Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
#1 VDZ Verification
Plugin:Â VDZ Verification
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.4
#2 VDZ CallBack
Plugin:Â VDZ CallBack
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.1.4.6
#3 Wonder PDF Embed
Plugin:Â Wonder PDF EmbedÂ
Vulnerability: Contributor+ Stored XSS
Patched in Version: 1.7
#4 Wonder Video Embed
Plugin:Â Wonder Video EmbedÂ
Vulnerability: Contributor+ Stored XSS
Patched in Version: 1.8
#5 Profile Builder
Plugin:Â Profile BuilderÂ
Vulnerability: Admin Access via Password Reset Bug
Patched in Version: 3.4.9
#6 VikRentCar Car Rental Management System
Plugin:Â VikRentCar Car Rental Management System
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.1.10
#7 YouTube Embed
Plugin:Â YouTube Embed
Vulnerability: Contributor+ Stored XSS
Patched in Version: 5.2.2
#8 My Site Audit
Plugin:Â My Site Audit
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
#9 Social Tape
Plugin:Â Social Tape
Vulnerability: CSRF to Stored XSS
Patched in Version:Â no known fix
#10 Telugu Bible Verse Daily
Plugin:Â Telugu Bible Verse Daily
Vulnerability: CSRF to Stored XSS
Patched in Version:Â no known fix
#11 Verse-O-Matic
Plugin:Â Verse-O-Matic
Vulnerability: CSRF to Stored XSS
Patched in Version:Â no known fix
#12 Custom Login Redirect
Plugin:Â Custom Login Redirect
Vulnerability: CSRF to Stored XSS
Patched in Version:Â no known fix
#13 Light Messages
Plugin:Â Light Messages
Vulnerability: CSRF to Stored XSS
Patched in Version:Â no known fix
#14 Shantz WordPress QOTD
Plugin:Â Shantz WordPress QOTD
Vulnerability: Arbitrary Setting Update via CSRF
Patched in Version:Â no known fix
#15 WP Front Notification Bar
Plugin:Â WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.0.07176
#16 PhoneTrack Menu Site Manager
Plugin:Â PhoneTrack Meu Site Manager
Vulnerability: Authenticated Stored XSS
Patched in Version:Â no known fix
#17 RestroPress
Plugin:Â RestroPress
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.8.3.1
#18 Photo Gallery
Plugin:Â Photo Gallery
Vulnerability: Stored XSS via Uploaded SVG in Zip
Patched in Version: 1.5.79
#19 Mimetic Books
Plugin:Â Mimetic Books
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
#20 Elementor Addon Elements
Plugin:Â Elementor Addon Elements
Vulnerability: CSRF Bypass
Patched in Version: 1.11.8
#22 Cooked Pro
Plugin:Â Cooked Pro
Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
Â
#21 NEX Forms
Plugin:Â NEX Forms
Vulnerability: Authentication Bypass for Excel Reports
Patched in Version: 7.8.8
Â
#22 KN Fix Your Title
Plugin:Â KN Fix Your Title
Vulnerability: Authenticated Stored XSS
Patched in Version:Â no known fix
Â
#23 Cooked Pro
Plugin:Â Cooked Pro
Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
Â
#24 Giveaway
Plugin:Â Giveaway
Vulnerability: Authenticated SQL Injection
Patched in Version:Â no known fix
Â
#25 HM Multiple Roles
Plugin:Â HM Multiple Roles
Vulnerability: Arbitrary Role Change
Patched in Version:Â no known fix
Â
#26 10Web Map Builder for Google Maps
Plugin:Â 10Web Map Builder for Google Maps
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.0.70
Â
#27 Maintenance
Plugin:Â Maintenance
Vulnerability: Authenticated Stored XSS
Patched in Version: 4.03
Â
#28 Grid Gallery
Plugin:Â Grid Gallery
Vulnerability: Photo Image Grid Gallery
Patched in Version: 1.2.5
Â
#29 WP Custom Fields Search
Plugin:Â WP Custom Fields Search
Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.0
Â
#30 Google Language Translator
Plugin:Â Google Language Translator
Vulnerability: Authenticated (author+) Cross-Site Scripting (XSS)
Patched in Version: 6.0.10
Â
#31 Send Grid
Plugin:Â SendGrid
Vulnerability: Authenticated Authorization Bypass
Patched in Version:Â no known fix
Â
Â
#32 News Plugin
Plugin:Â NewsPlugin
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version:Â no known fix
Â
#33 Charitable - Donation Plugin
Plugin: Charitable – Donation Plugin
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.6.51
Â
#34 Lifter LMS
Plugin: Charitable – Donation Plugin
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.6.51
Â
#35 WooCommerce Currency Switcher
Plugin:Â WooCommerce Currency Switcher
Vulnerability: Authenticated (Low Privilege) Local File Inclusion
Patched in Version: 1.3.7
Â
#36 Simple Post
Plugin:Â Simple Post
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
Â
#37 WP GraphQL
Plugin:Â WPGraphQL
Vulnerability: Denial of Service
Patched in Version: 1.3.6
Â
#38 GTranslate
Plugin:Â GTranslateÂ
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.8.65
Â
#39 Diary & Availability Calendar
Plugin:Â Diary & Availability Calendar
Vulnerability: Authenticated (subscriber+) SQL Injection
Patched in Version:Â no known fix
Â
#40 Email Subscriber
Plugin:Â Email Subscriber
Vulnerability: Unauthenticated Stored Cross-Site Scripting (XSS)
Patched in Version:Â no known fix
Â
#41 M-vSlider
Plugin:Â M-vSlider
Vulnerability: Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix
Â
#42 Project Status
Plugin:Â Project Status
Vulnerability: Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix
Â
#43 ACE IDE
Plugin:Â AceIDE
Vulnerability: Authenticated (admin+) Arbitrary File Access
Patched in Version:Â no known fix
Â
#44 Broken Link Manager
Plugin:Â Broken Link Manager
Vulnerability: Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix
Â
#45 Edit Comments
Plugin:Â Edit Comments
Vulnerability: Unauthenticated SQL Injection
Patched in Version:Â no known fix
Â
#46 Simple Events Calendar
Plugin:Â Simple Events Calendar
Vulnerability: Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix
Â
#47 Timeline Calendar
Plugin:Â Timeline Calendar
Vulnerability: Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix
Â
#48 PayTM - Donation Plugin
Plugin: Paytm – Donation Plugin
Vulnerability: 1.3.2 – Authenticated (admin+) SQL Injection
Patched in Version:Â no known fix