Known WordPress Vulnerabilities – July 2019

According to Common Vulnerabilities and Exposures and The Free and Open Software Security Community here are the main current security issues with WordPress. The known issues are in plugins and one theme. The WordPress Application itself (the Core) does not have any know issues at this time. The plugin names in bold are ones I’ve used.

If you have any of these plugins, you should 1) backup your WordPress website (I use WP Updraft for that) then 2) update your plugins. If you use WP Like Button or One Signal you should remove these plugins and switch to something else.

Plugin or ThemeAffected Version (or before in most cases)Issue TypeRequired Action
Yoast SEO 11.5XSSUpgrade
WooCommerce 3.6.4XSSUpgrade
Ad Inserter2.4.19Restricted directory accessUpgrade
WP Statistics InjectionUpgrade
Visitors Traffic Real Time Statistics2.0.5 XSSUpgrade
Essential Real Estate1.7.1XSSUpgrade
Appointment Booking Calendar1.3.18XSSUpgrade
Gallery PhotoBlocks1.1.40XSSUpgrade
Slimstat Analytics4.8.3XSSUpgrade
WP Google Maps7.11.34XSSUpgrade
LiveChat 3.7.2XSSUpgrade
WP Like Button1.6.4Site AccessRemove
File Manager5.0WebARXUpgrade
One Click SSL1.4.6 AJAX  AccessUpgrade
Ultimate Member

FV Flowplayer Video Player7.3.18.727SQL InjectionUpgrade
Zoner – Real Estate
WordPress Theme

One Signal1.17.5XSSRemove
All-in-One WP Migration6.97XSSUpgrade
WPS Hide Login1.5.2.2BugUpgrade
Photo Gallery by 10Web1.5.30SQL InjectionUpgrade
Email Subscribers & Newsletters4.1.7SQL InjectionUpgrade
Contact Form & SMTP Plugin for WordPress1.5.1XSSUpgrade
Everest Forms1.4.9SQL InjectionUpgrade
Adaptive Images for WordPress0.6.66 Pull or Delete you filesUpgrade
AdRotate Banner Manager5.2SQL InjectionUpgrade
Contact Form 7 Dynamic Text Extension2.0.2.1XSSUpgrade
Blog2Social: Social Media Auto Post & Scheduler5.5.0SQL InjectionUpgrade
Simple Membership3.8.4XSSUpgrade
Advanced Contact form 7 DB1.6.1SQL InjectionUpgrade
Coming Soon Page & Maintenance Mode 1.8.0XSSUpgrade
WordPress Ultra Simple Paypal Shopping Cart4.4XSSUpgrade
Category Specific RSS feed Subscription4.4 XSSUpgrade
Appointment Hour Booking1.1.45XSSUpgrade

Published by


Kimball is a website designer and developer in Goffstown, NH.

Leave a Reply

Your email address will not be published. Required fields are marked *