagesInstallations8,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-46866The vulnerability has not been patched. You should deactivate the plugin.

Disqus Conditional Load

Product image for Disqus Conditional Load.PluginDisqus Conditional LoadPlugin Slugdisqus-conditional-loadInstallations7,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23732The vulnerability has not been patched. You should deactivate the plugin.

ConvertBox Auto Embed WordPress plugin

PluginConvertBox Auto Embed WordPress pluginPlugin Slugconvertbox-auto-embedInstallations6,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23664The vulnerability has not been patched. You should deactivate the plugin.

Weather Station

Product image for Weather Station.PluginWeather StationPlugin Sluglive-weather-stationInstallations4,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-25478The vulnerability has not been patched. You should deactivate the plugin.

Simple Mobile URL Redirect

Product image for Simple Mobile URL Redirect.PluginSimple Mobile URL RedirectPlugin Slugsimple-mobile-url-redirectInstallations4,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23897The vulnerability has not been patched. You should deactivate the plugin.

WordPress Mortgage Calculator Estatik

Product image for WordPress Mortgage Calculator Estatik.PluginWordPress Mortgage Calculator EstatikPlugin Slugestatik-mortgage-calculatorInstallations3,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreHighCVE2023-28490The vulnerability has not been patched. You should deactivate the plugin.

Update Image Tag Alt Attribute

Product image for Update Image Tag Alt Attribute.PluginUpdate Image Tag Alt AttributePlugin Slugupdate-alt-attributeInstallations3,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

Return and Warranty Management System for WooCommerce

Product image for Return and Warranty Management System for WooCommerce.PluginReturn and Warranty Management System for WooCommercePlugin Slugwc-return-warrrantyInstallations3,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreHighCVE2023-22710The vulnerability has not been patched. You should deactivate the plugin.

WP Job Portal – A Complete Job Board

Product image for WP Job Portal – A Complete Job Board.PluginWP Job Portal – A Complete Job BoardPlugin Slugwp-job-portalInstallations3,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-28534The vulnerability has not been patched. You should deactivate the plugin.

Bangladeshi Payment Gateways

Product image for Bangladeshi Payment Gateways – Make Payment Using QR Code.PluginBangladeshi Payment Gateways – Make Payment Using QR CodePlugin Slugbangladeshi-payment-gatewaysInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

Custom Options Plus

Product image for Custom Options Plus.PluginCustom Options PlusPlugin Slugcustom-options-plusInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-28420The vulnerability has not been patched. You should deactivate the plugin.

Google XML Sitemap for Mobile

PluginGoogle XML Sitemap for MobilePlugin Sluggoogle-mobile-sitemapInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23869The vulnerability has not been patched. You should deactivate the plugin.

Lazy Social Comments

Product image for Lazy Social Comments.PluginLazy Social CommentsPlugin Sluglazy-facebook-commentsInstallations2,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23733The vulnerability has not been patched. You should deactivate the plugin.

BuddyPress Builder for Elementor – BuddyBuilder

Product image for BuddyPress Builder for Elementor – BuddyBuilder.PluginBuddyPress Builder for Elementor – BuddyBuilderPlugin Slugstax-buddy-builderInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

Vertical scroll recent post

Product image for Vertical scroll recent post.PluginVertical scroll recent postPlugin Slugvertical-scroll-recent-postInstallations2,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23862The vulnerability has not been patched. You should deactivate the plugin.

Product Category Slider for WooCommerce

Product image for Product Category Slider for WooCommerce.PluginProduct Category Slider for WooCommercePlugin Slugwoo-category-slider-by-plugineverInstallations2,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

WP Content Filter – Censor All Offensive Content From Your Site

Product image for WP Content Filter – Censor All Offensive Content From Your Site.PluginWP Content Filter – Censor All Offensive Content From Your SitePlugin Slugwp-content-filterInstallations1,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23883The vulnerability has not been patched. You should deactivate the plugin.

BigContact Contact Page

Product image for BigContact Contact Page.PluginBigContact Contact PagePlugin SlugbigcontactInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2023-22694The vulnerability has not been patched. You should deactivate the plugin.

