This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Mail Log, JupiterX Core, Oxygen Builderand more!
Plugin: what3words Address Field
Vulnerability: Authenticated (Administrator+) Sensitive Information Exposure vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress what3words Address Field plugin to the latest available version (at least 4.0.1).
Plugin: Convert Pro
Vulnerability: Broken Access Control vulnerability
Patched Version: 1.7.6
Recommended Action: Update the WordPress Convert Pro plugin to the latest available version (at least 1.7.6).
Plugin: Schema Pro
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.7.8
Recommended Action: Update the WordPress Schema Pro plugin to the latest available version (at least 2.7.8).
Plugin: JupiterX Core
Vulnerability: Unauth. Arbitrary File Download vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: WpStream – Live Streaming, Video on Demand, Pay Per View
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 4.5.5
Recommended Action: Update the WordPress WpStream – Live Streaming, Video on Demand, Pay Per View plugin to the latest available version (at least 4.5.5).
Plugin: Integration for WooCommerce and Zoho CRM
Vulnerability: Open Redirection vulnerability
Patched Version: 1.3.7
Recommended Action: Update the WordPress Integration for WooCommerce and Zoho CRM plugin to the latest available version (at least 1.3.7).
Plugin: Integration for WooCommerce and QuickBooks
Vulnerability: Open Redirection vulnerability
Patched Version: 1.2.4
Recommended Action: Update the WordPress Integration for WooCommerce and QuickBooks plugin to the latest available version (at least 1.2.4).
Plugin: Post Connector
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Media Library Categories
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.0.1
Recommended Action: Update the WordPress Media Library Categories plugin to the latest available version (at least 2.0.1).
Plugin: Gestion-Pymes
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Oxygen Builder
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.6.2
Recommended Action: Update the WordPress Oxygen Builder plugin to the latest available version (at least 4.6.2).
Plugin: Client Portal : SuiteDash Direct Login
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Post Affiliate Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.
Plugin: Audio Player with Playlist Ultimate
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Photo Engine
Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 6.2.6
Recommended Action: Update the WordPress Photo Engine plugin to the latest available version (at least 6.2.6).
Plugin: Social Share Icons & Social Share Buttons
Vulnerability: Broken Access Control
Patched Version: None
Recommended Action: No patched version is available.
Plugin: WRC Pricing Tables
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Pinpoint Booking System
Vulnerability: Parameter Tampering
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Onepage Builder – Easiest Landing Page Builder For WordPress
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Elastic Email Sender
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Exifography
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.
Plugin: Language
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: eaSYNC
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Subscribe to Category
Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP-FlyBox
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Disabler
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Essential Addons for Elementor
Vulnerability: Unauthenticated MailChimp API Key Disclosure vulnerability
Patched Version: 5.8.2
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.8.2).
Plugin: Post List With Featured Image
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: GTmetrix for WordPress
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: WP-CopyProtect [Protect your blog posts]
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Art Decoration Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: wpShopGermany IT-RECHT KANZLEI
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress wpShopGermany IT-RECHT KANZLEI plugin to the latest available version (at least 1.8).
Plugin: Smarty for WordPress
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: WP Emoji One
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Gallery Bank
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Bank plugin to the latest available version.
Plugin: 404 to 301
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 404 to 301 plugin to the latest available version.
Plugin: Caldera Forms
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Caldera Forms plugin to the latest available version.
Plugin: Image Photo Gallery Final Tiles Grid
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version.
Plugin: Easy Watermark
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Watermark plugin to the latest available version.
Plugin: Event Tickets
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Event Tickets plugin to the latest available version.
Plugin: Elementor Addon Elements
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Elementor Addon Elements plugin to the latest available version.
Plugin: Chamber Dashboard Business Directory
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Chamber Dashboard Business Directory plugin to the latest available version.
Plugin: Gutenberg Block Editor Toolkit
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.17
Recommended Action: Update the WordPress Gutenberg Block Editor Toolkit plugin to the latest available version (at least 1.17).
