Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
#1 WooCommerce
Plugin: WooCommerce 3.3 to 5.5
Vulnerability: Authenticated SQL Injection
Patched in Version: 5.5.1
#2 WooCommerce Blocks
Plugin: WooCommerce Blocks 2.5 to 5.5
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 5.5.1
#3 Advanced Menu Manager
Plugin: Advanced Menu Manager
Vulnerability: Unauthorised Menu Creation/Deletion
Patched in Version: No known fix – Plugin Closed
Plugin: Advanced Menu Manager
Vulnerability: Unauthorised Menu CEdition via CSRF
Patched in Version: No known fix – Plugin Closed
#4 WR Age Verification
Plugin: Wr Age Verification
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.0.0
#5 Marmoset Viewer
Plugin: Marmoset Viewer
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.3
#6 WOWRestro
Plugin: WOWRestro
Vulnerability: CSRF Bypass
Patched in Version: 1.1
#7 Page View Counts
Plugin: Page View Counts
Vulnerability: Contributor+ Stored Cross-Site Scripting (XSS)
Patched in Version: 2.4.9
#8 Frontend File Manager
Plugin: Frontend File Manager
Vulnerability: Privilege Escalation
Patched in Version: 18.3
Plugin: Frontend File Manager
Vulnerability: Unauthenticated Content Injection and Stored XSS
Patched in Version: 18.3
Plugin: Frontend File Manager
Vulnerability: Authenticated Arbitrary Settings Change to Arbitrary File Upload
Patched in Version: 18.3
Plugin: Frontend File Manager
Vulnerability: Unauthenticated Arbitrary Post Deletion
Patched in Version: 18.3
Plugin: Frontend File Manager
Vulnerability: Unauthenticated Post Meta Change to Arbitrary File Download
Patched in Version: 18.3
Plugin: Frontend File Manager
Vulnerability: Unauthenticated HTML Injection
Patched in Version: 18.3
#9 Stock in & out
Plugin: Stock in & out
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix – Plugin Closed
Plugin: Stock in & out
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix – Plugin Closed
#10 Side Menu Lite
Plugin: Side Menu Lite
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.2.1
#11 Profile Press
Plugin: ProfilePress
Vulnerability: Unauthenticated Cross-Site Scripting (XSS)
Patched in Version: 3.1.11
#12 WP Google Map
Plugin: WP Google Map
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.7.7
#13 10Web Map Builder for Google Maps
Plugin: 10Web Map Builder for Google Maps
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.0.70
#14 Video Posts Web Cam Recorder
Plugin: Video Posts Webcam Recorder
Vulnerability: Authenticated Reflected XSS
Patched in Version: 3.2.4
#15 WP Front Notification Bar
Plugin: WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.0.07176
#16 WordPress Popular Posts
Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#17 Form Maker from 10Web
Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#18 Activity Log
Plugin: Activity Log
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.7.0
#19 Current Book
Plugin: Current Book
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: No known fix – Plugin Closed
#20 ECPay Logistics for WooCommerce
Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3
#21 Event Espresso Core
Plugin: Event Espresso Core
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 4.10.7.p
