Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 375 vulnerabilities disclosed in 297 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 75 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-685 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-687 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
---|---|
Patched | 295 |
Unpatched | 80 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 321 |
High Severity | 31 |
Critical Severity | 22 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 220 |
Missing Authorization | 38 |
Cross-Site Request Forgery (CSRF) | 34 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 24 |
Deserialization of Untrusted Data | 7 |
Information Exposure | 7 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6 |
Unrestricted Upload of File with Dangerous Type | 6 |
Authorization Bypass Through User-Controlled Key | 5 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 5 |
Server-Side Request Forgery (SSRF) | 5 |
Use of Less Trusted Source | 5 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 3 |
Improper Input Validation | 3 |
Guessable CAPTCHA | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') | 1 |
Improper Privilege Management | 1 |
Incomplete Blacklist to Cross-Site Scripting | 1 |
Incorrect Privilege Assignment | 1 |
Use of Insufficiently Random Values | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
---|---|
46 | |
32 | |
23 | |
23 | |
16 | |
14 | |
14 | |
14 | |
12 | |
11 | |
10 | |
9 | |
9 | |
8 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name | Software Slug |
---|---|
10Web Map Builder for Google Maps | wd-google-maps |
140+ Widgets | Best Addons For Elementor – FREE | xpro-elementor-addons |
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials | gs-testimonial |
Action Network | wp-action-network |
Add Shortcodes Actions And Filters | add-actions-and-filters |
AdsPlace'r – Ad Manager, Inserter, AdSense Ads | adsplacer |
Advanced Sermons | advanced-sermons |
Aesop Story Engine | aesop-story-engine |
affiliate-toolkit – WordPress Affiliate Plugin | affiliate-toolkit-starter |
AI Twitter Feeds (Twitter widget & shortcode) | ai-twitter-feeds |
AI WP Writer – автонаполнение сайта ChatGPT 3.5, GPT 4 и изображениями лучших нейросетей | ai-wp-writer |
All In One Redirection | all-in-one-redirection |
Announcement & Notification Banner – Bulletin | bulletin-announcements |
Aparat for WordPress | wp-aparat |
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments |
Appointment Calendar | appointment-calendar |
Author Box, Guest Author and Co-Authors for Your Posts – Molongui | molongui-authorship |
Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
B Slider – Slider for your block editor | b-slider |
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
Better Elementor Addons | better-elementor-addons |
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg | betterdocs |
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More. | print-google-cloud-print-gcp-woocommerce |
Bold Page Builder | bold-page-builder |
BoldGrid Easy SEO – Simple and Effective SEO | boldgrid-easy-seo |
Booking Activities | booking-activities |
Booking Package | booking-package |
Booster for WooCommerce | woocommerce-jetpack |
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content | brave-popup-builder |
Breeze – WordPress Cache Plugin | breeze |
Broken Images | wp-broken-images |
BuddyPress Moderation | youzify-moderation |
Builderall Builder for WordPress | builderall-cheetah-for-wp |
Bulk NoIndex & NoFollow Toolkit | bulk-noindex-nofollow-toolkit-by-mad-fish |
Button | button |
Calculated Fields Form | calculated-fields-form |
Calendarista Basic Edition – WordPress appointment booking system | calendarista-basic-edition |
Carousel Anything For WPBakery Page Builder – Touch Slider and Carousel | carousel-anything |
CGC Maintenance Mode | cgc-maintenance-mode |
Change default login logo,url and title | change-default-login-logo-url-and-title |
Chauffeur Taxi Booking System for WordPress | chauffeur-booking-system |
Check & Log Email | check-email |
Christmas Greetings | christmas-greetings |
Church Admin | church-admin |
CM Download Manager – Document and File Management | cm-download-manager |
CMP – Coming Soon & Maintenance Plugin by NiteoThemes | cmp-coming-soon-maintenance |
Co-marquage service-public.fr | co-marquage-service-public |
Collect.chat – Chatbot | collectchat |
Comic Easel | comic-easel |
Compact WP Audio Player | compact-wp-audio-player |
Contact Form 7 Newsletter | contact-form-7-newsletter |
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce | enhanced-e-commerce-for-woocommerce-store |
Convert Post Types | convert-post-types |
Creative Image Slider – Responsive Slider Plugin | creative-image-slider |