Plugin: AnyComment
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress AnyComment plugin to the latest available version.
Plugin: Contact Form 7 Skins
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form 7 Skins plugin to the latest available version.
Plugin: Better Notifications for WP
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Better Notifications for WP plugin to the latest available version.
Plugin: MasterStudy LMS
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress MasterStudy LMS plugin to the latest available version.
Plugin: Hide Admin Bar Based on User Roles
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Hide Admin Bar Based on User Roles plugin to the latest available version.
Plugin: Easy Responsive Pricing Tables
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: CO2ok: carbon offsetting for e-commerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CO2ok: carbon offsetting for e-commerce plugin to the latest available version.
Plugin: Convoworks WP
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Convoworks WP plugin to the latest available version.
Plugin: CF7 Constant Contact Fields Mapping
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Multicollab – Google Doc-Style Editorial Commenting for WordPress
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress plugin to the latest available version.
Plugin: Divi Contact Form 7
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Contact Form 7 plugin to the latest available version.
Plugin: WordPress Easy Call Now Button by elixirs.io
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Blocksy Companion
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocksy Companion plugin to the latest available version.
Plugin: DiviTorque – Divi Theme, Divi Builder and Extra Theme
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version.
Plugin: AnyWhere Elementor
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.8
Recommended Action: Update the WordPress AnyWhere Elementor plugin to the latest available version (at least 1.2.8).
Plugin: Advanced WC Analytics – Google Analytics Dashboard for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin to the latest available version.
Plugin: bbResolutions
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Activity Log For MainWP
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Activity Log For MainWP plugin to the latest available version.
Plugin: Display WP Admin Pages in the Frontend – WP Frontend Admin
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest available version.
Plugin: EthereumICO
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EthereumICO plugin to the latest available version.
Plugin: Extend Filter Products By Price Widget
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Expandable Paywall
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Expandable Paywall plugin to the latest available version.
Plugin: Joli FAQ SEO – WordPress FAQ Plugin
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Joli FAQ SEO – WordPress FAQ Plugin plugin to the latest available version.
Plugin: Map Plugin alternative to Google Maps using MapQuest, with directions
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugin to the latest available version.
Plugin: FormsCRM
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress FormsCRM plugin to the latest available version.
Plugin: Go Fetch Jobs (for WP Job Manager)
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WordPress Team Members – GS Plugins
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version.
Plugin: Image Carousel For Divi
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Carousel For Divi plugin to the latest available version.
Plugin: Import Holded for WooCommerce or Easy Digital Downloads
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available version.
Plugin: Market Exporter
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Market Exporter plugin to the latest available version.
Plugin: WordPress Gallery Plugin – Limb Image Gallery
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Gallery Plugin – Limb Image Gallery plugin to the latest available version.
Plugin: Menu Item Scheduler
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Mobile App Editor – WordPress to Android App Builder
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mobile App Editor – WordPress to Android App Builder plugin to the latest available version.
Plugin: Gift Message for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gift Message for WooCommerce plugin to the latest available version.
Plugin: Checkbox
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Checkbox plugin to the latest available version.
Plugin: DancePress (TRWA)
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Greenshift – animation and page builder blocks
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version.
Plugin: eRoom – Zoom Meetings & Webinar
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress eRoom – Zoom Meetings & Webinar plugin to the latest available version.
Plugin: Cost Calculator Builder
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Cost Calculator Builder plugin to the latest available version.
Plugin: Frontend Admin – Add and edit posts, pages, users and more all from the frontend
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Frontend Admin – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.
Plugin: ACF Frontend – Add and edit posts, pages, users and more all from the frontend
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF Frontend – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.
Plugin: Custom Welcome Guide
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Custom Welcome Guide plugin to the latest available version.
Plugin: Files Download Delay
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Files Download Delay plugin to the latest available version.
Plugin: CAPTCHA 4WP
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CAPTCHA 4WP plugin to the latest available version.
