Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 216 vulnerabilities disclosed in 173 WordPress Plugins and 3 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WP Datepicker <= 2.1.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
- WAF-RULE-691 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 182 |
| Unpatched | 34 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 186 |
| High Severity | 17 |
| Critical Severity | 12 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 120 |
| Missing Authorization | 43 |
| Cross-Site Request Forgery (CSRF) | 15 |
| Authorization Bypass Through User-Controlled Key | 6 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 5 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Deserialization of Untrusted Data | 2 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Insertion of Sensitive Information into Log File | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| Exposure of Sensitive Information Through Metadata | 1 |
| Guessable CAPTCHA | 1 |
| Improper Authentication | 1 |
| Improper Authorization | 1 |
| Improper Input Validation | 1 |
| Incorrect Privilege Assignment | 1 |
| Not Failing Securely ('Failing Open') | 1 |
| Protection Mechanism Failure | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 15 | |
| 12 | |
| 12 | |
| 12 | |
| 11 | |
| 10 | |
| 10 | |
| 10 | |
| 9 | |
| 8 | |
| 8 | |
| 8 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 2Checkout Payment Gateway for WooCommerce | woocommerce-2checkout-payment |
| Access Category Password | access-category-password |
| Active Products Tables for WooCommerce. Use constructor to create tables | profit-products-tables-for-woocommerce |
| Add Custom CSS and JS | add-custom-css-and-js |
| AI Infographic Maker | infographic-and-list-builder-ilist |
| App Builder – Create Native Android & iOS Apps On The Flight | app-builder |
| Attesa Extra | attesa-extra |
| BA Book Everything | ba-book-everything |
| Backend Designer | backend-designer |
| Backup Migration | backup-backup |
| Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
| BMI Adult & Kid Calculator | bmi-adultkid-calculator |
| Bulk Block Converter | bulk-block-converter |
| Canva – Design beautiful blog graphics | canva |
| CBX Bookmark & Favorite | cbxwpbookmark |
| Click to Chat – HoliThemes | click-to-chat-for-whatsapp |
| Code Insert Manager (Q2W3 Inc Manager) | q2w3-inc-manager |
| Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More | content-control |
| Cookie Banner for GDPR / CCPA – WPLP Cookie Consent | gdpr-cookie-consent |
| Cornerstone | cornerstone |
| Country State City Dropdown CF7 | country-state-city-auto-dropdown |
| Crelly Slider | crelly-slider |
| Custom Order Statuses for WooCommerce | custom-order-statuses-for-woocommerce |
| Custom Thank You Page Customize For WooCommerce by Binary Carpenter | bc-woo-custom-thank-you-pages |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| Debug Log Manager – Conveniently Monitor and Inspect Errors | debug-log-manager |
| Delete Custom Fields | delete-custom-fields |
| DethemeKit for Elementor | dethemekit-for-elementor |
| DirectoryPress – Business Directory And Classified Ad Listing | directorypress |
| Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
| DSGVO Youtube | dsgvo-youtube |
| EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory | ean-for-woocommerce |
| Easy CountDowner | easy-countdowner |
| Easy Custom Auto Excerpt | easy-custom-auto-excerpt |
| Easy Textillate | easy-textillate |
| EasyEvent | easyevent |
| eCommerce Product Catalog Plugin for WordPress | ecommerce-product-catalog |
| EleForms – All In One Form Integration including DB for Elementor | all-contact-form-integration-for-elementor |
| Element Pack – Widgets, Templates & Addons for Elementor | bdthemes-element-pack-lite |
| Elementor WHMCS Elements For Elementor Page Builder | void-elementor-whmcs-elements |
| Elements Plus! | elements-plus |
| ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | elementskit-lite |
