Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Vulnerability: Missing Authorization
Patched Version: 1.0.6.2
Recommended Action: Update to version 1.0.6.2, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via restore_records()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version
Plugin: Advanced iFrame
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2024.0
Recommended Action: Update to version 2024.0, or a newer patched version
Plugin: SlimStat Analytics
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 5.1.4
Recommended Action: Update to version 5.1.4, or a newer patched version
Plugin: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Vulnerability: Unauthenticated Second Order SQL Injection
Patched Version: 3.7.2
Recommended Action: Update to version 3.7.2, or a newer patched version
Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.0.6.2
Recommended Action: Update to version 1.0.6.2, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via set_starred()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version
Plugin: Orbit Fox by ThemeIsle
Vulnerability: Missing Authorization
Patched Version: 2.10.29
Recommended Action: Update to version 2.10.29, or a newer patched version
Plugin: Popup More Popups, Lightboxes, and more popup modules
Vulnerability: Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Vulnerability: Missing Authorization via seedprod_lite_new_lpage
Patched Version: 6.15.22
Recommended Action: Update to version 6.15.22, or a newer patched version
Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.14.4
Recommended Action: Update to version 4.14.4, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.9.8
Recommended Action: Update to version 5.9.8, or a newer patched version
Plugin: Orbit Fox by ThemeIsle
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.10.230
Recommended Action: Update to version 2.10.230, or a newer patched version
Plugin: Calculated Fields Form
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.53
Recommended Action: Update to version 1.2.53, or a newer patched version
Plugin: UserPro – Community and User Profile WordPress Plugin
Vulnerability: Disabled Membership Registration Bypass
Patched Version: 5.1.7
Recommended Action: Update to version 5.1.7, or a newer patched version
Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 4.0.25
Recommended Action: Update to version 4.0.25, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via set_read()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version