Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
#1 WooCommerce
Plugin: WooCommerce 3.3 to 5.5
Vulnerability: Authenticated SQL Injection
Patched in Version: 5.5.1
Â
#2 WooCommerce Blocks
Plugin: WooCommerce Blocks 2.5 to 5.5
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 5.5.1
Â
#3 Advanced Menu Manager
Plugin:Â Advanced Menu Manager
Vulnerability: Unauthorised Menu Creation/Deletion
Patched in Version: No known fix – Plugin ClosedÂ
Â
Plugin:Â Advanced Menu Manager
Vulnerability: Unauthorised Menu CEdition via CSRF
Patched in Version: No known fix – Plugin Closed
#4 WR Age Verification
Plugin:Â Wr Age Verification
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.0.0
#5 Marmoset Viewer
Plugin:Â Marmoset Viewer
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.3
#6 WOWRestro
Plugin:Â WOWRestro
Vulnerability: CSRF Bypass
Patched in Version: 1.1
#7 Page View Counts
Plugin:Â Page View Counts
Vulnerability: Contributor+ Stored Cross-Site Scripting (XSS)
Patched in Version: 2.4.9
#8 Frontend File Manager
Plugin:Â Frontend File Manager
Vulnerability: Privilege Escalation
Patched in Version: 18.3
Â
Plugin:Â Frontend File Manager
Vulnerability: Unauthenticated Content Injection and Stored XSS
Patched in Version: 18.3
Â
Plugin:Â Frontend File Manager
Vulnerability: Authenticated Arbitrary Settings Change to Arbitrary File Upload
Patched in Version: 18.3
Â
Plugin:Â Frontend File Manager
Vulnerability: Unauthenticated Arbitrary Post Deletion
Patched in Version: 18.3
Â
Plugin:Â Frontend File Manager
Vulnerability: Unauthenticated Post Meta Change to Arbitrary File Download
Patched in Version: 18.3
Â
Plugin:Â Frontend File Manager
Vulnerability: Unauthenticated HTML Injection
Patched in Version: 18.3
#9 Stock in & out
Plugin:Â Stock in & out
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix – Plugin ClosedÂ
Plugin:Â Stock in & out
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix – Plugin Closed
#10 Side Menu Lite
Plugin:Â Side Menu Lite
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.2.1
#11 Profile Press
Plugin:Â ProfilePress
Vulnerability: Unauthenticated Cross-Site Scripting (XSS)
Patched in Version: 3.1.11
#12 WP Google Map
Plugin:Â WP Google Map
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.7.7
#13 10Web Map Builder for Google Maps
Plugin:Â 10Web Map Builder for Google Maps
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.0.70
#14 Video Posts Web Cam Recorder
Plugin:Â Video Posts Webcam Recorder
Vulnerability: Authenticated Reflected XSS
Patched in Version: 3.2.4
#15 WP Front Notification Bar
Plugin:Â WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.0.07176
#16 WordPress Popular Posts
Plugin:Â WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#17 Form Maker from 10Web
Plugin:Â WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#18 Activity Log
Plugin:Â Activity Log
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.7.0
#19 Current Book
Plugin:Â Current Book
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: No known fix – Plugin Closed
#20 ECPay Logistics for WooCommerce
Plugin:Â WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#21 Event Espresso Core
Plugin: Event Espresso Core
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 4.10.7.p