| ElementsKit Pro | elementskit |
| Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | email-subscribers |
| Enhanced Media Library | enhanced-media-library |
| Envo Extra | envo-extra |
| EnvĂaloSimple: Email Marketing y Newsletters | envialosimple-email-marketing-y-newsletters-gratis |
| ePoll – Best WordPress Voting Plugin for Poll & Contest | epoll-wp-voting |
| Essential Addons for Elementor Pro | essential-addons-elementor |
| Essential Addons for Elementor – Popular Elementor Templates & Widgets | essential-addons-for-elementor-lite |
| Exclusive Addons for Elementor | exclusive-addons-for-elementor |
| Fancy Product Designer | fancy-product-designer |
| FileBird – WordPress Media Library Folders & File Manager | filebird |
| Fixed HTML Toolbar | fixed-html-toolbar |
| Flash Video Player | flash-video-player |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| Frontend Admin by DynamiApps | acf-frontend-form-element |
| GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels | gg-woo-feed |
| Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | essential-blocks |
| Happy Addons for Elementor | happy-elementor-addons |
| hCaptcha for WP | hcaptcha-for-forms-and-more |
| HelloAsso | helloasso |
| HT Mega Addons for Elementor – Elementor Widgets & Template Builder | ht-mega-for-elementor |
| HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | hurrytimer |
| HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
| Icon Widget | icon-widget |
| Import Content in WordPress & WooCommerce with Excel | content-excel-importer |
| Job Postings | job-postings |
| Knight Lab Timeline | knight-lab-timelinejs |
| Language Switcher for Transposh | language-switcher-for-transposh |
| LearnPress – Backup & Migration Tool | learnpress-import-export |
| LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | learnpress |
| LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing | letterpress |
| LH Add Media From Url | lh-add-media-from-url |
| LiveJournal Shortcode | livejournal-shortcode |
| LoginPress Pro | loginpress-pro |
| Mailster - Email Newsletter Plugin for WordPress | mailster |
| Master Slider – Responsive Touch Slider | master-slider |
| MaxGalleria | maxgalleria |
| Media Library Folders | media-library-plus |
| Mega Addons For Elementor | ultimate-addons-for-elementor |
| Mega Elements – Addons for Elementor | mega-elements-addons-for-elementor |
| MF Gig Calendar | mf-gig-calendar |
| MJ Update History | mj-update-history |
| Mortgage Calculators WP | mortgage-calculators-wp |
| Multi Currency For WooCommerce | wc-multi-currency |
| MyRewards | woorewards |
| Navigation menu as Dropdown Widget | navigation-menu-as-dropdown-widget |
| Netgsm | netgsm |
| Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | embed-form |
| Open Close Store for WooCommerce – Business Hours Schedules Manager | woc-open-close |
| Order Limit For WooCommerce ( Free Version ) | wc-order-limit-lite |
| OTP Login With Phone Number, OTP Verification | login-with-phone-number |
| Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | otter-blocks |
| Ovic Responsive WPBakery | ovic-vc-addon |
| Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
| PeproDev CF7 Database | pepro-cf7-database |
| PeproDev Ultimate Invoice | pepro-ultimate-invoice |
| Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls | poll-maker |
| Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions | popup-anything-on-click |
| Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | ultimate-post |
| Prime Slider Addons for Elementor | bdthemes-prime-slider-lite |
| Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce | woo-product-feed-pro |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| QR Code Composer – Automatic QR Code Generator | qr-code-composer |
| Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player | radio-player |
| Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder | real3d-flipbook-lite |
| Real Media Library: Media Library Folder & File Manager | real-media-library-lite |
| Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | really-simple-ssl |
| reCAPTCHA Jetpack | recaptcha-jetpack |
| Regenerate post permalink | regenerate-post-permalinks |
| Related Posts for WordPress | microkids-related-posts |
| Restaurant Menu – Food Ordering System – Table Reservation | menu-ordering-reservations |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons |
| RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
| RSS Feed Widget | rss-feed-widget |
| Salient Core | salient-core |
| Salient Shortcodes | salient-shortcodes |
| Save as PDF Plugin by PDFCrowd | save-as-pdf-by-pdfcrowd |
| Shared Files – Frontend File Upload Form & Secure File Sharing | shared-files |
| ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | woolentor-addons |
| Shortcodes and extra features for Phlox theme | auxin-elements |
| Simple Registration for WooCommerce | woocommerce-simple-registration |
| Simple Testimonials Showcase | simple-testimonials-showcase |
| Slider by 10Web – Responsive Image Slider | slider-wd |
| Smart Forms – when you need more than just a contact form | smart-forms |
| SmartCrawl SEO checker, analyzer & optimizer | smartcrawl-seo |
| SP Project & Document Manager | sp-client-document-manager |
| Speed Optimizer – The All-In-One Performance-Boosting Plugin | sg-cachepress |
| SSL Zen — SSL Certificate Installer & HTTPS Redirects | ssl-zen |
| Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System | support-genix-lite |
| tagDiv Composer | td-composer |
| Tagembed Social Feeds Widget | tagembed-widget |
| Taggbox: Social Feed Widgets | taggbox-widget |
| Tax Rate Upload | tax-rate-upload |
| Theme My Login | theme-my-login |
| TrackShip for WooCommerce | trackship-for-woocommerce |
| UnGallery | ungallery |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration |
| VikBooking Hotel Booking Engine & PMS | vikbooking |
| What's New Generator | whats-new-genarator |
| WordPress Automatic Plugin | wp-automatic |
| WordPress Menu Plugin — Superfly Responsive Menu | superfly-menu |
| WP 2FA – Two-factor authentication for WordPress | wp-2fa |
| WP 404 Auto Redirect to Similar Post | wp-404-auto-redirect-to-similar-post |
| WP Club Manager – WordPress Sports Club Plugin | wp-club-manager |
| WP Cost Estimation & Payment Forms Builder | wp-estimation-form |
| WP Dummy Content Generator | wp-dummy-content-generator |
| WP Dynamic Keywords Injector | wp-dynamic-keywords-injector |
| WP File Download Light | wp-file-download-light |
| WP Helper Premium | wp-helper-lite |
| WP Meta SEO | wp-meta-seo |
| WP Show Posts | wp-show-posts |
| WP Simple HTML Sitemap | wp-simple-html-sitemap |
| WP Smart Import : Import any XML File to WordPress | wp-smart-import |
| WP Social Comments | gs-facebook-comments |
| WP Stripe Checkout | wp-stripe-checkout |
| WP TradingView | wp-tradingview |
| WP Ultimate Review | wp-ultimate-review |
| WP-Cufon | wp-cufon |
| WP-FormAssembly | formassembly-web-forms |
| WP-Lister Lite for eBay | wp-lister-for-ebay |
| WP-Recall – Registration, Profile, Commerce & More | wp-recall |
| WPB Show Core | wpb-show-core |
| WPBITS Addons For Elementor Page Builder | wpbits-addons-for-elementor |
| WPC Frequently Bought Together for WooCommerce | woo-bought-together |
| WPC Grouped Product for WooCommerce | wpc-grouped-product |
| WPML Multilingual & Multicurrency for WooCommerce | woocommerce-multilingual |
| WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping | wp-product-feed-manager |
| Yoga Schedule Momoyoga | momoyoga-integration |
| Zero Spam for WordPress | zero-spam |
| Zynith SEO | zynith-seo |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| GuCherry Blog | gucherry-blog |
| Newspaper - News & WooCommerce WordPress Theme | Newspaper |
| Tainacan Interface | tainacan-interface |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
WP Dummy Content Generator [wp-dummy-content-generator]
Researcher
Affected Software
HUSKY – Products Filter Professional for WooCommerce [woocommerce-products-filter]
