Watch Out Wednesday – November 1, 2023

Plugin: VK Filter Search

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.3.2
Recommended Action: Update to version 2.3.2, or a newer patched version

Plugin: Image vertical reel scroll slideshow

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.1
Recommended Action: Update to version 9.1, or a newer patched version

Plugin: Jquery accordion slideshow

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 8.2
Recommended Action: Update to version 8.2, or a newer patched version

Plugin: Image horizontal reel scroll slideshow

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 13.3
Recommended Action: Update to version 13.3, or a newer patched version

Plugin: Admin and Site Enhancements (ASE)

Vulnerability: Password Protection Mode Security Feature Bypass
Patched Version: 5.8.0
Recommended Action: Update to version 5.8.0, or a newer patched version

Plugin: Up down image slideshow gallery

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version

Plugin: Custom Header Images

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Simple Galleries

Vulnerability: Authenticated (Contributor+) PHP Object Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.8
Recommended Action: Update to version 2.8, or a newer patched version

Plugin: kk Star Ratings

Vulnerability: Missing Authorization
Patched Version: 5.4.6
Recommended Action: Update to version 5.4.6, or a newer patched version

Plugin: WP Customer Reviews

Vulnerability: Authenticated (Subscriber+) Sensitive Information Exposure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Google Maps made Simple

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress Simple HTML Sitemap

Vulnerability: Reflected Cross-Site Scripting via id
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: SAHU TikTok Pixel for E-Commerce

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Bonus for Woo

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 5.8.3
Recommended Action: Update to version 5.8.3, or a newer patched version

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Cross-Site Request Forgery to Stripe Integration Deletion
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version

Plugin: Autolinks Manager

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)

Vulnerability: Unauthenticated Remote Code Execution via Local File Inclusion
Patched Version: 3.4.2
Recommended Action: Update to version 3.4.2, or a newer patched version

Plugin: Auto Excerpt everywhere

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Animated Counters

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.8
Recommended Action: Update to version 1.8, or a newer patched version

Plugin: EasyRecipe

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Superb slideshow gallery

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 13.2
Recommended Action: Update to version 13.2, or a newer patched version

Plugin: Jquery news ticker

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 3.1
Recommended Action: Update to version 3.1, or a newer patched version

Plugin: PubyDoc – Data Tables and Charts

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: FareHarbor for WordPress

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.6.8
Recommended Action: Update to version 3.6.8, or a newer patched version

Plugin: Shortcode Menu

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Medialist

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Patched Version: 1.4.0
Recommended Action: Update to version 1.4.0, or a newer patched version

Plugin: Remove Add to Cart WooCommerce

Vulnerability: Cross-Site Request Forgery to Settings Modification
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Bellows Accordion Menu

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.4.3
Recommended Action: Update to version 1.4.3, or a newer patched version

Plugin: Wp photo text slider 50

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 8.1
Recommended Action: Update to version 8.1, or a newer patched version

Plugin: Wp anything slider

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.2
Recommended Action: Update to version 9.2, or a newer patched version

Plugin: Slick Popup: Contact Form 7 Popup Plugin

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.7.15
Recommended Action: Update to version 1.7.15, or a newer patched version

Plugin: Ads by datafeedr.com

Vulnerability: Unauthenticated (Limited) Remote Code Execution
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: CloudNet360

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Word Count

Vulnerability: Missing Authorization via calculate_statistics
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Post Popup

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: All-In-One Security (AIOS) – Security and Firewall

Vulnerability: Protection Bypass of Renamed Login Page via URL Encoding
Patched Version: 5.2.5
Recommended Action: Update to version 5.2.5, or a newer patched version

Plugin: Information Reel

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 10.1
Recommended Action: Update to version 10.1, or a newer patched version

Plugin: User Avatar

Vulnerability: Unauthenticated Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Left right image slideshow gallery

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version

Plugin: Article analytics

Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Generate Dummy Posts

Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Export WP Page to Static HTML/CSS

Vulnerability: Cross-Site Request Forgery via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: My Shortcodes

Vulnerability: Missing Authorization via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Ni WooCommerce Sales Report

Vulnerability: Missing Authorization via ajax_sales_order
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: wp image slideshow

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version

Plugin: YITH WooCommerce Product Add-Ons

Vulnerability: Missing Authorization
Patched Version: 4.2.1
Recommended Action: Update to version 4.2.1, or a newer patched version

Plugin: iframe forms

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: PHP to Page

Vulnerability: Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Magic Embeds

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP EXtra

Vulnerability: Missing Authorization to Arbitrary Email Sending
Patched Version: 6.3
Recommended Action: Update to version 6.3, or a newer patched version

