Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
MC4WP
- Vulnerability: Admin+ Stored Cross-Site Scripting
- Severity: Low
- Fixed: update to version 4.8.7
Translate WordPress with GTranslate
- CSRF to Account Takeover
- Severity: High
- Fixed: update to version 2.9.9
Popup Builder
- SQL Injection to Reflected Cross-Site Scripting
- Severity: Medium
- Fixed: update to version 4.1.1
String Locator
- Admin+ Arbitrary File Read
- Severity: Low
- Fixed: update to version 2.5.0
Menu Image, Icons made easy
- Subscriber+ Stored Cross-Site Scripting
- Severity: High
- Fixed: update to version 3.0.8
Amelia
- Unauthenticated Stored XSS via lastName; Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure
- Severity: High
- Fixed: update to version 1.0.47
Drag and Drop Multiple File Upload – Contact Form 7
- Unauthenticated Stored XSS
- Severity: Medium
- Fixed: update to version 1.3.6.3
WordPress File Upload​
- Contributor+ Path Traversal to RCE
- Severity: Critical
- Fixed: update to version 4.16.3
WPC Smart Wishlist for WooCommerce
- Reflected Cross-Site Scripting
- Severity: Medium
- Fixed: update to version 2.9.4
SpeakOut! Email Petitions
- Unauthenticated SQLi
- Severity: High
- Fixed: update to version 2.14.15.1
Church Admin
- Unauthenticated Plugin’s Backup Disclosure
- Severity: High
- Fixed: update to version 3.4.135
Coupon Affiliates
- Unauthenticated Stored XSS
- Severity: High
- Fixed: update to version 4.16.4.5
Revision Manager TMC
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- Fixed: update to version 2.8.0
Title Experiments Free
- Unauthenticated SQLi
- Severity: High
- Fixed: update to version 9.0.1
Task Scheduler
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- Fixed: update to version 1.6.1
Limit Login Attempts (Spam Protection)
- Unauthenticated SQLi
- Severity: High
- Fixed: update to version 5.1
Popup Like box
- Reflected Cross-Site Scripting
- Severity: Medium
- Fixed: update to version 3.6.1
Admin Page Framework
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- Fixed: update to version 3.9.0
Conference Scheduler
- Reflected Cross-Site Scripting
- Severity: Medium
- Fixed: update to version 2.4.3
Plezi
- Unauthenticated Stored XSS
- Severity: High
- Fixed: update to version 2.4.31.0.3
WordPress File Upload
- Contributor+ Path Traversal to RCE
- Severity: Critical
- Fixed: update to version 4.16.3
Pz-LinkCard
- Reflected Cross-Site Scripting
- Severity: High
- No Fix - You should deactivate this plugin
WP Block and Stop Bad Bots
- Unauthenticated SQLi
- Severity: High
- No Fix - You should deactivate this plugin
Sermon Browser
- Arbitrary File Upload via CSRF
- Severity: High
- No Fix - You should deactivate this plugin
Faculty Weekly Schedule
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- No Fix - You should deactivate this plugin
Read Offline
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- No Fix - You should deactivate this plugin
OSMapper
- Unauthenticated Arbitrary Post Deletion
- Severity: High
- No Fix - You should deactivate this plugin
Bank Mellat
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Better Search TMC
- Folders Disclosure via Outdated jQueryFileTree Library
- Severity: Medium
- No Fix - You should deactivate this plugin
Bulk Creator
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Delete Old Orders
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Mapping Multiple URLs Redirect Same Page
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Multilist Subscribe for Sendy
- Subscriber+ Arbitrary Options Update
- Severity: High
- No Fix - You should deactivate this plugin
Akismet Privacy Policies
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Interactive Medical Drawing of Human Body
- Admin+ Stored Cross-Site Scripting
- Severity: Low
- No Fix - You should deactivate this plugin
dTabs
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Narnoo Distributor
- Unauthenticated LFI to Arbitrary File Read / RCE
- Severity: High
- No Fix - You should deactivate this plugin
Sync WooCommerce Product feed to Google Shopping
- Admin+ SQLi
- Severity: Medium
- No Fix - You should deactivate this plugin
Database Peek
- Reflected Cross-Site Scripting
- Severity: Medium
- No Fix - You should deactivate this plugin
Wow Countdowns
- Admin+ SQLi
- Severity: Medium
- No Fix - You should deactivate this plugin
Need Security Help? Get WooSecured
We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.