Is your site up to date?
Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!
Events Manager
Plugin:Â Events Manager
Vulnerability: Admin+ SQL Injection
Patched in Version: 5.9.8
Rich Reviews by Starfish
Plugin:Â Rich Reviews by Starfish
Vulnerability: Admin+ SQL Injection
Patched in Version: 1.9.6
Typebot
Plugin:Â Typebot
Vulnerability: Admin+ Stored Cross Site Scripting
Patched in Version: 1.4.3
Contact Form & Lead Form Elementor Builder
Plugin:Â Contact Form & Lead Form Elementor Builder
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.6.4
Download Manager
Plugin:Â Download Manager
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 3.2.22
WP RSS Aggregator
Plugin:Â Subscriber+ Stored Cross-Site Scripting
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.19.3
Buttonizer – Smart Floating Action Button
Plugin: Buttonizer – Smart Floating Action Button
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.5.5
WP Mail Logging
Plugin:Â WP Mail Logging
Vulnerability: Outdated Redux Framework
Patched in Version: 1.10.0
Stetic
Plugin:Â SteticÂ
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Contact Form With Captcha
Plugin:Â Contact Form With Captcha
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Awesome Support
Plugin:Â Awesome SupportÂ
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 6.0.7
Asgaros Forums
Plugin:Â Asgaros Forums
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.15.14
LiteSpeed Cache
Plugin:Â LiteSpeed Cache
Vulnerability: IP Check Bypass to Unauthenticated Stored XSS
Patched in Version: 4.4.4
Video Conferencing with Zoom
Plugin:Â Video Conferencing with Zoom
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.8.16
Booster for Woocommerce
Plugin:Â Booster for Woocommerce
Vulnerability: Reflected Cross-Site Scripting in PDF Invoicing Module
Patched in Version: 5.4.9
Speed Booster Pack
Plugin:Â Speed Booster Pack
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.3.3.1
OMGF
Plugin:Â OMGF
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.5.12
CAOS
Plugin:Â CAOS
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.1.9
WP Travel Engine
Plugin:Â WP Travel Engine
Vulnerability: Editor+ Stored Cross-Site Scripting
Patched in Version: 5.3.1
Download Monitor
Plugin:Â Download Monitor
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.4.5
Mortgage Calculator / Loan Calculator
Plugin:Â Mortgage Calculator / Loan Calculator
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.5.17
Variation Swatches for WooCommerce
Plugin:Â Variation Swatches for WooCommerce
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 2.1.2
ClickBank Affiliate Ads
Plugin:Â ClickBank Affiliate Ads
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed
Advanced Custom Fields
Plugin:Â Advanced Custom Fields
Vulnerability: Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move
Patched in Version: 5.11
Canto
Plugin:Â CantoÂ
Vulnerability: Unauthenticated Blind SSRF
Patched in Version:Â No known fix
All-In-One-Gallery
Plugin:Â All-In-One-Gallery
Vulnerability: Admin+ Local File Inclusion
Patched in Version: 2.5.0