Plugin: Contact Form By Mega Forms – Drag and Drop Form Builder
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version.
Plugin: WordPress Form Builder Plugin – Gutenberg Forms
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Form Builder Plugin – Gutenberg Forms plugin to the latest available version.
Plugin: Multiple Page Generator Plugin – MPG
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.0.0
Recommended Action: Update the WordPress Multiple Page Generator Plugin – MPG plugin to the latest available version (at least 3.0.0).
Plugin: 360 Javascript Viewer
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 360 Javascript Viewer plugin to the latest available version.
Plugin: EmbedPress
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EmbedPress plugin to the latest available version.
Plugin: Product Feed Manager
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Feed Manager plugin to the latest available version.
Plugin: 2MB Autocode
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 2MB Autocode plugin to the latest available version.
Plugin: ACF-VC Integrator
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF-VC Integrator plugin to the latest available version.
Plugin:  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT
Vulnerability: WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin <= 2.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin to the latest available version.
Plugin: WooCommerce Attribute Stock – Share Stock Between Products (Lite Version)
Vulnerability: WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin <= 1.2.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin to the latest available version.
Plugin: WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner plugin to the latest available version.
Plugin: Blocks Product Editor for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocks Product Editor for WooCommerce plugin to the latest available version.
Plugin: BlogPost – BlogPost Widgets – Amazing Blog Layouts
Vulnerability: WordPress BlogPost – BlogPost Widgets – Amazing Blog Layouts plugin <= 1.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form
Vulnerability: WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin <= 1.3.4 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin to the latest available version.
Plugin: BuddyForms Anonymous Author
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Anonymous Author plugin to the latest available version.
Plugin: BuddyForms Attach Post with Group
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Attach Post with Group plugin to the latest available version.
Plugin: BuddyForms Hierarchical Posts
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Hierarchical Posts plugin to the latest available version.
Plugin: Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss plugin to the latest available version.
Plugin: Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss plugin to the latest available version.
Plugin: BuddyForms Posts 2 Posts
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Posts 2 Posts plugin to the latest available version.
Plugin: BuddyForms Remote
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Remote plugin to the latest available version.
Plugin: BuddyForms Moderation ( Former: Review Logic )
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Moderation ( Former: Review Logic ) plugin to the latest available version.
Plugin: BuddyForms Ultimate Member
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Ultimate Member plugin to the latest available version.
Plugin: BuddyForms Form Elements for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Form Elements for WooCommerce plugin to the latest available version.
Plugin: Message Filter for Contact Form 7
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Message Filter for Contact Form 7 plugin to the latest available version.
Plugin: CF7 ReCaptcha Mine
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CF7 ReCaptcha Mine plugin to the latest available version.
Plugin: Simple Freemius Shop
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Freemius Shop plugin to the latest available version.
Plugin: WordPress Image Compression and Optimizer Plugin â CheetahO
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Image Compression and Optimizer Plugin â CheetahO plugin to the latest available version.
Plugin: Coming Soon Master
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Master plugin to the latest available version.
Plugin: Content Blocks Builder
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Content Blocks Builder plugin to the latest available version.
Plugin: TempTool [Show Current Template Info]
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.1.10
Recommended Action: Update the WordPress TempTool [Show Current Template Info] plugin to the latest available version (at least 1.1.10).
Plugin: DeMomentSomTres Gravity Forms Improvements
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).
Plugin: DeMomentSomTres Gravity Forms Improvements
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).
Plugin: DeMomentSomTres Immediate Send
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: DeMomentSomTres Subscribe
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres Subscribe plugin to the latest available version.
Plugin: DeMomentSomTres WordPress Export Posts With Images
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres WordPress Export Posts With Images plugin to the latest available version.
Plugin: DEV.LAND
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DEV.LAND plugin to the latest available version.
Plugin: DokoBuilder : DIY Product Bundle for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DokoBuilder : DIY Product Bundle for WooCommerce plugin to the latest available version.
