The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unpatched and unauthenticated settings import vulnerability that could lead to multiple stored XSS.

The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.

This post reviews WordPress themes and plugins vulnerabilities that received little to no coverage until today.

The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.

The WordPress MStore API plugin, which has 1,000+ active installations, fixed critical a vulnerability affecting version 2.1.6 and below that could allow an unauthenticated user to create or edit administrator accounts.