Vulnerabilities and security researches forwp-letsencrypt-ssl wp-letsencrypt-ssl

May 01, 2026

CVE, Research URL: CVE-2024-13362
Home page URL: Security reports for WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Application: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Date: May 01, 2026
Research Description: Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 8.0.8.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Application: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 5.7.10.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 345dd47d17cec59778cf45e1e81f577f696b2ecf
Home page URL: Security reports for WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Application: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Date: Feb 28, 2022
Research Description: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Scan [wp-letsencrypt-ssl] < 5.7.11 WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin < 5.7.11 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin (versions < 5.7.11).
Affected versions: max 5.7.11.
Status: vulnerable

CVE, Research URL: CVE-2023-7046
Home page URL: Security reports for WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Application: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score
Date: Apr 10, 2024
Research Description: The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys
Affected versions: max 7.1.0.
Status: vulnerable