This WP Security Roundup shows the latest WordPress vulnerabilities including LiteSpeed Cache, The Plus Addons for Elementor Pro, Slick Popup and more!
Plugin: Finale Lite
Vulnerability: Arbitrary Content Deletion vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: WooODT Lite
Vulnerability: Arbitrary Site Option Update vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: The Plus Addons for Elementor Pro
Vulnerability: Unauthenticated Local File Inclusion vulnerability
Patched Version: 5.2.9
Recommended Action: Update the WordPress The Plus Addons for Elementor Pro plugin to the latest available version (at least 5.2.9).
Plugin: Linker
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Slick Popup
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.7.15
Recommended Action: Update the WordPress Slick Popup plugin to the latest available version (at least 1.7.15).
Plugin: ImageLinks Interactive Image Builder
Vulnerability: SQL Injection vulnerability
Patched Version: 1.6.0
Recommended Action: Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version (at least 1.6.0).
Plugin: WooCommerce – Store Exporter
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.2.1
Recommended Action: Update the WordPress WooCommerce – Store Exporter plugin to the latest available version (at least 2.7.2.1).
Plugin: Grid Plus
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: GD Security Headers
Vulnerability: Auth. SQL Injection (SQLi) vulnerability
Patched Version: 1.7.1
Recommended Action: Update the WordPress GD Security Headers plugin to the latest available version (at least 1.7.1).
Plugin: Shortcode Menu
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: FareHarbor for WordPress
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.6.8
Recommended Action: Update the WordPress FareHarbor for WordPress plugin to the latest available version (at least 3.6.8).
Plugin: Jquery news ticker
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.1
Recommended Action: Update the WordPress Jquery news ticker plugin to the latest available version (at least 3.1).
Plugin: Superb slideshow gallery
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 13.2
Recommended Action: Update the WordPress Superb slideshow gallery plugin to the latest available version (at least 13.2).
Plugin: Wp photo text slider 50
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.1
Recommended Action: Update the WordPress Wp photo text slider 50 plugin to the latest available version (at least 8.1).
Plugin: WP fade in text news
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress WP fade in text news plugin to the latest available version (at least 12.1).
Plugin: Popup with fancybox
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.6
Recommended Action: Update the WordPress Popup with fancybox plugin to the latest available version (at least 3.6).
Plugin: Vertical Marquee Plugin
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 7.2
Recommended Action: Update the WordPress Vertical Marquee Plugin plugin to the latest available version (at least 7.2).
Plugin: Wp anything slider
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.2
Recommended Action: Update the WordPress Wp anything slider plugin to the latest available version (at least 9.2).
Plugin: Information Reel
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 10.1
Recommended Action: Update the WordPress Information Reel plugin to the latest available version (at least 10.1).
Plugin: Left right image slideshow gallery
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Left right image slideshow gallery plugin to the latest available version (at least 12.1).
Plugin: Image horizontal reel scroll slideshow
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.1
Recommended Action: Update the WordPress Image vertical reel scroll slideshow plugin to the latest available version (at least 9.1).
Plugin: Jquery accordion slideshow
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.2
Recommended Action: Update the WordPress Jquery accordion slideshow plugin to the latest available version (at least 8.2).
Plugin: Up down image slideshow gallery
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Up down image slideshow gallery plugin to the latest available version (at least 12.1).
Plugin: wp image slideshow
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress wp image slideshow plugin to the latest available version (at least 12.1).
Plugin: Message ticker
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.3
Recommended Action: Update the WordPress Message ticker plugin to the latest available version (at least 9.3).
Plugin: Ads by datafeedr.com
Vulnerability: Unauthenticated Limited Remote Code Execution vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Advanced Booking Calendar
Vulnerability: Authenticated SQL Injection vulnerability
Patched Version: 3.2.12
Recommended Action: Update the WordPress Advanced Booking Calendar plugin to the latest available version (at least 3.2.12).
Plugin: Live updates from Excel
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: idbbee
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: iframe forms
Vulnerability: Authenticated Stored Cross-Site Scripting via iframe Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: HTML filter and csv-file search
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8).
Plugin: HTML filter and csv-file search
Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8).
