Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Registrations for the Events Calendar
Plugin:Â Registrations for the Events Calendar
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 2.7.6
LoginWP
Plugin:Â LoginWPÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.0.0.5
WooCommerce Currency Switcher
Plugin:Â WooCommerce Currency Switcher
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.3.7.1
Secure Copy Content Protection and Content Locking
Plugin:Â Secure Copy Content Protection and Content Locking
Vulnerability: Subscriber+ Email Address Disclosure
Patched in Version: 2.8.2
Bookly
Plugin:Â BooklyÂ
Vulnerability: Staff Member Stored Cross-Site Scripting
Patched in Version: 20.3.1
Email Log
Plugin:Â Email Log
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.4.8
Tawk.to Live Chat
Plugin:Â Tawk.to Live Chat
Vulnerability: Subscriber+ Visitor Monitoring & Chat Removal
Patched in Version: 0.6.0
WP Data Access
Plugin:Â WP Data Access
Vulnerability: Admin+ SQL Injection
Patched in Version: 5.0.0
PDF.js Viewer
Plugin:Â PDF.js Viewer
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 2.0.2
Backup and Restore
Plugin:Â Backup and Restore
Vulnerability: Admin+ Arbitrary File Deletion
Patched in Version:Â No known fix
LearnPress
Plugin:Â LearnPressÂ
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.1.4
Get Custom Field Values
Plugin:Â Get Custom Field Values
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 4.0.1
Booking Package
Plugin:Â Booking Package
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.5.11
Like Button Rating
Plugin:Â Like Button Rating
Vulnerability: Unauthorised Vote Export to Email & IP Addresses Disclosure
Patched in Version: 2.6.38
Caldera Forms
Plugin:Â Caldera Forms
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.9.5
Starter Templates
Plugin:Â Starter Templates
Vulnerability: Contributor+ Block Import to Stored XSS
Patched in Version: 2.7.1
Contact Form Email
Plugin:Â Contact Form Email
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.3.25
Video Gallery – Vimeo and YouTube Gallery
Plugin: Video Gallery – Vimeo and YouTube GalleryÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.1.5
WordPress Popular Posts
Plugin:Â WordPress Popular Posts
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 5.3.4
WP Mega Menu
Plugin:Â WP Mega Menu
Vulnerability: Subscriber+ Arbitrary Post Access
Patched in Version: 1.4.1
Cherry Plugin
Plugin:Â Cherry PluginÂ
Vulnerability: Unauthenticated Arbitrary File Upload and Download
Patched in Version: 1.2.7
WP Job Manager
Plugin: WP Job Manager – WordPress plugin | WordPress.orgÂ
Vulnerability: Phar Deserialization
Patched in Version: 1.31.3
WP Mobile Detector
Plugin:Â WP Mobile Detector
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: 3.6
Telefication
Plugin:Â Telefication
Vulnerability: Open Relay & Server-Side Request Forgery
Patched in Version: no known fix – plugin closed
Game Server Status
Plugin:Â Game Server StatusÂ
Vulnerability: Contributor+ SQL Injection
Patched in Version: no known fix – plugin closed
Responsive WordPress Slider
Plugin:Â Responsive WordPress Slider
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Fetch Tweets
Plugin:Â Fetch TweetsÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: no known fix – plugin closed
WooCommerce
Plugin:Â WooCommerceÂ
Vulnerability: Analytics Report Leaks
Patched in Version: 5.7.0
WooCommerce Admin
Plugin:Â WooCommerce AdminÂ
Vulnerability: Analytics Report Leaks
Patched in Version: 2.6.0
Cookie Bar
Plugin:Â Cookie BarÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
WP User Manager
Plugin:Â WP User ManagerÂ
Vulnerability: Arbitrary User Password Reset to Account Compromise
Patched in Version: 2.6.3
Easy Media Download
3DPrint Lite
Plugin:Â iQ Block Country
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.2.12