Plugin: Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor
Vulnerability: WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin <= 2.0.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin to the latest available version.
Plugin: Embed Video Thumbnail
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Video Thumbnail plugin to the latest available version.
Plugin: Enjoy Social Feed plugin for WordPress website
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Enjoy Social Feed plugin for WordPress website plugin to the latest available version.
Plugin: External Media Upload
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress External Media Upload plugin to the latest available version.
Plugin:  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
Vulnerability: WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.3.35 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version.
Plugin: Fast Custom Social Share by CodeBard
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Fast Custom Social Share by CodeBard plugin to the latest available version.
Plugin: Contact form builder for Gutenberg – Formello
Vulnerability: WordPress Contact form builder for Gutenberg – Formello plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact form builder for Gutenberg – Formello plugin to the latest available version.
Plugin: GraphComment Comment system
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress GraphComment Comment system plugin to the latest available version.
Plugin: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Vulnerability: WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 1.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin to the latest available version.
Plugin: Information for help
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Information for help plugin to the latest available version.
Plugin: Google Maps Plugin by Intergeo
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Google Maps Plugin by Intergeo plugin to the latest available version.
Plugin: WPGutenBlog Demo Import
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPGutenBlog Demo Import plugin to the latest available version.
Plugin: Ultimate LinkedIn Integration
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Ultimate LinkedIn Integration plugin to the latest available version.
Plugin: WP Logger
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin:  Bulk Landing Page Creator for WordPress – LPagery
Vulnerability: WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin <= 1.2.5 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin to the latest available version.
Plugin: Menukaart – Restaurant Menu & Online Ordering with WooCommerce
Vulnerability: WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin <= 1.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin to the latest available version.
Plugin: Meta Tag Manager
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Meta Tag Manager plugin to the latest available version.
Plugin: NextGEN Gallery
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress NextGEN Gallery plugin to the latest available version.
Plugin: WP to Twitter
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP to Twitter plugin to the latest available version.
Plugin: Pods
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pods plugin to the latest available version.
Plugin: The Events Calendar
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress The Events Calendar plugin to the latest available version.
Plugin: Stop User Enumeration
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop User Enumeration plugin to the latest available version.
Plugin: Popup Maker
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.10.0
Recommended Action: Update the WordPress Popup Maker plugin to the latest available version (at least 1.10.0).
Plugin: Salon booking system
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 8.4.9
Recommended Action: Update the WordPress Salon booking system plugin to the latest available version (at least 8.4.9).
Plugin: Share This Image
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Share This Image plugin to the latest available version.
Plugin: WP Google Review Slider
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Google Review Slider plugin to the latest available version.
Plugin: WP Activity Log
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Activity Log plugin to the latest available version.
Plugin: TI WooCommerce Wishlist
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version.
Plugin: Asset CleanUp: Page Speed Booster
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version.
Plugin: WP Travel
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Travel plugin to the latest available version.
Plugin: Notification
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Notification plugin to the latest available version.
Plugin: Redirect 404 Error Page to Homepage or Custom Page with Logs
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs plugin to the latest available version.
Plugin: Client Invoicing by Sprout Invoices
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Client Invoicing by Sprout Invoices plugin to the latest available version.
Plugin: PowerPack Lite for Beaver Builder
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).
Plugin: WP Review Slider
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Review Slider plugin to the latest available version.
Plugin: Server Info
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: New User Approve
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress New User Approve plugin to the latest available version.
Plugin: Order Redirects for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Order Redirects for WooCommerce plugin to the latest available version.
Plugin: Post to Google My Business (Google Business Profile)
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Post to Google My Business (Google Business Profile) plugin to the latest available version.
Plugin: SV Forms
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Forms plugin to the latest available version.
Plugin: SV Posts
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Posts plugin to the latest available version.
Plugin: SV Media Library
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Media Library plugin to the latest available version.
