Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Pixel Cat Lite
Plugin:Â Pixel Cat Lite
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.6.3
All-In-One-Gallery
Plugin:Â All-In-One-Gallery
Vulnerability: Admin+ Local File Inclusion
Patched in Version: 2.5.0
StopBadBots
Plugin:Â StopBadBotsÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 6.67
Temporary Login Without Password
Plugin:Â Temporary Login Without Password
Vulnerability: Subscriber+ Plugin’s Settings Update
Patched in Version: 1.7.1
ProfilePress
Plugin:Â ProfilePress
Vulnerability:Â Reflected Cross-Site Scripting
Patched in Version: 3.2.3
Modern Events Calendar
Plugin:Â Modern Events Calendar
Vulnerability: Unauthenticated Blind SQL Injection
Patched in Version: 6.1.5
Auto Featured Image
Plugin:Â Auto Featured Image
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.9.3
Ultimate NoFollow
Plugin:Â Ultimate NoFollowÂ
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
NEX-Forms
Plugin:Â NEX-FormsÂ
Vulnerability: Multiple Admin+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
SEO Booster
Plugin: SEO Booster Â
Vulnerability: Admin+ SQL Injection
Patched in Version: No known fix – plugin closed
WP System Log
Plugin:Â WP System Log
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.0.21
Inspirational Quote Rotator
Plugin:Â Inspirational Quote Rotator
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Single Post Exporter
Plugin:Â Single Post Exporter
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version: No known fix – plugin closed
Flex Local Fonts
Plugin:Â Flex Local FontsÂ
Vulnerability: Admin+ Stored Cross-Site-Scripting
Patched in Version: No known fix – plugin closed
WP Admin Logo Changer
Plugin:Â WP Admin Logo Changer
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version: No known fix – plugin closed
Contact Form Advanced Database
Plugin:Â Contact Form Advanced DatabaseÂ
Vulnerability: Unauthorised AJAX Calls
Patched in Version:Â No known fix
Shiny Buttons
Plugin:Â Shiny Buttons
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version:Â No known fix
Filter Portfolio Gallery
Plugin:Â Filter Portfolio Gallery
Vulnerability: Arbitrary Gallery Deletion via CSRF
Patched in Version:Â No known fix
WP Limits
Plugin:Â WP Limits
Vulnerability: Plugin’s Settings Update via CSRF
Patched in Version:Â No known fix (Plugin Closed)
Page/Post Content Shortcode
Plugin:Â Page/Post Content Shortcode
Vulnerability: Contributor+ Arbitrary Posts/Pages Access
Patched in Version:Â No known fix (plugin closed)
Improved Include Page
Plugin:Â Improved Include Page
Vulnerability: Contributor+ Arbitrary Posts/Pages Access
Patched in Version:Â No known fix
Mediamatic
Plugin:Â Mediamatic
Vulnerability: Subscriber+ SQL Injection
Patched in Version:Â No known fix
Display Post Metadata
Plugin:Â Display Post Metadata
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version:Â No known fix
ToTop Link
lugin:Â ToTop Link
Vulnerability: Unauthenticated PHP Object Injection
Patched in Version:Â No known fix
User Meta Shortcodes
Plugin:Â User Meta Shortcodes
Vulnerability: Contributor+ Unauthorized Arbitrary User Metadata Access
Patched in Version:Â No known fix
Quotes Collection
Plugin:Â Quotes Collection
Vulnerability: Admin+ SQL Injection
Patched in Version:Â No known fix
Push Notifications for WordPress (Lite)
Plugin:Â Push Notifications for WordPress (Lite)Â
Vulnerability: Settings Update via CSRF
Patched in Version: 6.0.1
SportsPress
Plugin:Â SportsPress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.7.9
Login/Signup Popup
Plugin:Â Login/Signup Popup
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.2
Preview E-mails for WooCommerce
Plugin:Â Preview E-mails for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.0.0
WP User Frontend
Plugin: WP User Frontend Â
Vulnerability: Membership, Profile, Registration & Post Submission Plugin for WordPressÂ
Patched in Version: 3.5.25
Directorist – Business Directory Plugin
Plugin: Directorist – Business Directory Plugin
Vulnerability: CSRF to Remote File Upload
Patched in Version: 7.0.6.2