Researcher
Affected Software
ePoll – Best WordPress Voting Plugin for Poll & Contest [epoll-wp-voting]
Researcher
Affected Software
SP Project & Document Manager [sp-client-document-manager]
Researcher
Affected Software
Researcher
Affected Software
Frontend Admin by DynamiApps [acf-frontend-form-element]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Master Slider – Responsive Touch Slider [master-slider]
Researcher
Affected Software
Simple Registration for WooCommerce [woocommerce-simple-registration]
Researcher
Affected Software
Researcher
Affected Software
WPML Multilingual & Multicurrency for WooCommerce [woocommerce-multilingual]
Researcher
Affected Software
Click to Chat – HoliThemes [click-to-chat-for-whatsapp]
Researcher
Login with phone number <= 1.7.16 - Unauthorized Account Password Change to Privilege Escalation
8.8
Affected Software
OTP Login With Phone Number, OTP Verification [login-with-phone-number]
Researcher
Affected Software
Salient Shortcodes [salient-shortcodes]
Researcher
Affected Software
tagDiv Composer [td-composer]
Researcher
Affected Software
Researcher
Affected Software
Royal Addons for Elementor – Addons and Templates Kit for Elementor [royal-elementor-addons]
Researcher
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researcher
Affected Software
Salient Core [salient-core]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researchers
Affected Software
Debug Log Manager – Conveniently Monitor and Inspect Errors [debug-log-manager]
Researcher
Affected Software
DirectoryPress – Business Directory And Classified Ad Listing [directorypress]
Researcher
Affected Software
EleForms – All In One Form Integration including DB for Elementor [all-contact-form-integration-for-elementor]
Researcher
Affected Software
Researcher
Affected Software
WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping [wp-product-feed-manager]
Researcher
Affected Software
WP Meta SEO [wp-meta-seo]
Researcher
Affected Software
WP-Cufon [wp-cufon]
Researcher
Affected Software
Zynith SEO [zynith-seo]
Researcher
Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables [profit-products-tables-for-woocommerce]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Attesa Extra [attesa-extra]
Researcher
BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
Affected Software
BA Book Everything [ba-book-everything]
Researcher
Affected Software
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) [barcode-scanner-lite-pos-to-manage-products-inventory-and-orders]
Researcher
Affected Software
CBX Bookmark & Favorite [cbxwpbookmark]
Researcher
Affected Software
DethemeKit for Elementor [dethemekit-for-elementor]
Researcher
Affected Software
DSGVO Youtube [dsgvo-youtube]
Researcher
Affected Software
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory [ean-for-woocommerce]
Researcher
Affected Software
Easy Textillate [easy-textillate]
Researcher
Affected Software
Element Pack – Widgets, Templates & Addons for Elementor [bdthemes-element-pack-lite]
Researcher
Affected Software
Element Pack – Widgets, Templates & Addons for Elementor [bdthemes-element-pack-lite]
Researcher
Affected Software
Elements Plus! [elements-plus]
Researcher
Affected Software
Researcher
Affected Software
ElementsKit Pro [elementskit]
Researcher
Affected Software
Envo Extra [envo-extra]
Researcher
Affected Software
Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite]
Researcher
Affected Software
Essential Addons for Elementor Pro [essential-addons-elementor]
Researcher
Affected Software
Exclusive Addons for Elementor [exclusive-addons-for-elementor]
Researcher
Affected Software
Exclusive Addons for Elementor [exclusive-addons-for-elementor]
Researcher
Affected Software
Researcher
Affected Software
Happy Addons for Elementor [happy-elementor-addons]
Researcher
Affected Software
Happy Addons for Elementor [happy-elementor-addons]
Researcher
Affected Software
Happy Addons for Elementor [happy-elementor-addons]
Researcher
Affected Software
