WordPress Vulnerability Report — January 10, 2024

In this report, 106 new vulnerabilities have been publicly disclosed. Security patches for 61 of these plugins and one theme are available as of the publishing of this report.

Vulnerable plugins & themes are one of the main reasons WordPress websites get hacked, so run those updates!

Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

WordPress Core

Woot! No new core vulnerabilities were disclosed this week.

WordPress Themes

The vulnerability(ies) have been patched. You should update to the latest version.

  • Weaver Xtreme

WordPress Plugins

Plugins With No Fix/Patch Available

The vulnerability(ies) have not been patched. You should deactivate the plugin(s).

  • Nginx Helper
  • Contact Form 7 Extension For Mailchimp
  • WooCommerce Conversion Tracking
  • Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building
  • Seraphinite Accelerator
  • MailerLite – WooCommerce integration
  • WP Ultimate Review
  • Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
  • RabbitLoader
  • Revolut Gateway for WooCommerce
  • Word Replacer Pro
  • Beds24 Online Booking
  • JS & CSS Script Optimizer
  • Advanced Flamingo
  • Laybuy Payment Extension for WooCommerce
  • Mapster WP Maps
  • Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
  • HTML5 MP3 Player with Playlist Free
  • HTML5 SoundCloud Player with Playlist Free
  • Woocommerce Tranzila Payment Gateway
  • Gecka Terms Thumbnails
  • HTML5 MP3 Player with Folder Feedburner Playlist Free
  • Ads Invalid Click Protection
  • CformsII
  • Coupon Referral Program
  • CPT Bootstrap Carousel
  • Easy SVG Allow
  • 1 click disable all
  • Footer Putter
  • Ideal Interactive Map
  • Infogram
  • Keap Official Opt-in Forms
  • Page Builder: Live Composer
  • oEmbed Gist
  • Posts to Page
  • Private Google Calendars
  • pTypeConverter
  • Randomize
  • Site Notes
  • TJ Shortcodes
  • WordPress Users
  • WP Plugin Lister
  • WP Social Bookmark Menu

Plugins With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • WooCommerce
  • MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)
  • ElementsKit Elementor addons
  • Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
  • Hostinger
  • LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
  • Happy Addons for Elementor
  • OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy
  • Metform Elementor Contact Form Builder
  • POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
  • POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
  • POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
  • Orbit Fox by ThemeIsle
  • Download Monitor
  • Gallery Plugin for WordPress – Envira Photo Gallery
  • Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu)
  • PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
  • WP Job Manager
  • LearnPress – WordPress LMS Plugin
  • Ajax Search Lite
  • Depicter Slider – Responsive Image Slider, Video Slider & Post Slider
  • EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
  • 3D FlipBook – PDF Flipbook WordPress
  • AI Engine: Chatbots, Generators, Assistants, GPT 4 and more!
  • RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
  • MapPress Maps for WordPress
  • WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
  • User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
  • WP 2FA – Two-factor authentication for WordPress
  • Void Contact Form 7 Widget For Elementor Page Builder
  • Constant Contact Forms
  • OneClick Chat to Order
  • Quiz Maker
  • Swift SMTP (formerly Welcome Email Editor)
  • WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
  • WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
  • ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
  • ActivityPub
  • WordPress Live Chat Plugin for WooCommerce – LiveChat
  • Product Delivery Date for WooCommerce – Lite
  • Football Pool
  • GD Rating System
  • TNC PDF viewer
  • Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
  • Rate Star Review – AJAX Reviews for Content, with Star Ratings
  • Booster Elite for WooCommerce
  • Booster Plus for WooCommerce
  • FooGallery Premium
  • Page Builder: Live Composer
  • MaxButtons
  • Oxygen Builder

Looking for peace of mind and less tech stress?​

Security, performance, backups, privacy, and much more – the list of tasks needed to keep your website performing at its peak can seem overwhelming and time-consuming.

Signup for website management and get a tech-savvy team who are committed to your business.

Never worry about your website again.

Let Us Help You

How Do I Update WordPress?

Run a full backups of your website using the backup plugin you have installed -or- using the backup feature your web host provides.

Ideally you test major functions – like ecommerce, elearning, membership functionality on a staging server first. If you site is “heavily” customized, you should also test in a staging environgment first.

Perform your updates in the order of WordPress – Theme(s) – Plugin(s). Ideally you are making note of the before and after versions.

After completed, perform a visual inspection of your site and test critical functionality that may have been affected – contact forms, subscription buttons, purchasing etc.