WordPress Vulnerability Report — February 7, 2024

In this report, 158 new vulnerabilities have been publicly disclosed. Security patches for 119 of these plugins and 1 theme are available as of the publishing of this report.

Vulnerable plugins & themes are one of the main reasons WordPress websites get hacked, so run those updates!

Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

WordPress Core

Woot! No new core vulnerabilities were disclosed this week.

WordPress Themes

Themes With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • Blocksy

WordPress Plugins

Plugins With No Fix/Patch Available

The vulnerability(ies) have not been patched. You should deactivate the plugin(s).

  • MW WP Form
  • ACF Photo Gallery Field
  • Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
  • Email Before Download
  • Page Restrict
  • Load More Anything
  • MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
  • OWL Carousel – WordPress Owl Carousel Slider
  • Debug
  • Don’t Muck My Markup
  • Ultra Companion – Companion plugin for WPoperation Themes
  • Accessibility
  • PilotPress
  • Cincopa video and media plug-in
  • Scheduling Plugin – Online Booking for WordPress
  • CC BMI Calculator
  • Click To Tweet
  • ERE Recently Viewed – Essential Real Estate Add-On
  • W3SPEEDSTER
  • WP-CFM
  • Wp-Adv-Quiz
  • A no-code page builder for beautiful performance-based content
  • Autotitle for WordPress
  • CalculatorPro Calculators
  • Coupon Referral Program
  • Custom User CSS
  • Scroll Triggered Box
  • JTRT Responsive Tables
  • Mighty Addons for Elementor
  • Order Delivery Date for WP e-Commerce
  • Persian Fonts
  • Popup More Popups
  • Post Thumbnail Editor
  • PT Sign Ups
  • Quicksand Post Filter jQuery Plugin
  • WordPress Toolbar

Plugins With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
  • Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
  • Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
  • TablePress – Tables in WordPress made easy
  • Premium Addons for Elementor
  • SiteOrigin Widgets Bundle
  • Admin Menu Editor
  • Happy Addons for Elementor
  • Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
  • Backuply – Backup, Restore, Migrate and Clone
  • Cloudflare
  • Page Builder: Pagelayer – Drag and Drop website builder
  • SEO Plugin by Squirrly SEO
  • Orbit Fox by ThemeIsle
  • Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
  • Elementor Addon Elements
  • Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid)
  • Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider)
  • Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
  • Minimal Coming Soon – Coming Soon Page
  • Relevanssi – A Better Search
  • The Plus Addons for Elementor
  • Cookie Information | Free GDPR Consent Solution
  • SlimStat Analytics
  • WP STAGING WordPress Backup Plugin – Migration Backup Restore
  • Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
  • Advanced iFrame
  • Calculated Fields Form
  • Database for Contact Form 7, WPforms, Elementor forms
  • Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
  • Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)
  • Exclusive Addons for Elementor
  • RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube
  • Video Feeds Aggregator
  • MapPress Maps for WordPress
  • Shariff Wrapper
  • Starbox – the Author Box for Humans
  • Shield Security – Smart Bot Blocking & Intrusion Prevention Security
  • WooCommerce Conversion Tracking
  • WP 404 Auto Redirect to Similar Post
  • Apollo13 Framework Extensions
  • Feed Them Social – Page, Post, Video, and Photo Galleries
  • Html5 Video Player – mp4 player, Video Player for WordPress
  • Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
  • Structured Content (JSON-LD) #wpsc
  • BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
  • WP Dashboard Notes
  • Meks Smart Social Widget
  • WordPress Simple Shopping Cart
  • WP Visitor Statistics (Real Time Traffic)
  • Affiliates Manager
  • Awesome Support – WordPress HelpDesk & Support Plugin
  • Booking Calendar | Appointment Booking | BookIt
  • Knowledge Base for Documentation, FAQs with AI Assistance
  • Link Library
  • NEX-Forms – Ultimate Form Builder – Contact forms and much more
  • WordPress Review & Structure Data Schema Plugin – Review Schema
  • Wonder Slider Lite
  • Woocommerce Vietnam Checkout
  • Woostify Sites Library
  • Product Labels For Woocommerce (Sale Badges)
  • FG Joomla to WordPress
  • WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
  • Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
  • Fatal Error Notify
  • GDPR Data Request Form
  • Themify Builder
  • ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
  • Contact Form 7 Connector
  • WOLF – WordPress Posts Bulk Editor and Manager Professional
  • PopupAlly
  • ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks
  • WP Dummy Content Generator
  • Advanced Forms for ACF
  • Auto Listings – Car Listings & Car Dealership Plugin for WordPress
  • (Simply) Guest Author Name
  • Beds24 Online Booking
  • EventPrime – Events Calendar, Bookings and Tickets
  • Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
  • PropertyHive
  • SP Project & Document Manager
  • Add Customer for WooCommerce
  • Anonymous Restricted Content
  • Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
  • Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
  • Polls CP
  • FG Drupal to WordPress
  • FG PrestaShop to WooCommerce
  • Five Star Restaurant Reviews
  • Heateor Social Login WordPress
  • Icons Font Loader
  • Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
  • Restrict Usernames Emails Characters
  • WP Club Manager – WordPress Sports Club Plugin
  • Chartify – WordPress Chart Plugin
  • Portugal CTT Tracking for WooCommerce
  • Wp-Adv-Quiz
  • Allow SVG
  • coreActivity: Activity Logging plugin for WordPress
  • EventON Pro
  • PowerPack Pro for Elementor
  • Relevanssi Premium
  • LearnDash LMS
  • Userpro
  • WooCommerce Box Office

Looking for peace of mind and less tech stress?​

Security, performance, backups, privacy, and much more – the list of tasks needed to keep your website performing at its peak can seem overwhelming and time-consuming.

Signup for website management and get a tech-savvy team who are committed to your business.

Never worry about your website again.

Let Us Help You

How Do I Update WordPress?

Run a full backups of your website using the backup plugin you have installed -or- using the backup feature your web host provides.

Ideally you test major functions – like ecommerce, elearning, membership functionality on a staging server first. If you site is “heavily” customized, you should also test in a staging environgment first.

Perform your updates in the order of WordPress – Theme(s) – Plugin(s). Ideally you are making note of the before and after versions.

After completed, perform a visual inspection of your site and test critical functionality that may have been affected – contact forms, subscription buttons, purchasing etc.