WordPress Vulnerability Report — January 17, 2024

In this report, 77 new vulnerabilities have been publicly disclosed. Security patches for 61 of these plugins and one theme are available as of the publishing of this report.

Vulnerable plugins & themes are one of the main reasons WordPress websites get hacked, so run those updates!

Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

WordPress Core

Woot! No new core vulnerabilities were disclosed this week.

WordPress Themes

Woot! No new theme vulnerabilities were disclosed this week.

WordPress Plugins

Plugins With No Fix/Patch Available

The vulnerability(ies) have not been patched. You should deactivate the plugin(s).

  • Seraphinite Accelerator
  • WordPress Manutenção
  • Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
  • Constant Contact Forms by MailMunch
  • Revolut Gateway for WooCommerce
  • Shortcodes Finder
  • Word Replacer Pro
  • Beds24 Online Booking
  • Advanced Flamingo
  • CformsII
  • Contact Form 7 Extension For Mailchimp
  • Easy SVG Allow
  • Voting Record
  • WP Smart Editor
  • WP Social Bookmark Menu

Plugins With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • ElementsKit Elementor addons
  • Hostinger
  • WPS Hide Login
  • The Events Calendar
  • LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
  • Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
  • Metform Elementor Contact Form Builder
    POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure
  • Notifications
  • PDF Invoices & Packing Slips for WooCommerce
    Orbit Fox by ThemeIsle
  • Contact Form 7 – Dynamic Text Extension
    Download Monitor
  • Gallery Plugin for WordPress – Envira Photo Gallery
    Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
  • List category posts
  • Schema & Structured Data for WP & AMP
    Plugin for Google Reviews
  • Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
  • Email Encoder – Protect Email Addresses and Phone Numbers
  • Advanced Woo Search
  • Customer Reviews for WooCommerce
  • AI Engine: Chatbots, Generators, Assistants, GPT 4 and more
  • RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
  • Order Export & Order Import for WooCommerce
    User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
  • OneClick Chat to Order
  • Index Now
  • MailerLite – WooCommerce integration
  • Swift SMTP (formerly Welcome Email Editor)
  • Woocommerce Vietnam Checkout
  • WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
  • Contact Form 7 Connector
  • EventON
  • RabbitLoader
  • WP Testimonials
  • WP Spell Check
  • Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list
  • WordPress Live Chat Plugin for WooCommerce – LiveChat
  • Football Pool
  • GD Rating System
  • InstaWP Connect – 1-click WP Staging & Migration
  • TNC PDF viewer
  • Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce
  • WP Register Profile With Shortcode
  • Seraphinite Alternative Slugs Manager
  • Email Newsletter
  • EventON Pro
  • MaxButtons
  • Oxygen Builder
  • Profile Builder Pro

Looking for peace of mind and less tech stress?​

Security, performance, backups, privacy, and much more – the list of tasks needed to keep your website performing at its peak can seem overwhelming and time-consuming.

Signup for website management and get a tech-savvy team who are committed to your business.

Never worry about your website again.

Let Us Help You

How Do I Update WordPress?

Run a full backups of your website using the backup plugin you have installed -or- using the backup feature your web host provides.

Ideally you test major functions – like ecommerce, elearning, membership functionality on a staging server first. If you site is “heavily” customized, you should also test in a staging environgment first.

Perform your updates in the order of WordPress – Theme(s) – Plugin(s). Ideally you are making note of the before and after versions.

After completed, perform a visual inspection of your site and test critical functionality that may have been affected – contact forms, subscription buttons, purchasing etc.