Plugin: Image Regenerate & Select Crop
Vulnerability: Sensitive Data Exposure via Log File vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress Image Regenerate & Select Crop plugin to the latest available version (at least 7.3.1).
Plugin: Bellows Accordion Menu
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.4.3
Recommended Action: Update the WordPress Bellows Accordion Menu plugin to the latest available version (at least 1.4.3).
Plugin: PHP to Page
Vulnerability: Authenticated Local File Inclusion to Remote Code Execution via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Simple Shortcodes
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Simple Galleries
Vulnerability: Authenticated PHP Object Injection vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Google Maps made Simple
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Related Products for WooCommerce
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Grid Plus
Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Weather Atlas Widget
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Seraphinite Accelerator
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 2.20.32
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.32).
Plugin: Accordion
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.7
Recommended Action: Update the WordPress Accordion plugin to the latest available version (at least 2.7).
Plugin: Giveaways and Contests by RafflePress
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.12.2
Recommended Action: Update the WordPress Giveaways and Contests by RafflePress plugin to the latest available version (at least 1.12.2).
Plugin: Buzzsprout Podcasting
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8.5
Recommended Action: Update the WordPress Buzzsprout Podcasting plugin to the latest available version (at least 1.8.5).
Plugin: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer
Vulnerability: Unauthenticated Arbitrary Option Deletion vulnerability
Patched Version: 2.24.18
Recommended Action: Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.24.18).
Plugin: Assistant – Every Day Productivity Apps
Vulnerability: Auth. Server-Side Request Forgery (SSRF) vulnerability
Patched Version: 1.4.4
Recommended Action: Update the WordPress Assistant plugin to the latest available version (at least 1.4.4).
Plugin: Bonus for Woo
Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 5.8.3
Recommended Action: Update the WordPress Bonus for Woo plugin to the latest available version (at least 5.8.3).
Plugin: PubyDoc
Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Magic Embeds
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Seraphinite Accelerator
Vulnerability: Reflected Cross-Site Scripting vulnerability
Vulnerability: Open Redirect vulnerability
Patched Version: 2.20.29
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.29).
Plugin: Article analytics
Vulnerability: Unauthenticated SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Post Popup
Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Post Meta Data Manager
Vulnerability: Missing Authorization to User, Term, and Post Meta Deletion vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).
Plugin: Post Meta Data Manager
Vulnerability: Missing Authorization to Privilege Escalation vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).
Plugin: TK Google Fonts GDPR Compliant
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.2.12
Recommended Action: Update the WordPress TK Google Fonts GDPR Compliant plugin to the latest available version (at least 2.2.12).
Plugin: 404 Solution
Vulnerability: Authenticated (Administrator+) SQL Injection via orderby vulnerability
Patched Version: 2.34.0
Recommended Action: Update the WordPress 404 Solution plugin to the latest available version (at least 2.34.0).
Plugin: Fathom Analytics
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Patched Version: 3.1.0
Recommended Action: Update the WordPress Fathom Analytics plugin to the latest available version (at least 3.1.0).
Plugin: WP EXtra
Vulnerability: Missing Authorization to Arbitrary Email Sending vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).
Plugin: VK Blocks
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Block vulnerability
Patched Version: 1.64.0.0
Recommended Action: Update the WordPress VK Blocks plugin to the latest available version (at least 1.64.0.0).
Plugin: ICS Calendar
Vulnerability: SSRF and Arbitrary File Read vulnerability
Patched Version: 10.12.0.4
Recommended Action: Update the WordPress ICS Calendar plugin to the latest available version (at least 10.12.0.4).
Plugin: Reusable Text Blocks
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: NinjaTeam Live Chat (Messenger API)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: BSK PDF Manager
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress BSK PDF Manager plugin to the latest available version (at least 3.4.2).
Plugin: Advanced Menu Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Form Builder
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Pre-Orders for WooCommerce
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.14
Recommended Action: Update the WordPress Pre-Orders for WooCommerce plugin to the latest available version (at least 1.2.14).
Plugin: WP Font Awesome
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Delete Me
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: MomentoPress for Momento360
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress MomentoPress for Momento360 plugin to the latest available version (at least 1.0.2).
Plugin: Very Simple Google Maps
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.9.1
Recommended Action: Update the WordPress Very Simple Google Maps plugin to the latest available version (at least 2.9.1).
