Plugin: LearnPress
Vulnerability: Other Vulnerability Type
Patched Version: 4.1.5
Recommended Action: Update the WordPress LearnPress plugin to the latest available version (at least 4.1.5).
Plugin: WP RSS Aggregator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.20
Recommended Action: Update the WordPress WP RSS Aggregator plugin to the latest available version (at least 4.20).
Plugin: StatCounter
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.7
Recommended Action: Update the WordPress StatCounter plugin to the latest available version (at least 2.0.7).
Plugin: WP Accessibility Helper (WAH)
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.6.0.7
Recommended Action: Update the WordPress WP Accessibility Helper (WAH) plugin to the latest available version (at least 0.6.0.7).
Plugin: WP Responsive Menu
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.7.1
Recommended Action: Update the WordPress WP Responsive Menu plugin to the latest available version (at least 3.1.7.1).
Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).
Plugin: Embed Swagger
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Simple Membership
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.0.9
Recommended Action: Update the WordPress Simple Membership plugin to the latest available version (at least 4.0.9).
Plugin: AdSanity
Vulnerability: Other Vulnerability Type
Patched Version: 1.8.2
Recommended Action: Update the WordPress AdSanity premium plugin to the latest available version (at least 1.8.2). Vulnerability author note: new version doesn’t allow Contributor users to upload files but still allows Author+ users to do so, therefore if you have Author users registered on your blog, you may exercise extreme caution.
Plugin: AP Custom Testimonial
Vulnerability: SQL Injection
Patched Version: 1.4.8
Recommended Action: Update the WordPress AP Custom Testimonial plugin to the latest available version (at least 1.4.8).
Plugin: AP Custom Testimonial
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.8
Recommended Action: Update the WordPress AP Custom Testimonial plugin to the latest available version (at least 1.4.8).
Plugin: AccessPress Parallax
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.
Plugin: Accesspress Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: AccessPress Store
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Zigcy Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Enlighten
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Accesspress Mag
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: StoreVilla
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Punte
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Accesspress Basic
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: AccessPress Root
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Construction Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: VMagazine Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: ParallaxSome
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: FotoGraphy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: VMag
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Uncode Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Bingle
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: The Launcher
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: ScrollMe
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Agency Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Swing Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Vmagazine News
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Bloger
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Revolve
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Ripple
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Zigcy Cosmetics
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: The Monday
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Zigcy Baby
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Doko
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Sakala
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Edict Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: The100
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: WP Store
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Eight Sec
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: EightLaw Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Eightmedi Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: EightStore Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Brovy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: WPparallax
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Arrival
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Ultra Seven
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Opstore
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.
Plugin: Ad Inserter
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.10
Recommended Action: Update the WordPress Ad Inserter plugin to the latest available version (at least 2.7.10).
Plugin: Anti-Malware Security and Brute-Force Firewall
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.20.94
Recommended Action: Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version (at least 4.20.94).
Plugin: Popup Builder
Vulnerability: Local File Inclusion
Patched Version: 4.0.7
Recommended Action: Update the WordPress Popup Builder plugin to the latest available version (at least 4.0.7).
Plugin: Popup Builder
Vulnerability: SQL Injection
Patched Version: 4.0.7
Recommended Action: Update the WordPress Popup Builder plugin to the latest available version (at least 4.0.7).
Plugin: Advanced Database Cleaner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.4
Recommended Action: Update the WordPress Advanced Database Cleaner plugin to the latest available version (at least 3.0.4).
Plugin: Database Backup for WordPress
Vulnerability: SQL Injection
Patched Version: 2.5.1
Recommended Action: Update the WordPress Database Backup for WordPress plugin to the latest available version (at least 2.5.1).
Plugin: Access Demo Importer
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. No patched version is available. The vendor doesn’t respond to all communication attempts.
Plugin: Access Demo Importer
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. No patched version is available. The vendor doesn’t respond to all communication attempts.
Plugin: Coming soon and Maintenance mode
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.6.8
Recommended Action: Update the WordPress Coming soon and Maintenance mode plugin to the latest available version (at least 3.6.8).
Plugin: Coming soon and Maintenance mode
Vulnerability: Other Vulnerability Type
Patched Version: 3.6.7
Recommended Action: Update the WordPress Coming soon and Maintenance mode plugin to the latest available version (at least 3.6.7).
Plugin: Catch Web Tools
Vulnerability: Other Vulnerability Type
Patched Version: 2.7.1
Recommended Action: Update the WordPress Catch Web Tools plugin to the latest available version (at least 2.7.1).
Plugin: WP Debugging
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.11.7
Recommended Action: Update the WordPress WP Debugging plugin to the latest available version (at least 2.11.7).
Plugin: WP Debugging
Vulnerability: Other Vulnerability Type
Patched Version: 2.11.7
Recommended Action: Update the WordPress WP Debugging plugin to the latest available version (at least 2.11.7).
Plugin: Duplicate Page or Post
Vulnerability: Other Vulnerability Type
Patched Version: 1.5.1
Recommended Action: Update the WordPress Duplicate Page or Post plugin to the latest available version (at least 1.5.1).
Plugin: Float menu
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.3.1
Recommended Action: Update the WordPress Float menu plugin to the latest available version (at least 4.3.1).
Plugin: Ad Inserter Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.10
Recommended Action: Update the WordPress Ad Inserter Pro premium plugin to the latest available version (at least 2.7.10).
Plugin: Classic Editor Addon
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.6.4
Recommended Action: Update the WordPress Classic Editor Addon plugin to the latest available version (at least 2.6.4).
Plugin: Classic Editor Addon
Vulnerability: Other Vulnerability Type
Patched Version: 2.6.4
Recommended Action: Update the WordPress Classic Editor Addon plugin to the latest available version (at least 2.6.4).
Plugin: Lean WP
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request.
Plugin: Lean WP
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request.
Plugin: ExportFeed: List WooCommerce Products on eBay Store
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 22, 2021 and is not available for download. Reason: Security Issue.
Plugin: Zero Spam
Vulnerability: SQL Injection
Patched Version: 5.2.10
Recommended Action: Update the WordPress Zero Spam plugin to the latest available version (at least 5.2.10).
Plugin: WOOCS – WooCommerce Currency Switcher
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.7.5
Recommended Action: Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version (at least 1.3.7.5).
Plugin: AnyComment
Vulnerability: Other Vulnerability Type
Patched Version: 0.2.18
Recommended Action: Update the WordPress AnyComment plugin to the latest available version (at least 0.2.18).
Plugin: AnyComment
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 0.2.18
Recommended Action: Update the WordPress AnyComment plugin to the latest available version (at least 0.2.18).
Plugin: Shield Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.0.6
Recommended Action: Update the WordPress Shield Security plugin to the latest available version (at least 13.0.6).