hCaptcha for WP [hcaptcha-for-forms-and-more]
Researcher
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researcher
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researcher
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researchers
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researcher
Affected Software
HT Mega Addons for Elementor – Elementor Widgets & Template Builder [ht-mega-for-elementor]
Researcher
Affected Software
Researcher
Affected Software
Icon Widget [icon-widget]
Researcher
Affected Software
Researcher
Affected Software
Knight Lab Timeline [knight-lab-timelinejs]
Researcher
Affected Software
Researcher
Affected Software
LiveJournal Shortcode [livejournal-shortcode]
Researcher
Affected Software
Master Slider – Responsive Touch Slider [master-slider]
Researcher
Affected Software
Mega Elements – Addons for Elementor [mega-elements-addons-for-elementor]
Researcher
Affected Software
Mortgage Calculators WP [mortgage-calculators-wp]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
QR Code Composer – Automatic QR Code Generator [qr-code-composer]
Researcher
Affected Software
Real Media Library: Media Library Folder & File Manager [real-media-library-lite]
Researcher
Affected Software
Restaurant Menu – Food Ordering System – Table Reservation [menu-ordering-reservations]
Researcher
Affected Software
Researcher
Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
Affected Software
Salient Shortcodes [salient-shortcodes]
Researcher
Affected Software
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin [woolentor-addons]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researcher
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researchers
Affected Software
Shortcodes and extra features for Phlox theme [auxin-elements]
Researcher
Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
Affected Software
Simple Testimonials Showcase [simple-testimonials-showcase]
Researcher
Affected Software
Taggbox: Social Feed Widgets [taggbox-widget]
Researcher
Affected Software
Tagembed Social Feeds Widget [tagembed-widget]
Researcher
Affected Software
Elementor WHMCS Elements For Elementor Page Builder [void-elementor-whmcs-elements]
Researcher
Affected Software
WordPress Menu Plugin — Superfly Responsive Menu [superfly-menu]
Researcher
Affected Software
WP Club Manager – WordPress Sports Club Plugin [wp-club-manager]
Researcher
Affected Software
WP Smart Import : Import any XML File to WordPress [wp-smart-import]
Researcher
Affected Software
WP Stripe Checkout [wp-stripe-checkout]
Researcher
Affected Software
WP TradingView [wp-tradingview]
Researcher
Affected Software
WP-FormAssembly [formassembly-web-forms]
Researcher
Affected Software
WPBITS Addons For Elementor Page Builder [wpbits-addons-for-elementor]
Researcher
Affected Software
Yoga Schedule Momoyoga [momoyoga-integration]
Researcher
Affected Software
Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder [real3d-flipbook-lite]
Researcher
Affected Software
Access Category Password [access-category-password]
Researcher
Affected Software
Add Custom CSS and JS [add-custom-css-and-js]
Researcher
Affected Software
Bulk Block Converter [bulk-block-converter]
Researcher
Affected Software
Researcher
Affected Software
Code Insert Manager (Q2W3 Inc Manager) [q2w3-inc-manager]
Researcher
Affected Software
Cornerstone [cornerstone]
Researcher
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Researcher
Affected Software
Delete Custom Fields [delete-custom-fields]
Researcher
Affected Software
Easy CountDowner [easy-countdowner]
Researcher
Affected Software
eCommerce Product Catalog Plugin for WordPress [ecommerce-product-catalog]
Researcher
Affected Software
EnvĂaloSimple: Email Marketing y Newsletters [envialosimple-email-marketing-y-newsletters-gratis]
Researcher
Affected Software
Researcher
Affected Software
GuCherry Blog [gucherry-blog]
Researcher
Affected Software
Import Content in WordPress & WooCommerce with Excel [content-excel-importer]
Researcher
Affected Software
