Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Pixel Cat Lite
Plugin: Pixel Cat Lite
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.6.3
All-In-One-Gallery
Plugin: All-In-One-Gallery
Vulnerability: Admin+ Local File Inclusion
Patched in Version: 2.5.0
StopBadBots
Plugin: StopBadBots
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 6.67
Temporary Login Without Password
Plugin: Temporary Login Without Password
Vulnerability: Subscriber+ Plugin’s Settings Update
Patched in Version: 1.7.1
ProfilePress
Plugin: ProfilePress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.2.3
Modern Events Calendar
Plugin: Modern Events Calendar
Vulnerability: Unauthenticated Blind SQL Injection
Patched in Version: 6.1.5
Auto Featured Image
Plugin: Auto Featured Image
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.9.3
Ultimate NoFollow
Plugin: Ultimate NoFollow
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
NEX-Forms
Plugin: NEX-Forms
Vulnerability: Multiple Admin+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
SEO Booster
Plugin: SEO Booster
Vulnerability: Admin+ SQL Injection
Patched in Version: No known fix – plugin closed
WP System Log
Plugin: WP System Log
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.0.21
Inspirational Quote Rotator
Plugin: Inspirational Quote Rotator
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Single Post Exporter
Plugin: Single Post Exporter
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version: No known fix – plugin closed
Flex Local Fonts
Plugin: Flex Local Fonts
Vulnerability: Admin+ Stored Cross-Site-Scripting
Patched in Version: No known fix – plugin closed
WP Admin Logo Changer
Plugin: WP Admin Logo Changer
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version: No known fix – plugin closed
Contact Form Advanced Database
Plugin: Contact Form Advanced Database
Vulnerability: Unauthorised AJAX Calls
Patched in Version: No known fix
Shiny Buttons
Plugin: Shiny Buttons
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Filter Portfolio Gallery
Plugin: Filter Portfolio Gallery
Vulnerability: Arbitrary Gallery Deletion via CSRF
Patched in Version: No known fix
WP Limits
Plugin: WP Limits
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version: No known fix (Plugin Closed)
Page/Post Content Shortcode
Plugin: Page/Post Content Shortcode
Vulnerability: Contributor+ Arbitrary Posts/Pages Access
Patched in Version: No known fix (plugin closed)
Improved Include Page
Plugin: Improved Include Page
Vulnerability: Contributor+ Arbitrary Posts/Pages Access
Patched in Version: No known fix
Mediamatic
Plugin: Mediamatic
Vulnerability: Subscriber+ SQL Injection
Patched in Version: No known fix
Display Post Metadata
Plugin: Display Post Metadata
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: No known fix
ToTop Link
lugin: ToTop Link
Vulnerability: Unauthenticated PHP Object Injection
Patched in Version: No known fix
User Meta Shortcodes
Plugin: User Meta Shortcodes
Vulnerability: Contributor+ Unauthorized Arbitrary User Metadata Access
Patched in Version: No known fix
Quotes Collection
Plugin: Quotes Collection
Vulnerability: Admin+ SQL Injection
Patched in Version: No known fix
Push Notifications for WordPress (Lite)
Plugin: Push Notifications for WordPress (Lite)
Vulnerability: Settings Update via CSRF
Patched in Version: 6.0.1
SportsPress
Plugin: SportsPress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.7.9
Login/Signup Popup
Plugin: Login/Signup Popup
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.2
Preview E-mails for WooCommerce
Plugin: Preview E-mails for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.0.0
WP User Frontend
Plugin: WP User Frontend
Vulnerability: Membership, Profile, Registration & Post Submission Plugin for WordPress
Patched in Version: 3.5.25
Directorist – Business Directory Plugin
Plugin: Directorist – Business Directory Plugin
Vulnerability: CSRF to Remote File Upload
Patched in Version: 7.0.6.2