The WordPress Ultimate Addons for Gutenberg plugin (200,000+ active installations) fixed an authenticated settings change vulnerability affecting version 1.14.7 and below.

The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unpatched and unauthenticated settings import vulnerability that could lead to multiple stored XSS.

The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.

This post reviews WordPress themes and plugins vulnerabilities that received little to no coverage until today.

The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.