Plugin: LiteSpeed Cache
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 5.7
Recommended Action: Update the WordPress LiteSpeed Cache plugin to the latest available version (at least 5.7).
Plugin: Current Menu Item for Custom Post Types
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.6
Recommended Action: Update the WordPress Current Menu Item for Custom Post Types plugin to the latest available version (at least 1.6).
Plugin: Alter
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: EasyRecipe
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Auto Limit Posts Reloaded
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Feather Login Page
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.1.4
Recommended Action: Update the WordPress Feather Login Page plugin to the latest available version (at least 1.1.4).
Plugin: Auto Excerpt everywhere
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Original texts Yandex WebMaster
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP Knowledgebase
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 8, 2023 and is not available for download. This closure is temporary, pending a full review.
Plugin: Thumbnail carousel slider
Vulnerability: Cross-Site Request Forgery to Mass Slider Deletion vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail carousel slider plugin to the latest available version (at least 1.0.1).
Plugin: Thumbnail Slider With Lightbox
Vulnerability: Cross-Site Request Forgery to Arbitrary File Upload vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail Slider With Lightbox plugin to the latest available version (at least 1.0.1).
Plugin: Neon text
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Neon text plugin to the latest available version (at least 1.2).
Plugin: News & Blog Designer Pack – WordPress Blog Plugin
Vulnerability: Unauthenticated Remote Code Execution via Local File Inclusion vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version (at least 3.4.2).
Plugin: Animated Counters
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress Animated Counters plugin to the latest available version (at least 1.8).
Plugin: Deeper Comments
Vulnerability: Authenticated Settings Change Vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WordPress CTA
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Download CloudNet360
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: SAHU TikTok Pixel for E-Commerce
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Export WP Page to Static HTML/CSS
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Medialist
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.4.0
Recommended Action: Update the WordPress Medialist plugin to the latest available version (at least 1.4.0).
Plugin: kk Star Ratings
Vulnerability: Broken Access Control vulnerability
Patched Version: 5.4.6
Recommended Action: Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6).
Plugin: WCP OpenWeather
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Generate Dummy Posts
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Custom Header Images
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: YITH WooCommerce Product Add-Ons
Vulnerability: Broken Access Control vulnerability
Patched Version: 4.2.1
Recommended Action: Update the WordPress YITH WooCommerce Product Add-Ons plugin to the latest available version (at least 4.2.1).
Plugin: Custom My Account for Woocommerce
Vulnerability: CSRF to XSS vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Glossary
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: My Shortcodes
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Product Recommendation Quiz for eCommerce
Vulnerability: Broken Access Control vulnerability
Patched Version: 2.2.0
Recommended Action: Update the WordPress Product Recommendation Quiz for eCommerce plugin to the latest available version (at least 2.2.0).
Plugin: Admin and Site Enhancements (ASE)
Vulnerability: Password Protected View Bypass Vulnerability vulnerability
Patched Version: 5.8.0
Recommended Action: Update the WordPress Admin and Site Enhancements (ASE) plugin to the latest available version (at least 5.8.0).
Plugin: Remove Add to Cart WooCommerce
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: WP Word Count
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: WP Simple HTML Sitemap
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Simple User Listing
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Ni WooCommerce Sales Report
Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: FLOWFACT WP Connector
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Autolinks Manager
Vulnerability: Multiple Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.10.05
Recommended Action: Update the WordPress Autolinks Manager plugin to the latest available version (at least 1.10.05).
Plugin: Parcel Pro
Vulnerability: Open Redirection vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Groundhogg
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.11.11
Recommended Action: Update the WordPress Groundhogg plugin to the latest available version (at least 2.7.11.11).
Plugin: WP EXtra
Vulnerability: Remote Code Execution (RCE) vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).
Plugin: WPPizza
Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.18.3
Recommended Action: Update the WordPress WPPizza plugin to the latest available version (at least 3.18.3).
Plugin: User Avatar
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: DeepL Pro API translation
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Spider Facebook
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: Category SEO Meta Tags
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.
Plugin: VK Filter Search
Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.3.2
Recommended Action: Update the WordPress VK Filter Search plugin to the latest available version (at least 2.3.2).