Job Postings [job-postings]
Researcher
Affected Software
Language Switcher for Transposh [language-switcher-for-transposh]
Researcher
Affected Software
LearnPress – Backup & Migration Tool [learnpress-import-export]
Researcher
Affected Software
LH Add Media From Url [lh-add-media-from-url]
Researcher
Affected Software
Media Library Folders [media-library-plus]
Researcher
Affected Software
MJ Update History [mj-update-history]
Researcher
Affected Software
Netgsm [netgsm]
Researcher
Affected Software
reCAPTCHA Jetpack [recaptcha-jetpack]
Researcher
Affected Software
Slider by 10Web – Responsive Image Slider [slider-wd]
Researcher
Affected Software
Tainacan Interface [tainacan-interface]
Researcher
Affected Software
Tax Rate Upload [tax-rate-upload]
Researcher
Affected Software
UnGallery [ungallery]
Researcher
Affected Software
VikBooking Hotel Booking Engine & PMS [vikbooking]
Researcher
Affected Software
WP Simple HTML Sitemap [wp-simple-html-sitemap]
Researcher
Affected Software
Researcher
WP 404 Auto Redirect to Similar Post <= 1.0.4 - Reflected Cross-Site Scripting via Debug Mode URI
6.1
Affected Software
WP 404 Auto Redirect to Similar Post [wp-404-auto-redirect-to-similar-post]
Researcher
Affected Software
WP Cost Estimation & Payment Forms Builder [wp-estimation-form]
Researcher
Affected Software
WP Dynamic Keywords Injector [wp-dynamic-keywords-injector]
Researcher
Affected Software
WP Helper Premium [wp-helper-lite]
Researcher
Affected Software
WPB Show Core [wpb-show-core]
Researcher
Affected Software
Newspaper - News & WooCommerce WordPress Theme [Newspaper]
Researcher
Affected Software
Researcher
tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
5.5
Affected Software
tagDiv Composer [td-composer]
Researcher
Affected Software
AI Infographic Maker [infographic-and-list-builder-ilist]
Researcher
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists [ditty-news-ticker]
Researcher
Affected Software
Enhanced Media Library [enhanced-media-library]
Researcher
Affected Software
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns [essential-blocks]
Researcher
Affected Software
Researcher
Affected Software
MyRewards [woorewards]
Researcher
Affected Software
Prime Slider Addons for Elementor [bdthemes-prime-slider-lite]
Researcher
Affected Software
VikBooking Hotel Booking Engine & PMS [vikbooking]
Researcher
Affected Software
WordPress Automatic Plugin [wp-automatic]
Researcher
Affected Software
2Checkout Payment Gateway for WooCommerce [woocommerce-2checkout-payment]
Researcher
Affected Software
Backup Migration [backup-backup]
Researcher
Affected Software
Researcher
Affected Software
Easy Custom Auto Excerpt [easy-custom-auto-excerpt]
Researcher
Affected Software
EleForms – All In One Form Integration including DB for Elementor [all-contact-form-integration-for-elementor]
Researcher
Affected Software
LoginPress Pro [loginpress-pro]
Researcher
Affected Software
LoginPress Pro [loginpress-pro]
Researcher
Affected Software
Order Limit For WooCommerce ( Free Version ) [wc-order-limit-lite]
Researcher
Affected Software
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions [paid-memberships-pro]
Researcher
Affected Software
PeproDev Ultimate Invoice [pepro-ultimate-invoice]
Researcher
Affected Software
Researcher
Affected Software
Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions [popup-anything-on-click]
Researcher
Affected Software
Prime Slider Addons for Elementor [bdthemes-prime-slider-lite]
Researcher
Affected Software
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce [woo-product-feed-pro]
Researcher
Affected Software
Researcher
Affected Software
SmartCrawl SEO checker, analyzer & optimizer [smartcrawl-seo]
Researcher
Affected Software
Speed Optimizer – The All-In-One Performance-Boosting Plugin [sg-cachepress]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
TrackShip for WooCommerce [trackship-for-woocommerce]
Researcher
Affected Software
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent [gdpr-cookie-consent]