Plugin: SV Proven Expert
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Proven Expert plugin to the latest available version.
Plugin: SV Tracking Manager
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Tracking Manager plugin to the latest available version.
Plugin: HuCommerce | Magyar WooCommerce kieg鳺?ek
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin to the latest available version.
Plugin: WordPress Tag Cloud Plugin – Tag Groups
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version.
Plugin: Ultra Elementor Addons
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode) plugin to the latest available version.
Plugin: Gallery Blocks with Lightbox
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Blocks with Lightbox plugin to the latest available version.
Plugin: Page Builder for Gutenberg – StarterBlocks
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Spotlight Social Media Feeds
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spotlight Social Media Feeds plugin to the latest available version.
Plugin: WordPress Auto SEO Plugin – Upfiv SEO Wizard
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WooCommerce Tiered Price Table
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Tiered Price Table plugin to the latest available version.
Plugin: RSS Control
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress RSS Control plugin to the latest available version.
Plugin: Protect Uploads with Login – Protect Your Uploads
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Required Taxonomies – Categories and Tags Mandatory
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Required Taxonomies – Categories and Tags Mandatory plugin to the latest available version.
Plugin: Search Field for Gravity Forms
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Field for Gravity Forms plugin to the latest available version.
Plugin: WooCommerce Country Catalogs – Product Country Restrictions
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Country Catalogs – Product Country Restrictions plugin to the latest available version.
Plugin: SV Columns Manager
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Columns Manager plugin to the latest available version.
Plugin: Bing Custom Search for WordPress
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Bing Custom Search for WordPress plugin to the latest available version.
Plugin: WooBuddy
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooBuddy plugin to the latest available version.
Plugin: WP SPID Italia
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP SPID Italia plugin to the latest available version.
Plugin: WP Tools Divi Blog Carousel
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version.
Plugin: WordPress WooCommerce Sync for Google Sheet
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms plugin to the latest available version.
Plugin: SV100 Companion
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV100 Companion plugin to the latest available version.
Plugin: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin to the latest available version.
Plugin: Stripe Express
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stripe Express plugin to the latest available version.
Plugin: WP Scrive by Webbstart
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Scrive by Webbstart plugin to the latest available version.
Plugin: Spanish Market Enhancements for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spanish Market Enhancements for WooCommerce plugin to the latest available version.
Plugin: Pay For Post with WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pay For Post with WooCommerce plugin to the latest available version.
Plugin: Popups
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Popups plugin to the latest available version.
Plugin: WP Mail Log
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Mail Log plugin to the latest available version.
Plugin: WP VR
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP VR plugin to the latest available version.
Plugin: Simple Author Box
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Author Box plugin to the latest available version.
Plugin: Remove Duplicate Posts
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove Duplicate Posts plugin to the latest available version.
Plugin: Quiz Cat
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Quiz Cat plugin to the latest available version.
Plugin: Shipping for Nova Poshta
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Shipping for Nova Poshta plugin to the latest available version.
Plugin: Order Picking For WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress Order Picking For WooCommerce plugin to the latest available version (at least 1.0.2).
Plugin: Easy Photography Portfolio
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Photography Portfolio plugin to the latest available version.
Plugin: Preloader Plus – WordPress Loading Screen Plugin
Vulnerability: WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Preloader Plus – WordPress Loading Screen Plugin plugin to the latest available version.
Plugin: Product Filter Widget for Elementor
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Filter Widget for Elementor plugin to the latest available version.
Plugin: PublishPress Planner: Organize and Schedule Your WordPress Content
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress PublishPress Planner: Organize and Schedule Your WordPress Content plugin to the latest available version.
Plugin: Remove WP Update Nags
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove WP Update Nags plugin to the latest available version.
Plugin: Role Based Bulk Quantity Pricing
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Search Console
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Console plugin to the latest available version.
Plugin: Seo Optimized Images
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Seo Optimized Images plugin to the latest available version.
