WordPress Vulnerability Report — March 6, 2024

In this report, 126 new vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and 1 theme are available as of the publishing of this report.

Vulnerable plugins & themes are one of the main reasons WordPress websites get hacked, so run those updates!

Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

WordPress Core

Woot! No new core vulnerabilities were disclosed this week.

WordPress Themes

Themes With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • Avada
  • Yuki

Themes With No Fix/Patch Available

The vulnerability(ies) have not been patched. You should deactivate the theme.
  • Atahualpa

WordPress Plugins

Plugins With No Fix/Patch Available

The vulnerability(ies) have not been patched. You should deactivate the plugin(s).

  • Slivery Extender
  • IDonate – blood request management system
  • Adsmonetizer
  • ArtiBot
  • Auto Refresh Single Page
  • BeePress
  • Blue Triad EZAnalytics
  • Change Memory Limit
  • Under Construction / Maintenance Mode from Acurax
  • Configure SMTP
  • Build & Control Block Patterns
  • Custom fields shortcode
  • Download Media
  • Duitku Payment Gateway
  • Easy!Appointments
  • Ebook Store
  • Conversios.io
  • FeedWordPress
  • Fontific | Google Fonts
  • Gestpay for WooCommerce
  • Maintenance Mode by helderk
  • JM Twitter Cards
  • Marketing Optimizer
  • Master Slider
  • Media Alt Renamer
  • WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
  • Page Builder Sandwich – Front-End Page Builder
  • Page Restrict
  • Password Protected Store for WooCommerce
  • PayU India
  • postMash – custom post order
  • Restaurant Solutions – Checklist
  • Rolo Slider
  • Simple Tweet
  • Ultimate Bootstrap Elements for Elementor
  • User Shortcodes Plus
  • Vimeography: Vimeo Video Gallery WordPress Plugin
  • Watermark RELOADED
  • WordPress Access Control
  • CodeMirror Blocks
  • WP eCommerce
  • Page Duplicator
  • WP Private Content Plus

Plugins With A Fix/Patch Available

The vulnerability(ies) have been patched. You should update to the latest version.

  • LiteSpeed Cache
  • Complianz – GDPR/CCPA Cookie Consent
  • Premium Addons for Elementor
  • WP Shortcodes Plugin — Shortcodes Ultimate
  • SiteOrigin Widgets Bundle
  • Happy Addons for Elementor
  • Nextend Social Login and Register
  • GenerateBlocks
  • Page Builder: Pagelayer – Drag and Drop website builder
  • Orbit Fox by ThemeIsle
  • Beaver Builder – WordPress Page Builder
  • Download Manager
  • Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
  • Events Manager – Calendar, Bookings, Tickets, and more!
  • WP Show Posts
  • Advanced iFrame
  • AI Engine
  • Booking for Appointments and Events Calendar – Amelia
  • Exclusive Addons for Elementor
  • Visual Composer Website Builder, Landing Page Builder, Custom Theme
  • Builder, Maintenance Mode & Coming Soon Pages
  • Calculated Fields Form
  • Custom Field Suite
  • NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
  • WP Dashboard Notes
  • MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
  • Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
    Restrict User Access – Ultimate Membership & Content Protection
  • Seraphinite Accelerator
  • NextMove Lite – Thank You Page for WooCommerce
  • Easy PayPal & Stripe Buy Now Button
  • WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
  • Wp Social Login and Register Social Counter
  • AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
  • Contact Form 7 – PayPal & Stripe Add-on
  • Envo’s Elementor Templates & Widgets for WooCommerce
  • LifterLMS – WordPress LMS Plugin for eLearning
  • SportsPress – Sports Club & League Manager
  • Smart Forms – when you need more than just a contact form
  • WPvivid Backup for MainWP
  • Finale Lite – Sales Countdown Timer & Discount for WooCommerce
  • SoundCloud Shortcode
  • SMS Alert Order Notifications – WooCommerce
  • Thank You Page Customizer for WooCommerce – Increase Your Sales
  • Coming Soon Page & Maintenance Mode
  • Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
  • Slider Responsive Slideshow – Image slider, Gallery slideshow
  • Spiffy Calendar
  • Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
  • Friends
  • Oliver POS – A WooCommerce Point of Sale (POS)
  • Page Restriction WordPress (WP) – Protect WP Pages/Post
  • Image Optimizer, Resizer and CDN – Sirv
  • Tainacan
  • Comments Extra Fields For Post,Pages and CPT
  • Backup
  • Elementor Pro
  • JobSearch
  • WP Social Widget

Looking for peace of mind and less tech stress?​

Security, performance, backups, privacy, and much more – the list of tasks needed to keep your website performing at its peak can seem overwhelming and time-consuming.

Signup for website management and get a tech-savvy team who are committed to your business.

Never worry about your website again.

Let Us Help You

How Do I Update WordPress?

Run a full backups of your website using the backup plugin you have installed -or- using the backup feature your web host provides.

Ideally you test major functions – like ecommerce, elearning, membership functionality on a staging server first. If you site is “heavily” customized, you should also test in a staging environgment first.

Perform your updates in the order of WordPress – Theme(s) – Plugin(s). Ideally you are making note of the before and after versions.

After completed, perform a visual inspection of your site and test critical functionality that may have been affected – contact forms, subscription buttons, purchasing etc.