CRM Perks Forms – WordPress Form Builder | crm-perks-forms |
Crypto Converter Widget | crypto-converter-widget |
CubeWP – All-in-One Dynamic Content Framework | cubewp-framework |
Custom Field Bulk Editor | custom-field-bulk-editor |
Custom WooCommerce Checkout Fields Editor | add-fields-to-checkout-page-woocommerce |
DD Rating | dd-rating |
DELUCKS SEO | delucks-seo |
Doneren met Mollie | doneren-met-mollie |
Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress | dracula-dark-mode |
Dropdown multisite selector | dropdown-multisite-selector |
DX-Watermark | dx-watermark |
Easy Appointments | easy-appointments |
Easy Form Builder | easy-form-builder |
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box | easy-facebook-likebox |
Easy Textillate | easy-textillate |
easy-social-share-buttons3 | easy-social-share-buttons3 |
Ecwid Ecommerce Shopping Cart | ecwid-shopping-cart |
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) | bdthemes-element-pack-lite |
Elementor Addon Elements | addon-elements-for-elementor-page-builder |
Elementor Website Builder Pro | elementor-pro |
Elementor Website Builder – More than Just a Page Builder | elementor |
ElementsKit Elementor addons | elementskit-lite |
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM | fluent-crm |
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
Event Tickets and Registration | event-tickets |
EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
Events Manager – Calendar, Bookings, Tickets, and more! | events-manager |
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | everest-backup |
Exchange Rates Widget | exchange-rates-widget |
Exclusive Addons for Elementor | exclusive-addons-for-elementor |
Export and Import Users and Customers | users-customers-import-export-for-wp-woocommerce |
Falang multilanguage for WordPress | falang |
Fancy Comments WordPress | fancy-facebook-comments |
Favorites | favorites |
FG PrestaShop to WooCommerce | fg-prestashop-to-woocommerce |
Filter Custom Fields & Taxonomies Light | filter-custom-fields-taxonomies-light |
Finale Lite – Sales Countdown Timer & Discount for WooCommerce | finale-woocommerce-sales-countdown-timer-discount |
FlatPM – Ad Manager, AdSense and Custom Code | flatpm-wp |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
FOX – Currency Switcher Professional for WooCommerce | woocommerce-currency-switcher |
Frontend Dashboard | frontend-dashboard |
Fullscreen Galleria | fullscreen-galleria |
FV Flowplayer Video Player | fv-wordpress-flowplayer |
Gallery – Image and Video Gallery with Thumbnails | gallery-album |
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress | gamipress |
Geo Controller | cf-geoplugin |
GetResponse for WordPress | getresponse-integration |
Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program | gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce |
Grid Shortcodes | grid-shortcodes |
Gutenberg Block Editor Toolkit – EditorsKit | block-options |
Gutenberg Blocks by Kadence Blocks – Page Builder Features | kadence-blocks |
Hacklog Down As PDF | down-as-pdf |
Hash Elements | hash-elements |
Header Image Slider | header-image-slider |
HeartThis | heart-this |
Hot Random Image | hot-random-image |
HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
Hubbub Lite – Fast, Reliable Social Sharing Buttons | social-pug |
HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
iCalendrier | icalendrier |
iFlyChat – WordPress Chat | iflychat |
Image Hover Effects – Elementor Addon | image-hover-effects-addon-for-elementor |
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site | integrate-google-drive |
Kanban Boards for WordPress | kanban |
Klarna Payments for WooCommerce | klarna-payments-for-woocommerce |
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages | page-builder-add |
Landingi Landing Pages | landingi-landing-pages |
Layouts for Elementor | layouts-for-elementor |
Lightbox slider – Responsive Lightbox Gallery | simple-lightbox-gallery |
Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | limit-attempts |
Link Whisper Free | link-whisper |
LionScripts: IP Blocker Lite | ip-address-blocker |
List category posts | list-category-posts |
Locatoraid Store Locator | locatoraid |
Lordicon Animated Icons | lordicon-interactive-icons |
LWS Optimize | lws-optimize |
MailChimp Forms by MailMunch | mailchimp-forms-by-mailmunch |
Mailster WordPress Newsletter Plugin Compatibility Tester | mailster |
Mang Board WP | mangboard |
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor | master-addons |
MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more | ilab-media-tools |
Media Library Assistant | media-library-assistant |
Media Library Folders | media-library-plus |