Plugin: ShortcodeHub – MultiPurpose Shortcode Builder
Vulnerability: WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin to the latest available version.
Plugin:  Simple blueprint installer
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Simple blueprint installer plugin to the latest available version.
Plugin: Simple Tour Guide
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Tour Guide plugin to the latest available version.
Plugin: WP News and Scrolling Widgets
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP News and Scrolling Widgets plugin to the latest available version.
Plugin: Spice Blocks
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spice Blocks plugin to the latest available version.
Plugin: Stellar Places
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stellar Places plugin to the latest available version.
Plugin: Stop WP Emails Going to Spam
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop WP Emails Going to Spam plugin to the latest available version.
Plugin: Subaccounts for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Subaccounts for WooCommerce plugin to the latest available version.
Plugin: Terms & Conditions Per Product
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Terms & Conditions Per Product plugin to the latest available version.
Plugin: Ultimate Custom ScrollBar
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Ultimate Custom ScrollBar plugin to the latest available version (at least 1.2).
Plugin: Variable Inspector
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Variable Inspector plugin to the latest available version.
Plugin: Video Analytics for Cloudflare Stream
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Video Analytics for Cloudflare Stream plugin to the latest available version.
Plugin: BuddyPress Groups Integration for WooCommerce
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyPress Groups Integration for WooCommerce plugin to the latest available version.
Plugin: Divi Testimonial Plus
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Testimonial Plus plugin to the latest available version.
Plugin: Weglot Translate – Translate your WordPress website and go multilingual
Vulnerability: WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin <= 1.9 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin to the latest available version.
Plugin: WPEventPartners Demo Import
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEventPartners Demo Import plugin to the latest available version.
Plugin: WZ Followed Posts – Display what visitors are reading
Vulnerability: WordPress WZ Followed Posts – Display what visitors are reading plugin <= 2.0.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WZ Followed Posts – Display what visitors are reading plugin to the latest available version.
Plugin: WN Flipbox Pro
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 2.1
Recommended Action: Update the WordPress WN Flipbox Pro plugin to the latest available version (at least 2.1).
Plugin: Woocommerce Delivery Date Premium
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WooCommerce Google Ads Dynamic Remarketing
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Google Ads Dynamic Remarketing plugin to the latest available version.
Plugin: Live Sales Notification for Woocommerce – Woomotiv
Vulnerability: WordPress Live Sales Notification for Woocommerce – Woomotiv plugin <= 3.3.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Live Sales Notification for Woocommerce – Woomotiv plugin to the latest available version.
Plugin: Divi Carousel Lite
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Carousel Lite plugin to the latest available version.
Plugin: WP Cloud Server
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Cloud Server plugin to the latest available version.
Plugin: Coming Soon Pages for WordPress – Coming Soon Booster
Vulnerability: WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin <= 1.0.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin to the latest available version.
Plugin: Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp plugin to the latest available version.
Plugin: Mail Bank – #1 Mail SMTP Plugin for WordPress
Vulnerability: WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 3.0.12 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin to the latest available version.
Plugin: WP Native Articles – Instant Articles Plugin for WordPress
Vulnerability: WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin <= 1.1.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin to the latest available version.
Plugin: WP Signals
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Signals plugin to the latest available version.
Plugin: WP Table Pixie
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Table Pixie plugin to the latest available version.
Plugin: WPCasa Mail Alert
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPCasa Mail Alert plugin to the latest available version.
Plugin: Brand
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Cuisine Palace
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Elasta
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.9 of the theme.
Plugin: Amela
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.14 of the theme.
Plugin: Speculor
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Moose
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Meridia
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 2.2.8 of the theme.
Plugin: Purosa
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.3 of the theme.
Plugin: Villar
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Bani
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: NicheBase
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.3 of the theme.
Plugin: Arendelle
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.13 of the theme.
Plugin: Hasium
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Nokke
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.4 of the theme.
Plugin: Elation
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Unakit
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
0 Comments