Vulnerable plugins and themes are the main reasons why WordPress websites get hacked. Some commonly used plugins are in our list of Vulnerability Report (powered by iTheme Security and WPScan) and here is the list and details about the fix. You may want to share with your friends and contacts.
Plugin: WP RSS Aggregator
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 4.19.2
Severity Score: Low
The vulnerability is patched, so you should update to version 4.19.2.
Plugin: WP Google Fonts
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.1.5
Severity Score: Medium
The vulnerability is patched, so you should update to version 3.1.5.
Plugin: SEO Redirection
Vulnerability: Subscriber+ SQL Injection
Patched in Version: 8.2
Severity Score: Medium
The vulnerability is patched, so you should update to version 8.2.
Plugin: Ninja Forms
Vulnerability: Admin+ SQL Injection
Patched in Version: 3.6.4
Severity Score: Medium
The vulnerability is patched, so you should update to version 3.6.4.
Plugin: Registrations for The Events Calendar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.7.5
Severity Score: High
The vulnerability is patched, so you should update to version 2.7.5.
