Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Events Manager
Plugin: Events Manager
Vulnerability: Admin+ SQL Injection
Patched in Version: 5.9.8
Rich Reviews by Starfish
Plugin: Rich Reviews by Starfish
Vulnerability: Admin+ SQL Injection
Patched in Version: 1.9.6
Typebot
Plugin: Typebot
Vulnerability: Admin+ Stored Cross Site Scripting
Patched in Version: 1.4.3
Contact Form & Lead Form Elementor Builder
Plugin: Contact Form & Lead Form Elementor Builder
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.6.4
Download Manager
Plugin: Download Manager
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 3.2.22
WP RSS Aggregator
Plugin: Subscriber+ Stored Cross-Site Scripting
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.19.3
Buttonizer – Smart Floating Action Button
Plugin: Buttonizer – Smart Floating Action Button
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.5.5
WP Mail Logging
Plugin: WP Mail Logging
Vulnerability: Outdated Redux Framework
Patched in Version: 1.10.0
Stetic
Plugin: Stetic
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Contact Form With Captcha
Plugin: Contact Form With Captcha
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Awesome Support
Plugin: Awesome Support
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 6.0.7
Asgaros Forums
Plugin: Asgaros Forums
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.15.14
LiteSpeed Cache
Plugin: LiteSpeed Cache
Vulnerability: IP Check Bypass to Unauthenticated Stored XSS
Patched in Version: 4.4.4
Video Conferencing with Zoom
Plugin: Video Conferencing with Zoom
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.8.16
Booster for Woocommerce
Plugin: Booster for Woocommerce
Vulnerability: Reflected Cross-Site Scripting in PDF Invoicing Module
Patched in Version: 5.4.9
Speed Booster Pack
Plugin: Speed Booster Pack
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.3.3.1
OMGF
Plugin: OMGF
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.5.12
CAOS
Plugin: CAOS
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.1.9
WP Travel Engine
Plugin: WP Travel Engine
Vulnerability: Editor+ Stored Cross-Site Scripting
Patched in Version: 5.3.1
Download Monitor
Plugin: Download Monitor
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.4.5
Mortgage Calculator / Loan Calculator
Plugin: Mortgage Calculator / Loan Calculator
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.5.17
Variation Swatches for WooCommerce
Plugin: Variation Swatches for WooCommerce
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 2.1.2
ClickBank Affiliate Ads
Plugin: ClickBank Affiliate Ads
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Advanced Custom Fields
Plugin: Advanced Custom Fields
Vulnerability: Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move
Patched in Version: 5.11
Canto
Plugin: Canto
Vulnerability: Unauthenticated Blind SSRF
Patched in Version: No known fix
All-In-One-Gallery
Plugin: All-In-One-Gallery
Vulnerability: Admin+ Local File Inclusion
Patched in Version: 2.5.0
