Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Pinterest Automatic
Plugin: WordPress Automatic
Vulnerability: Unauthenticated Arbitrary Options Update
Patched in Version: 3.53.3
ELEX WooCommerce Google Shopping
Plugin: ELEX WooCommerce Google Shopping
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.2.4
User Registration
Plugin: User Registration
Vulnerability: Low Privilege Stored Cross-Site Scripting
Patched in Version: 2.0.2
Severity Score: Medium
uListing
Plugin: uListing
Vulnerability: Arbitrary Blog Option Update via CSRF
Patched in Version: 2.0.9
Appointment Hour Booking
Plugin: Appointment Hour Booking
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 1.3.16
UsersWP
Plugin: UsersWP
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.2.2.29
PublishPress Editorial Calendar
Plugin: PublishPress Editorial Calendar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.5.1
Better Find and Replace
Plugin: Better Find and Replace
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.2.9
CM Tooltip Glossary
Plugin: CM Tooltip Glossary
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 3.9.21
Bitcoin / AltCoin Payment Gateway for WooCommerce
Plugin: Bitcoin / AltCoin Payment Gateway for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.6.1
Modern Events Calendar Lite
Plugin: Modern Events Calendar Lite
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 5.22.2
My Chatbot
Theme: My Chatbot
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Duplicate Page
Plugin: Duplicate Page
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 4.4.3
Weather Effect
Plugin: Weather Effect
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.3.6
Chained Quiz
Plugin: Chained Quiz
Vulnerability: Authenticated Stored Cross Site Scripting
Patched in Version: 1.2.7.2
WP Academic People List
Plugin: WP Academic People List
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Konnichiwa! Membership
Plugin: Konnichiwa! Membership
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
3D Cover Carousel
Plugin: 3D Cover Carousel
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
More From Google
Plugin: More From Google
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
simpleSAMLphp Authentication
Plugin: simpleSAMLphp Authentication
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Custom Menu Plugin
Plugin: Custom Menu Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Twitter Friends Widget
Plugin: Twitter Friends Widget
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
RentPress
Plugin: RentPress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
SP Rental Manager
Plugin: SP Rental Manager
Vulnerability: Unauthenticated SQL Injection
Patched in Version: No known fix
User Activation Email
Plugin: User Activation Email
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WP Google Maps
Plugin: WP Google Maps
Vulnerability: Multiple Admin+ Stored Cross-Site Scripting
Patched in Version: 8.1.13
GeoDirectory
Plugin: GeoDirectory
Vulnerability: Authenticated (admin+) Stored Cross-Site Scripting (XSS)
Patched in Version: 2.1.1.3
TranslatePress
Plugin: TranslatePress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.0.9
Post Title Counter
Plugin: Post Title Counter
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
YouTube Video Inserter
Plugin: YouTube Video Inserter
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Notices
Plugin: Notices
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
DJ EmailPublish
Plugin: DJ EmailPublish
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Visual Link Preview
Plugin: Visual Link Preview
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.2.3
Severity Score: Medium
Yet Another bol.com Plugin
Plugin: Yet Another bol.com Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WP-T-Wap
Plugin: WP-T-Wap
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
On Page SEO + Whatsapp Chat Button
Plugin: On Page SEO + Whatsapp Chat Button
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WP Scrippets
Plugin: WP Scrippets
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WP Design Maps & Places
Plugin: WP Design Maps & Places
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Wise Agent Capture Forms
Plugin: Wise Agent Capture Forms
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Edit Comments XT
Plugin: Edit Comments XT
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
RSVPMaker Excel
Plugin: RSVPMaker Excel
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Border Loading Bar
Plugin: Border Loading Bar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Simple Matted Thumbnails
Plugin: Simple Matted Thumbnails
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WordPress Simple Shop
Plugin: WordPress Simple Shop
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WooCommerce Payment Gateway Per Category
Plugin: WooCommerce Payment Gateway Per Category
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Custom Website Data
Plugin: Custom Website Data
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Advance Search
Plugin: Advance Search
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Integration of Moneybird for WooCommerce
Plugin: Integration of Moneybird for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Spideranalyse
Plugin: Integration of Moneybird for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
OSD Subscribe
Plugin: OSD Subscribe
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Feedify Web Push Notifications
Plugin: Feedify Web Push Notifications
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Dropdown and scrollable Text
Plugin: Dropdown and scrollable Text
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
GNU-Mailman Integration
Plugin: GNU-Mailman Integration
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Bug Library
Plugin: Bug Library
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
SMS OVH
Plugin: SMS OVH
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
MoolaMojo
Plugin: MoolaMojo
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
WordPress InviteBox Plugin
Plugin: WordPress InviteBox Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
wp-publications
Plugin: wp-publications
Vulnerability: Local File Inclusion
Patched in Version: No known fix
Timetable and Event Schedule by MotoPress
Plugin: Timetable and Event Schedule by MotoPress
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: 2.3.19
Comment Link Remove and Other Comment Tools
Plugin: Comment Link Remove and Other Comment Tools
Vulnerability: Arbitrary Comment Deletion via CSRF
Patched in Version: 2.1.6
WP Simple Booking Calendar
Plugin: WP Simple Booking Calendar
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.0.6
Block and Stop Bad Bots
Plugin: Block and Stop Bad Bots
Vulnerability: Authenticated SQL Injections
Patched in Version: 6.60
Paid Member Subscriptions
Plugin: Paid Member Subscriptions
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.4.2
Easy Accordion
Plugin: Easy Accordion
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.0.22