Plugin: Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More

Vulnerability: Store Exporter <= 2.7.2
Patched Version: 2.7.2.1
Recommended Action: Update to version 2.7.2.1, or a newer patched version

Plugin: Parcel Pro

Vulnerability: Open Redirect via ‘redirect’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Seraphinite Accelerator

Vulnerability: Arbitrary Redirect via ‘redir’
Patched Version: 2.20.29
Recommended Action: Update to version 2.20.29, or a newer patched version

Plugin: Seraphinite Accelerator

Vulnerability: Reflected Cross-Site Scripting via ‘rt’
Patched Version: 2.20.29
Recommended Action: Update to version 2.20.29, or a newer patched version

Plugin: ImageLinks Interactive Image Builder for WordPress

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.6.0
Recommended Action: Update to version 1.6.0, or a newer patched version

Plugin: Simple Shortcodes

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Grid Plus – Unlimited grid layout

Vulnerability: Authenticated (Subscriber+) Local File Inclusion via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin

Vulnerability: Missing Authorization via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.12.2
Recommended Action: Update to version 1.12.2, or a newer patched version

Plugin: Accordion

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.7
Recommended Action: Update to version 2.7, or a newer patched version

Plugin: WDSocialWidgets

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Related Products for WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Original texts Yandex WebMaster

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress Knowledge base & Documentation Plugin – WP Knowledgebase

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Live updates from Excel

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: idbbee

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Custom Login Page | Temporary Users | Rebrand Login | Login Captcha

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP fade in text news

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version

Plugin: FLOWFACT WP Connector

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: GD Security Headers

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.7.1
Recommended Action: Update to version 1.7.1, or a newer patched version

Plugin: DeepL API translation plugin

Vulnerability: Cross-Site Request Forgery via wpdeepl_prune_logs
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Thumbnail carousel slider

Vulnerability: Cross-Site Request Forgery to Mass Slider Deletion
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version

Plugin: Buzzsprout Podcasting

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Weather Atlas Widget

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Simple User Listing

Vulnerability: Reflected Cross-Site Scripting via as
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Popup with fancybox

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 3.6
Recommended Action: Update to version 3.6, or a newer patched version

Plugin: Booking calendar, Appointment Booking System

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 3.2.12
Recommended Action: Update to version 3.2.12, or a newer patched version

Plugin: WPPizza – A Restaurant Plugin

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.18.3
Recommended Action: Update to version 3.18.3, or a newer patched version

Plugin: Vertical marquee plugin

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 7.2
Recommended Action: Update to version 7.2, or a newer patched version

Plugin: Message ticker

Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.3
Recommended Action: Update to version 9.3, or a newer patched version

Plugin: Seraphinite Accelerator

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.20.32
Recommended Action: Update to version 2.20.32, or a newer patched version

Plugin: Grid Plus – Unlimited grid layout

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Fathom Analytics for WP

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version

Plugin: WCP OpenWeather

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to User, Term, and Post Meta Deletion
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version

Plugin: Current Menu Item for Custom Post Types

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.6
Recommended Action: Update to version 1.6, or a newer patched version

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Cross-Site Request Forgery to plugin installation
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version

Plugin: Category SEO Meta Tags

Vulnerability: Cross-Site Request Forgery via csmt_admin_options
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Cross-Site Request Forgery to plugin deactivation
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version

Plugin: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Vulnerability: Unauthenticated Arbitrary Option Deletion
Patched Version: 2.24.18
Recommended Action: Update to version 2.24.18, or a newer patched version

Plugin: Thumbnail Slider With Lightbox

Vulnerability: Cross-Site Request Forgery to Arbitrary File Upload
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version

Plugin: Alter

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Pre-Orders for WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.14
Recommended Action: Update to version 1.2.14, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data
Patched Version: 2.7.11.11
Recommended Action: Update to version 2.7.11.11, or a newer patched version

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated (Contributor+) Local File Inclusion via Shortcode
Patched Version: 2.8
Recommended Action: Update to version 2.8, or a newer patched version

Plugin: Product Recommendation Quiz for eCommerce

Vulnerability: Missing Authorization in prq_set_token
Patched Version: 2.1.2
Recommended Action: Update to version 2.1.2, or a newer patched version

Plugin: Deeper Comments

Vulnerability: Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Mail logging – WP Mail Catcher

Vulnerability: WP Mail Catcher <= 2.1.3
Patched Version: 2.1.4
Recommended Action: Update to version 2.1.4, or a newer patched version

Plugin: Neon text

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2
Recommended Action: Update to version 1.2, or a newer patched version

Plugin: WP Glossary

Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Custom My Account for Woocommerce

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Auto Limit Posts Reloaded

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.