Bulk Resize Media

Product image for Bulk Resize Media.PluginBulk Resize MediaPlugin Slugbulk-resize-mediaInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-46865The vulnerability has not been patched. You should deactivate the plugin.

JS Job Manager

Product image for JS Job Manager.PluginJS Job ManagerPlugin Slugjs-jobsInstallations1,000+VulnerabilityBroken Access ControlPatched in VersionNo FixSeverity ScoreMediumCVE2023-28689The vulnerability has not been patched. You should deactivate the plugin.

Kanban Boards for WordPress

Product image for Kanban Boards for WordPress.PluginKanban Boards for WordPressPlugin SlugkanbanInstallations1,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23884The vulnerability has not been patched. You should deactivate the plugin.

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Product image for Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget.PluginPost Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor WidgetPlugin Slugpost-grid-carousel-ultimateInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

PT Addons for Elementor Lite

Product image for PT Addons for Elementor Lite.PluginPT Addons for Elementor LitePlugin Slugpt-elementor-addons-liteInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

Elementor Addons, Widgets and Enhancements – Stax

Product image for Elementor Addons, Widgets and Enhancements – Stax.PluginElementor Addons, Widgets and Enhancements – StaxPlugin Slugstax-addons-for-elementorInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

Surbma | GDPR Proof Cookie Consent & Notice Bar

Product image for Surbma | GDPR Proof Cookie Consent & Notice Bar.PluginSurbma | GDPR Proof Cookie Consent & Notice BarPlugin Slugsurbma-gdpr-proof-google-analyticsInstallations1,000+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23894The vulnerability has not been patched. You should deactivate the plugin.

Challan – PDF Invoice & Packing Slip for WooCommerce

Product image for Challan – PDF Invoice & Packing Slip for WooCommerce.PluginChallan – PDF Invoice & Packing Slip for WooCommercePlugin Slugwebappick-pdf-invoice-for-woocommerceInstallations1,000+VulnerabilityCross Site Request Forgery (CSRF)Patched in VersionNo FixSeverity ScoreMediumCVE2022-47150The vulnerability has not been patched. You should deactivate the plugin.

TreePress – Easy Family Trees & Ancestor Profiles

Product image for TreePress – Easy Family Trees & Ancestor Profiles.PluginTreePress – Easy Family Trees & Ancestor ProfilesPlugin SlugtreepressInstallations900+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-23863The vulnerability has not been patched. You should deactivate the plugin.

VigilanTor

PluginVigilanTorPlugin SlugvigilantorInstallations900+VulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-28695The vulnerability has not been patched. You should deactivate the plugin.

Backup Bank: WordPress Backup Plugin

Product image for Backup Bank: WordPress Backup Plugin.PluginBackup Bank: WordPress Backup PluginPlugin Slugwp-backup-bankInstallations700+VulnerabilityBroken Access ControlPatched in VersionNo FixSeverity ScoreMediumCVE2023-28165The vulnerability has not been patched. You should deactivate the plugin.

Be POPIA Compliant

PluginBe POPIA CompliantPlugin Slugbe-popia-compliantInstallations100+VulnerabilitySQL InjectionPatched in VersionNo FixSeverity ScoreHighCVE2022-47445The vulnerability has not been patched. You should deactivate the plugin.

Simple Custom Author Profiles

Product image for Simple Custom Author Profiles.PluginSimple Custom Author ProfilesPlugin Slugsimple-custom-author-profilesVulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-24372The vulnerability has not been patched. You should deactivate the plugin.

WordPress WP Popup Banners

PluginWP Popup BannersPlugin Slugwp-popup-bannersVulnerabilityAuthenticated (Subscriber+) SQL InjectionPatched in VersionNo FixSeverity ScoreHighCVE2023-1471The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Simple Events

Product image for WP Simple Events.PluginWP Simple EventsPlugin Slugwp-simple-eventsVulnerabilityCross Site Scripting (XSS)Patched in VersionNo FixSeverity ScoreMediumCVE2023-24376The vulnerability has not been patched. You should deactivate the plugin.

W

Nach oben scrollen