Researcher
Affected Software
WP Cost Estimation & Payment Forms Builder [wp-estimation-form]
Researcher
Affected Software
WP Meta SEO [wp-meta-seo]
Researcher
Affected Software
WP Ultimate Review [wp-ultimate-review]
Researcher
Affected Software
WP Ultimate Review [wp-ultimate-review]
Researcher
Affected Software
WP Ultimate Review [wp-ultimate-review]
Researcher
Affected Software
Zero Spam for WordPress [zero-spam]
Researcher
Affected Software
BA Book Everything [ba-book-everything]
Researcher
Affected Software
Backend Designer [backend-designer]
Researcher
Affected Software
Crelly Slider [crelly-slider]
Researcher
Affected Software
EasyEvent [easyevent]
Researchers
Affected Software
Fancy Product Designer [fancy-product-designer]
Researcher
Affected Software
Fixed HTML Toolbar [fixed-html-toolbar]
Researcher
Affected Software
Researcher
Affected Software
MF Gig Calendar [mf-gig-calendar]
Researcher
Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
Affected Software
Navigation menu as Dropdown Widget [navigation-menu-as-dropdown-widget]
Researcher
Affected Software
RSS Feed Widget [rss-feed-widget]
Researcher
Affected Software
Save as PDF Plugin by PDFCrowd [save-as-pdf-by-pdfcrowd]
Researcher
Affected Software
What's New Generator [whats-new-genarator]
Researcher
Affected Software
WP File Download Light [wp-file-download-light]
Researcher
Affected Software
WP-Lister Lite for eBay [wp-lister-for-ebay]
Researcher
Affected Software
BMI Adult & Kid Calculator [bmi-adultkid-calculator]
Researcher
Affected Software
Country State City Dropdown CF7 [country-state-city-auto-dropdown]
Researcher
Affected Software
Custom Order Statuses for WooCommerce [custom-order-statuses-for-woocommerce]
Researcher
Affected Software
Custom Thank You Page Customize For WooCommerce by Binary Carpenter [bc-woo-custom-thank-you-pages]
Researcher
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Researcher
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Researcher
Affected Software
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory [ean-for-woocommerce]
Researcher
Affected Software
Flash Video Player [flash-video-player]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
MaxGalleria [maxgalleria]
Researcher
Affected Software
Mega Addons For Elementor [ultimate-addons-for-elementor]
Researcher
Affected Software
MF Gig Calendar [mf-gig-calendar]
Researcher
Affected Software
Multi Currency For WooCommerce [wc-multi-currency]
Researcher
Affected Software
Researcher
Affected Software
Ovic Responsive WPBakery [ovic-vc-addon]
Researcher
Affected Software
PeproDev CF7 Database [pepro-cf7-database]
Researcher
ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization
4.3
Affected Software
ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities]
Researcher
Affected Software
Researcher
Affected Software
reCAPTCHA Jetpack [recaptcha-jetpack]
Researcher
Affected Software
Regenerate post permalink [regenerate-post-permalinks]
Researcher
Affected Software
Related Posts for WordPress [microkids-related-posts]
Researcher
Affected Software
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin [woolentor-addons]
Researcher
Affected Software
Researcher
Affected Software
Theme My Login [theme-my-login]
Researcher
VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Insecure Direct Object Reference to Menu Access
4.3
Affected Software
VikBooking Hotel Booking Engine & PMS [vikbooking]
Researcher
Affected Software
WP Show Posts [wp-show-posts]
Researcher
Affected Software
WP Social Comments [gs-facebook-comments]
Researcher
WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Insecure Direct Object Reference
4.3
Affected Software
Researcher
Affected Software
WPC Frequently Bought Together for WooCommerce [woo-bought-together]
Researcher
Affected Software
WPC Grouped Product for WooCommerce [wpc-grouped-product]
Researcher
Affected Software
Prime Slider Addons for Elementor [bdthemes-prime-slider-lite]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments