Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Comments – wpDiscuz
Plugin: Comments – wpDiscuz
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 7.3.2
Page Generator
Plugin:Â Page GeneratorÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.5.9
WordPress to Hootsuite
Plugin:Â WordPress to Hootsuite
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.3.9
WordPress to Buffer
Plugin:Â WordPress to Buffer
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.7.5
Gutenberg PDF Viewer Block
Plugin:Â Gutenberg PDF Viewer BlockÂ
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.0.1
YITH WooCommerce Product Add-Ons
Plugin:Â YITH WooCommerce Product Add-Ons
Vulnerability: Authenticated Local File Inclusion
Patched in Version: 2.1.0
To Top
Plugin: To Top Â
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 2.3
Header Enhancement
Plugin:Â Header Enhancement
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.5
Generate Child Theme
Plugin:Â Generate Child Theme
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.6
Essential Content Types
Plugin:Â Essential Content Types
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.9
Catch Web Tools
Plugin:Â Catch Web ToolsÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 2.7
Essential Widgets
Plugin:Â Software License ManagerÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.9
Catch Under Construction
Plugin:Â Catch Under ConstructionÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.4
Catch Themes Demo Import
Plugin:Â Catch Themes Demo Import
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.6
Catch Sticky Menu
Plugin:Â Catch Sticky MenuÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.7
Catch Scroll Progress Bar
Plugin:Â Catch Scroll Progress Bar
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.6
Social Gallery and Widget
Plugin:Â Social Gallery and Widget
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 2.3
Catch Infinite Scroll
Plugin:Â Catch Infinite Scroll
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.9
Catch Duplicate Switcher
Plugin:Â Catch Duplicate SwitcherÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.6
Catch Breadcrumb
Plugin:Â Catch Breadcrumb
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 1.7
Catch IDs
Plugin:Â Catch IDsÂ
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 2.4
Tutor LMS
Plugin:Â Tutor LMSÂ
Vulnerability: Multiple Admin+ Stored Cross-Site Scripting
Patched in Version: 1.9.9
WP Import Export Lite
Plugin:Â WP Import Export LiteÂ
Vulnerability: Subscriber+ Extensions Update
Patched in Version: 3.9.5
One User Avatar
Plugin:Â One User Avatar
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 2.3.7
Scroll Baner
Plugin:Â Scroll BanerÂ
Vulnerability: CSRF to RCE
Patched in Version:Â no known fix
WP Ticket
Plugin:Â WP Ticket
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 5.10.4
GamePress
Plugin:Â GamePressÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version:Â no known fix
Wechat Reward
Plugin:Â Wechat RewardÂ
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version:Â no known fix
Sociable
Plugin:Â SociableÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version:Â no known fix
BetterDocs
Plugin:Â BetterDocsÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.2
Multiple WooCommerce Add-Ons – multiple plugins
Plugin:Â Product Filter for WooCommerceÂ
Vulnerability: Low Priv Arbitrary Blog Options Update/Access/Deletion & Plugin’s Settings Update/Export/Import
Patched in Version: 8.2.0
WP Cookie Choice
Plugin:Â WP Cookie Choice
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version:Â no known fix
Easy Twitter Feed
Plugin:Â Easy Twitter FeedÂ
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.2
Html5 Audio Player
Plugin:Â Html5 Audio PlayerÂ
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 2.1.3
Polo Video Gallery
Plugin:Â Polo Video GalleryÂ
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
StreamCast
Plugin: StreamCast Â
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 2.1.1
PDF Light Viewer
Plugin:Â PDF Light ViewerÂ
Vulnerability: Authenticated Command Injection
Patched in Version: 1.4.12
MainWP Child Reports
Plugin:Â MainWP Child ReportsÂ
Vulnerability: Admin+ SQL Injection
Patched in Version: 2.0.8
LearnPress
Plugin:Â LearnPress
Vulnerability: Unauthorised Plugin’s Setting Change
Patched in Version: 4.1.3.1
OptinMonster
Plugin:Â OptinMonsterÂ
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.6.1
Frontend Uploader
Plugin:Â Frontend Uploader
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Allow REL= and HTML in Author Bios
Plugin: Allow REL= and HTML in Author Bios – WordPress plugin | WordPress.org
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
WP HTML Author Bio
Plugin:Â WP HTML Author Bio
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
jQuery Reply to Comment
Plugin:Â jQuery Reply to CommentÂ
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Video Gallery – Vimeo and YouTube Gallery
Plugin: Video Gallery – Vimeo and YouTube Gallery
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Request a Quote
Plugin:Â Request a QuoteÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.3.5
St Daily Tip
Plugin:Â St Daily Tip
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Advance Search
Plugin:Â Advance SearchÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.1.3
WP Mega Menu
Plugin:Â WP Mega Menu
Vulnerability: Subscriber+ Arbitrary Post Access
Patched in Version: 1.4.1
Cherry Plugin
Plugin:Â Cherry PluginÂ
Vulnerability: Unauthenticated Arbitrary File Upload and Download
Patched in Version: 1.2.7
WP Job Manager
Plugin: WP Job Manager – WordPress plugin | WordPress.orgÂ
Vulnerability: Phar Deserialization
Patched in Version: 1.31.3
WP Mobile Detector
Plugin:Â WP Mobile Detector
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: 3.6
Telefication
Plugin:Â Telefication
Vulnerability: Open Relay & Server-Side Request Forgery
Patched in Version: no known fix – plugin closed
Game Server Status
Plugin:Â Game Server StatusÂ
Vulnerability: Contributor+ SQL Injection
Patched in Version: no known fix – plugin closed
Responsive WordPress Slider
Plugin:Â Responsive WordPress Slider
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
Fetch Tweets
Plugin:Â Fetch TweetsÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: no known fix – plugin closed
WooCommerce
Plugin:Â WooCommerceÂ
Vulnerability: Analytics Report Leaks
Patched in Version: 5.7.0
WooCommerce Admin
Plugin:Â WooCommerce AdminÂ
Vulnerability: Analytics Report Leaks
Patched in Version: 2.6.0
Cookie Bar
Plugin:Â Cookie BarÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: no known fix – plugin closed
WP User Manager
Plugin:Â WP User ManagerÂ
Vulnerability: Arbitrary User Password Reset to Account Compromise
Patched in Version: 2.6.3
Easy Media Download
Plugin:Â Easy Media Download
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.1.7
3DPrint Lite
Plugin:Â 3DPrint Lite
Vulnerability: Unauthenticated Arbitrary File Upload
Patched in Version: no known fix – plugin closed
iQ Block Country
Plugin:Â iQ Block Country
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.2.12
WordPress Popular Posts
Plugin:Â WordPress Popular PostsÂ
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 5.3.4