Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
rucy
Plugin: rucy
Vulnerability: CSRF Bypass
Patched in Version: No known fix
WP-Backgrounds Lite
Plugin: WP-Backgrounds Lite
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
WP Security Question
Plugin: WP Security Question
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
Event Espresso 4 Decaf – Event Registration Event Ticketing
Plugin: WEvent Espresso 4 Decaf – Event Registration Event Ticketing
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
WordPress Photo Gallery – Image Gallery
Plugin: WordPress Photo Gallery – Image Gallery
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
Opal Estate
Plugin: Opal Estate
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
Sync to Etsy Marketplace from WooCommerce
Plugin: Sync to Etsy Marketplace from WooCommerce
Vulnerability: RCSRF Bypass
Patched in Version: 3.3.2
Severity Score: Medium
RAYS Grid
Plugin: RAYS Grid
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
Sell Media
Plugin: Sell Media
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium
Simple eCommerce
Plugin: Simple eCommerce
Vulnerability: Arbitrary File Upload
Patched in Version: No known fix
Severity Score: Critical
WP Courses LMS
Plugin: WP Courses LMS
Vulnerability: Authenticated Stored XSS via Video Embed Code
Patched in Version: 2.0.44
Severity Score: Low
CBX Bookmark & Favorite
Plugin: CBX Bookmark & Favorite
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.6.9
Severity Score: High
Afterpay Gateway for WooCommerce
Plugin: Afterpay Gateway for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.2.1
Severity Score: High
Amazon Auto Links
Plugin: Amazon Auto Links
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.6.20
Severity Score: High
Post Carousel
Plugin: Post Carousel
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.3.5
Severity Score: Medium
Smash Balloon Social Post Feed
Plugin: Smash Balloon Social Post Feed
Vulnerability: Unauthenticated Stored XSS
Patched in Version: 2.19.2
Severity Score: Critical
Stop user Enumeration
Plugin: Stop User Enumeration
Vulnerability: REST API Bypass
Patched in Version: 1.3.9
Severity Score: Medium
Language Bar Flags
Plugin: Language Bar Flags
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High
Email Artillery
Plugin: Email Artillery
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High
SEOPress 5.0.0
Plugin: SEOPress 5.0.0
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.0.4
Severity Score: Medium
SP Project & Document Manager
Plugin: SP Project & Document Manager
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.26
Severity Score: High
WordPress Advanced Ticket System
Plugin: WordPress Advanced Ticket System
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.0.64
Severity Score: Low
WPHEKA Request for Quote
Plugin: WPHEKA Request For Quote
Vulnerability: CSRF Bypass
Patched in Version: 1.3
Severity Score: Medium
All 404 Redirect to Homepage
Plugin: All 404 Redirect to Homepage
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 2.1
Severity Score: Low
Fileviewer
Plugin: Fileviewer
Vulnerability: Arbitrary File Upload/Deletion via CSRF
Patched in Version: No known fix
Severity Score: Critical
Shopp eCommerce
Plugin: Shopp eCommerce
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: No known fix
Severity Score: Critical
MF Gig Calendar
Plugin: MF Gig Calendar
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High
BuddyPress
Plugin: BuddyPress
Vulnerability: Activation Key Disclosure
Patched in Version: 9.1.1
Severity Score: Medium
Jack on air now
Plugin: Jock on air now
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.6.3
Severity Score: Low
ThinkTwit
Plugin: ThinkTwit
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.7.1
Severity Score: Low
Shopping Cart & eCommerce Store
Plugin: Shopping Cart & eCommerce Store
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High
Gutenslider
Plugin: Gutenslider
Vulnerability: Contributor+ Stored XSS
Patched in Version: 5.2.0
Severity Score: Medium
Visual Link Preview
Plugin: Visual Link Preview
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.2.3
Severity Score: Medium
Print My Blog
Plugin: Print My Blog
Vulnerability: Plugin Deactivation via CSRF
Patched in Version: 3.4.2
Severity Score: Medium
Splash Header
Plugin: Splash Header
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.20.8
Severity Score: Low
youForms for WordPress
Plugin: youForms for WordPress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Low
Availability Calendar
Plugin: Availability Calendar
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Low
WP Mapa Politico Espana
Plugin: WP Mapa Politico Espana
Vulnerability: Authenticated Stored XSS
Patched in Version: No known fix
Severity Score: Low
Alojapro Widget
Plugin: Alojapro Widget
Vulnerability: Authenticated Stored Cross-Site Scripting(XSS)
Patched in Version: No known fix
Severity Score: Low
You Shang
Plugin: You Shang
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Low
WP Dialog
Plugin: WP Dialog
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Low
Donate with QRCode
Plugin: Donate With QRCode
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium
WP Mobile Menu
Plugin: Titan Framework – WP Mobile Menu
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.8.2.3
Severity Score: High
W3SCloud Contact Form 7 to Zoho CRM
Plugin: Titan Framework – W3SCloud Contact Form 7 to Zoho CRM
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.1.0
Severity Score: High
Erident Custom Login and Dashboard
Plugin: Erident Custom Login and Dashboard
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 3.5.9
Severity Score: Low
WP Cerber Security
Plugin: WP Cerber Security
Vulnerability: Rest-API Protection Bypass
Patched in Version: 8.9.3
Severity Score: Medium
Flagallery Photo Portfolio
Plugin: Flagallery Photo Portfolio
Vulnerability: Full Path Disclosure
Patched in Version: 4.25
Severity Score: Medium
GRAND Flash Album Gallery
Plugin: GRAND Flash Album Gallery
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.67
Severity Score: High
2Way VideoCalls and Random Chat
Plugin: 2Way VideoCalls and Random Chat
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 5.2.8
Severity Score: High