Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
rucy
Plugin:Â rucy
Vulnerability: CSRF Bypass
Patched in Version:Â No known fixÂ
WP-Backgrounds Lite
Plugin:Â WP-Backgrounds Lite
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
WP Security Question
Plugin:Â WP Security QuestionÂ
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
Event Espresso 4 Decaf – Event Registration Event Ticketing
Plugin: WEvent Espresso 4 Decaf – Event Registration Event Ticketing Â
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
WordPress Photo Gallery – Image Gallery
Plugin: WordPress Photo Gallery – Image Gallery Â
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
Opal Estate
Plugin: Opal Estate Â
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
Sync to Etsy Marketplace from WooCommerce
Plugin:Â Sync to Etsy Marketplace from WooCommerce
Vulnerability: RCSRF Bypass
Patched in Version: 3.3.2
Severity Score: Medium
RAYS Grid
Plugin:Â RAYS GridÂ
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
Sell Media
Plugin:Â Sell MediaÂ
Vulnerability: CSRF Bypass
Patched in Version:Â No known fix
Severity Score: Medium
Simple eCommerce
Plugin:Â Simple eCommerce
Vulnerability: Arbitrary File Upload
Patched in Version:Â No known fix
Severity Score: Critical
WP Courses LMS
Plugin:Â WP Courses LMS
Vulnerability: Authenticated Stored XSS via Video Embed Code
Patched in Version: 2.0.44
Severity Score: Low
CBX Bookmark & Favorite
Plugin:Â CBX Bookmark & Favorite
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.6.9
Severity Score: High
Afterpay Gateway for WooCommerce
Plugin:Â Afterpay Gateway for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.2.1
Severity Score: High
Amazon Auto Links
Plugin:Â Amazon Auto Links
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.6.20
Severity Score: High
Post Carousel
Plugin:Â Post Carousel
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.3.5
Severity Score: Medium
Smash Balloon Social Post Feed
Plugin:Â Smash Balloon Social Post FeedÂ
Vulnerability: Unauthenticated Stored XSS
Patched in Version: 2.19.2
Severity Score: Critical
Stop user Enumeration
Plugin:Â Stop User EnumerationÂ
Vulnerability: REST API Bypass
Patched in Version: 1.3.9
Severity Score: Medium
Language Bar Flags
Plugin:Â Language Bar Flags
Vulnerability: CSRF to Stored XSS
Patched in Version:Â No known fix
Severity Score: High
Email Artillery
Plugin:Â Email Artillery
Vulnerability: CSRF to Stored XSS
Patched in Version:Â No known fix
Severity Score: High
SEOPress 5.0.0
Plugin:Â SEOPress 5.0.0Â
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.0.4
Severity Score: Medium
SP Project & Document Manager
Plugin:Â SP Project & Document ManagerÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.26
Severity Score: High
WordPress Advanced Ticket System
Plugin:Â WordPress Advanced Ticket System
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.0.64
Severity Score: Low
WPHEKA Request for Quote
Plugin:Â WPHEKA Request For Quote
Vulnerability: CSRF Bypass
Patched in Version: 1.3
Severity Score: Medium
All 404 Redirect to Homepage
Plugin:Â All 404 Redirect to Homepage
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 2.1
Severity Score: Low
Fileviewer
Plugin:Â Fileviewer
Vulnerability: Arbitrary File Upload/Deletion via CSRF
Patched in Version:Â No known fix
Severity Score: Critical
Shopp eCommerce
Plugin:Â Shopp eCommerce
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version:Â No known fix
Severity Score: Critical
MF Gig Calendar
Plugin:Â MF Gig Calendar
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version:Â No known fix
Severity Score: High
BuddyPress
Plugin:Â BuddyPress
Vulnerability: Activation Key Disclosure
Patched in Version: 9.1.1
Severity Score: Medium
Jack on air now
Plugin:Â Jock on air now
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.6.3
Severity Score: Low
ThinkTwit
Plugin:Â ThinkTwit
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.7.1
Severity Score: Low
Shopping Cart & eCommerce Store
Plugin:Â Shopping Cart & eCommerce Store
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: High
Gutenslider
Plugin:Â Gutenslider
Vulnerability: Contributor+ Stored XSS
Patched in Version: 5.2.0
Severity Score: Medium
Visual Link Preview
Plugin:Â Visual Link Preview
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.2.3
Severity Score: Medium
Print My Blog
Plugin:Â Print My Blog
Vulnerability: Plugin Deactivation via CSRF
Patched in Version: 3.4.2
Severity Score: Medium
Splash Header
Plugin:Â Splash HeaderÂ
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.20.8
Severity Score: Low
youForms for WordPress
Plugin:Â youForms for WordPress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: Low
Availability Calendar
Plugin:Â Availability Calendar
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: Low
WP Mapa Politico Espana
Plugin:Â WP Mapa Politico Espana
Vulnerability: Authenticated Stored XSS
Patched in Version:Â No known fix
Severity Score: Low
Alojapro Widget
Plugin:Â Alojapro Widget
Vulnerability: Authenticated Stored Cross-Site Scripting(XSS)
Patched in Version:Â No known fix
Severity Score: Low
You Shang
Plugin:Â You Shang
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: Low
WP Dialog
Plugin:Â WP Dialog
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: Low
Donate with QRCode
Plugin:Â Donate With QRCode
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version:Â No known fix
Severity Score: Medium
WP Mobile Menu
Plugin: Titan Framework – WP Mobile Menu
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version:Â 2.8.2.3
Severity Score: High
W3SCloud Contact Form 7 to Zoho CRM
Plugin: Titan Framework – W3SCloud Contact Form 7 to Zoho CRM
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version:Â 2.1.0
Severity Score: High
Erident Custom Login and Dashboard
Plugin:Â Erident Custom Login and Dashboard
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version:Â 3.5.9
Severity Score: Low
WP Cerber Security
Plugin:Â WP Cerber Security
Vulnerability: Rest-API Protection Bypass
Patched in Version:Â 8.9.3
Severity Score: Medium
Flagallery Photo Portfolio
Plugin:Â Flagallery Photo Portfolio
Vulnerability: Full Path Disclosure
Patched in Version:Â 4.25
Severity Score: Medium
GRAND Flash Album Gallery
Plugin:Â GRAND Flash Album GalleryÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version:Â 1.67
Severity Score: High
2Way VideoCalls and Random Chat
Plugin:Â 2Way VideoCalls and Random ChatÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version:Â 5.2.8
Severity Score: High