Meta Tag Manager | meta-tag-manager |
Mighty Classic Pros And Cons | joomdev-wp-pros-cons |
Move Addons for Elementor | move-addons |
MP3 Audio Player for Music, Radio & Podcast by Sonaar | mp3-music-player-by-sonaar |
Multiple Page Generator Plugin – MPG | multiple-pages-generator-by-porthas |
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution | dc-woocommerce-multi-vendor |
MyBookTable Bookstore by Stormhill Media | mybooktable |
Nelio Content – Best Editorial Calendar & Social Media Scheduling | nelio-content |
New Order Notification for Woocommerce | new-order-notification-for-woocommerce |
News Wall | news-wall |
Newsletter – Send awesome emails from WordPress | newsletter |
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | ninja-forms |
NPS computy | nps-computy |
Off-Canvas Sidebars & Menus (Slidebars) | off-canvas-sidebars |
OpenID | openid |
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) | stepbyteservice-openstreetmap |
OSS Aliyun | oss-aliyun |
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | otter-blocks |
Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
pageMash > Page Management | pagemash |
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
Paid Memberships Pro – Mailchimp Add On | pmpro-mailchimp |
Paid Memberships Pro – Payfast Gateway Add On | pmpro-payfast |
PDF Builder for WPForms | pdf-builder-for-wpforms |
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip | 3d-flipbook-dflip-lite |
PDF Viewer for Elementor | pdf-viewer-for-elementor |
Photo Gallery by Ays – Responsive Image Gallery | gallery-photo-gallery |
Photo Gallery by Supsystic | gallery-by-supsystic |
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress | contest-gallery |
Platinum SEO | platinum-seo-pack |
Pocket News Generator | pocket-news-generator |
Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
Podlove Web Player | podlove-web-player |
Pods – Custom Content Types and Fields | pods |
Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
Popup Cart Lite for WooCommerce | woocommerce-woocart-popup-lite |
Portfolio Gallery – Image Gallery Plugin | portfolio-filter-gallery |
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | post-and-page-builder |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | buddyforms |
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks | post-grid |
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | post-grid-carousel-ultimate |
Post-Plugin Library | post-plugin-library |
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | powerpack-lite-for-elementor |
Premium Packages – Sell Digital Products Securely | wpdm-premium-packages |
Prenotazioni | prenotazioni |
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | pretty-link |
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) | bdthemes-prime-slider-lite |
Print Page block – Print the entire page or Section. | print-page |
Product Import Export for WooCommerce | product-import-export-for-woo |
ProfileGrid – User Profiles, Memberships, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
PropertyHive | propertyhive |
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress | radio-player |
Real Media Library: Media Library Folder & File Manager | real-media-library-lite |
ReDi Restaurant Reservation | redi-restaurant-reservation |
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
Responsive flipbook wordpress plugin free download | wppdf |
ReviewX – Multi-criteria Rating & Reviews for WooCommerce | reviewx |
RoyalSlider | new-royalslider |
RT Easy Builder – Advanced addons for Elementor | rt-easy-builder-advanced-addons-for-elementor |
Salon booking system | salon-booking-system |
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster | sellkit |
SEO Backlink Monitor | seo-backlink-monitor |
SEO Plugin by Squirrly SEO | squirrly-seo |
SEO Title Tag | seo-title-tag |
Shipping with Venipak for WooCommerce | wc-venipak-shipping |
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension | shortcode-addons |
Shortcodes and extra features for Phlox theme | auxin-elements |
Simple Ajax Chat – Add a Fast, Secure Chat Box | simple-ajax-chat |
Simple Buttons Creator | simple-buttons-creator |
Simple Revisions Delete | simple-revisions-delete |
Simply Static | simply-static |
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) | sina-extension-for-elementor |
Sliced Invoices – WordPress Invoice Plugin | sliced-invoices |
Slider by Supsystic | slider-by-supsystic |
Slider Hero with Animation, Video Background | slider-hero |
Slugs Manager: Delete Old Permalinks from WordPress Database | remove-old-slugspermalinks |
Social Author Bio | social-autho-bio |
Social Icons Widget & Block by WPZOOM | social-icons-widget-by-wpzoom |
