WordPress Vulnerability Report — July 10, 2024

Since last week, 182 new vulnerabilities emerged in the WordPress ecosystem including 23 in themes and 159 in plugins. 59 of the vulnerable plugins and themes remain unpatched.

Along with poor user account security, vulnerable plugins & themes are one of the main reasons WordPress websites get hacked, so run those updates

Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

WordPress Core

No vulnerabilities disclosed!

WordPress Themes

Themes With No Fix/Patch Available

Disclosed vulnerability(ies) have not yet been patched. You should switch the theme if no fix is forthcoming.

  • zBench
  • Boot Store
  • Counterpoint

Themes With A Fix/Patch Available

Disclosed vulnerability(ies) have been patched. You should update to the latest version.

  • Ashe
  • Bakes And Cakes
  • Bard
  • Blocksy
  • Business One Page
  • Construction Landing Page
  • Hestia
  • Highlight
  • Lawyer Landing Page
  • Metro Magazine
  • Newsmatic
  • Posterity
  • Rara Business
  • Rife Free
  • Trendy News
  • Basil
  • BookYourTravel
  • Himer
  • Woffice

WordPress Plugins

Plugins With No Fix/Patch Available

Disclosed vulnerability(ies) have not yet been patched. You should deactivate the plugin(s).

  • Social Media Share Buttons & Social Sharing Icons
  • Meks Easy Ads Widget
  • WPJAM Basic
  • Ultimate WordPress Auction Plugin
  • CC & BCC for Woocommerce Order Emails
  • nicen-localize-image
  • OpenStreetMap for Gutenberg and WPBakery Page Builder
  • Tooltip for Gravity Forms
  • WPFavicon
  • Leaky Paywall
  • Quiz | Survey | Exam | Questionnaire | Feedback
  • Taager
  • Weight Tracker
  • Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction
  • Link To Bible
  • Amelia Shortcode Extended
  • WS Theme Addons
  • Canvas-Nest.js
  • Logic Hop
  • Meal Tracker
  • Contact Form by TotalForm
  • WS Contact Form
  • Easy Speedup by PageCDN
  • WebSitter Pro
  • Magic Conversation For Gravity Forms
  • Field Day
  • Livemesh Addons for Elementor
  • ADDRESSYA
  • alfred24 Click & Collect
  • Alfred Easy Shipping
  • CommandBar for WP Admin
  • Digital River Global Commerce
  • Easy Custom Code (LESS/CSS/JS)
  • Floating Social Buttons
  • Floating Social Media Links
  • Responsive Image Gallery, Gallery Album
  • Ideaplus
  • Image Hover Effects – Caption Hover with Carousel
  • Jobs.af
  • Login Logo Editor
  • Mine Video Player
  • Get Better Reviews for WooCommerce
  • Save as PDF plugin by Pdfcrowd
  • Simple Social Share
  • Simply Show Hooks
  • sitetweet
  • Elementor Addons, Widgets and Enhancements
  • Template Kit – Export
  • Testimonials Widget
  • UltraAddons Elementor Lite
  • Viva Payments
  • WordPress Notification Bar
  • wp-code-highlightjs
  • WP Cookie Law Info
  • WP To Do

Plugins With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • CElementor Header & Footer Builder
  • Rank Math SEO
  • Ninja Forms
  • Spectra – WordPress Gutenberg Blocks
    Premium Addons for Elementor
  • The Events Calendar
  • Ocean Extra
  • Gutenberg
  • Beaver Builder
  • The Plus Addons for Elementor
  • WooCommerce
  • Nested Pages
  • Featured Image from URL (FIFU)
  • LearnPress – WordPress LMS Plugin
  • Paid Memberships Pro
  • The Post Grid
  • Booking for Appointments and Events Calendar – Amelia
  • Media Library Assistant
  • Form Maker by 10Web
  • Sina Extension for Elementor
  • Ultimate Blocks
  • Pixel Manager for WooCommerce
  • Quiz and Survey Master (QSM)
  • WP Lightbox 2
  • Apollo13 Framework Extensions
  • Void Contact Form 7 Widget For Elementor Page Builder
  • Cost Calculator Builder
  • Easy Google Maps
  • Rife Elementor Extensions & Templates
  • weForms
  • WP User Frontend
  • Donation Forms by Charitable
  • AI Power: Complete AI Pack – Powered by GPT-4
  • LA-Studio Element Kit for Elementor
  • Mega Elements – Addons for Elementor
  • Simple Newsletter Plugin
  • NEX-Forms
  • Swift Performance Lite
  • Product Customer List for WooCommerce
  • Word Balloon
  • Event Manager, Events Calendar, Tickets, Registrations
  • Motors – Car Dealer, Classifieds & Listing
  • Tablesome
  • WordPress Sentry
  • YITH WooCommerce Affiliates
  • Youzify
  • ProfileGrid
  • Ultimate Bootstrap Elements for Elementor
  • WPCafe
  • Snippet Shortcodes
  • AWSM Team – Team Showcase Plugin
  • bbPress Notify (No-Spam)
  • Popup Builder
  • Advanced Classifieds & Directory Pro
  • FileBird Document Library
  • HelloAsso
  • IMGspider
  • ShopBuilder
  • CRM Perks Forms
  • EazyDocs
  • MakeCommerce for WooCommerce
  • Online Booking & Scheduling Calendar for WordPress by vcita
  • One Click Order Re-Order
  • Premium Blocks
  • YAHMAN Add-ons
  • Church Admin
  • IdeaPush
  • Newspack Newsletters
  • Post Meta Data Manager
  • SuperSaaS
  • Zephyr Project Manager
  • Comment Reply Email
  • ShipAny WooCommerce: Ship, Label, Tracking
  • Integration for Luminate and Gravity Forms
  • Qualified Electronic Signatures by eID Easy
  • BLAZE Retail Widget
  • Contact Form 7 Multi-Step Addon
  • XPlainer
  • JetThemeCore
  • Modern Events Calendar
  • Modern Events Calendar Lite
  • Newspack Ads
  • Newspack Content Converter
  • Newspack Campaigns
  • PayPlus Payment Gateway
  • Social Warfare
  • Ultimate Addons for Elementor
  • Woffice Core
  • WooCommerce Social Login
  • CopySafe Web Protection
  • WP Directory Kit
  • WPQA – Builder forms Addon

Looking for peace of mind and less tech stress?​

Security, performance, backups, privacy, and much more – the list of tasks needed to keep your website performing at its peak can seem overwhelming and time-consuming.

Signup for one of our website care/management plans and get a tech-savvy team who are committed to your business.

Never worry about your website again.

Let Us Help You

How Do I Update WordPress?

Run a full backups of your website using the backup plugin you have installed -or- using the backup feature your web host provides.

Ideally you test major functions – like ecommerce, elearning, membership functionality on a staging server first. If you site is “heavily” customized, you should also test in a staging environgment first.

Perform your updates in the order of WordPress – Theme(s) – Plugin(s). Ideally you are making note of the before and after versions.

After completed, perform a visual inspection of your site and test critical functionality that may have been affected – contact forms, subscription buttons, purchasing etc.