The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.
This post reviews WordPress themes and plugins vulnerabilities that received little to no coverage until today.
The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.
The WordPress MStore API plugin, which has 1,000+ active installations, fixed critical a vulnerability affecting version 2.1.6 and below that could allow an unauthenticated user to create or edit administrator accounts.
The WordPressWP Security Audit Log plugin, (100,000+ active installations), fixed a vulnerability that could lead to privilege escalation, sensitive data exposure and insecure deserialization.