SP Project & Document Manager | sp-client-document-manager |
Special Box for Content | special-box-for-content |
SpiderFAQ | spider-faq |
Spiffy Calendar | spiffy-calendar |
Spin 360 deg and 3D Model Viewer | spin360 |
Sponsors | wp-sponsors |
Stackable – Page Builder Gutenberg Blocks | stackable-ultimate-gutenberg-blocks |
Sticky Anything | toast-stick-anything |
Stratum – Elementor Widgets | stratum |
StreamWeasels Twitch Integration | streamweasels-twitch-integration |
Sunshine Photo Cart: Free Client Galleries for Photographers | sunshine-photo-cart |
Survey Maker – Best WordPress Survey Plugin | survey-maker |
Sydney Toolbox | sydney-toolbox |
Tainacan | tainacan |
Tax Rate Upload | tax-rate-upload |
The Plus Addons for Elementor | the-plus-addons-for-elementor-page-builder |
The Plus Blocks for Block Editor | Gutenberg | the-plus-addons-for-block-editor |
Themify Event Post | themify-event-post |
Themify Shortcodes | themify-shortcodes |
Thumbs Rating | thumbs-rating |
Travelers' Map | travelers-map |
Tumult Hype Animations | tumult-hype-animations |
Tutor LMS Elementor Addons | tutor-lms-elementor-addons |
Ultimate Addons for Beaver Builder – Lite | ultimate-addons-for-beaver-builder-lite |
Ultimate Social Comments – Email Notification & Lazy Load | ultimate-facebook-comments |
underConstruction | underconstruction |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
User Rights Access Manager | user-rights-access-manager |
VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
VS Contact Form | very-simple-contact-form |
WC Builder – WooCommerce Page Builder for WPBakery | wc-builder |
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | wc-frontend-manager |
Web Icons | icon |
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming | webinar-and-video-conference-with-jitsi-meet |
Weekly Class Schedule | weekly-class-schedule |
weForms – Easy Drag & Drop Contact Form Builder For WordPress | weforms |
Whizzy | whizzy |
Wholesale For WooCommerce | woocommerce-wholesale-pricing |
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) | wholesalex |
Woo Viet – WooCommerce for Vietnam | woo-viet |
WooCommerce Bookings Calendar | woo-bookings-calendar |
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce | cartflows |
WooCommerce Multilingual & Multicurrency with WPML | woocommerce-multilingual |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | print-invoices-packing-slip-labels-for-woocommerce |
Woocommerce Social Media Share Buttons | woocommerce-social-media-share-buttons |
WordPress Contact Forms by Cimatti | contact-forms |
WordPress CRM Plugin – WP-CRM System | wp-crm-system |
WordPress File Upload | wp-file-upload |
WordPress Infinite Scroll – Ajax Load More | ajax-load-more |
WordPress Page Builder – Zion Builder | zionbuilder |
WP Change Email Sender | wp-change-email-sender |
WP Chat App | wp-whatsapp |
WP Cost Estimation & Payment Forms Builder | wp-estimation-form |
WP Directory Kit | wpdirectorykit |
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | erp |
WP Express Checkout (Accept PayPal Payments Easily) | wp-express-checkout |
WP Fast Total Search – The Power of Indexed Search | fulltext-search |
WP Go Maps (formerly WP Google Maps) | wp-google-maps |
WP Hotel Booking | wp-hotel-booking |
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest | epoll-wp-voting |
WP Post Disclaimer | wp-post-disclaimer |
WP Reset – Most Advanced WordPress Reset Tool | wp-reset |
WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
WP Smart Import : Import any XML File to WordPress | wp-smart-import |
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
WP Travel Engine – Best Travel Booking WordPress Plugin | wp-travel-engine |
WP Twitter Mega Fan Box Widget | wp-twitter-mega-fan-box |
WP User Profile Avatar | wp-user-profile-avatar |
WP-Eggdrop | wp-eggdrop |
wp-forecast | wp-forecast |
WP-Lister Lite for Amazon | wp-lister-for-amazon |
WPBakery Page Builder Addons by Livemesh | addons-for-visual-composer |
WPC Badge Management for WooCommerce | wpc-badge-management |
WPCS – WordPress Currency Switcher Professional | currency-switcher |
WPFront Notification Bar | wpfront-notification-bar |
YITH WooCommerce Account Funds Premium | yith-woocommerce-account-funds-premium |
Yoo Slider – Image Slider & Video Slider | yoo-slider |
Zotpress | zotpress |
WordPress Themes with Reported Vulnerabilities Last Week
Software Name | Software Slug |
---|---|
Astra | astra |
Jobeleon WPJobBoard | jobeleon-wpjobboard |
Networker – Tech News WordPress Theme with Dark Mode | networker |
Newsmatic | newsmatic |
Nictitate | nictitate |
OceanWP | oceanwp |
Responsive | responsive |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024) appeared first on Wordfence.