Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Vulnerability: Missing Authorization
Patched Version: 1.0.6.2
Recommended Action: Update to version 1.0.6.2, or a newer patched version
Plugin: Html5 Video Player
Vulnerability: Unauthenticated SQL Injection via id
Patched Version: 2.5.25
Recommended Action: Update to version 2.5.25, or a newer patched version
Plugin: Restrict Usernames Emails Characters
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 3.1.4
Recommended Action: Update to version 3.1.4, or a newer patched version
Plugin: Heateor Social Login WordPress
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.1.31
Recommended Action: Update to version 1.1.31, or a newer patched version
Plugin: Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)
Vulnerability: Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options
Patched Version: 3.2.7
Recommended Action: Update to version 3.2.7, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via restore_records()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version
Plugin: Advanced iFrame
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2024.0
Recommended Action: Update to version 2024.0, or a newer patched version
Plugin: SlimStat Analytics
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 5.1.4
Recommended Action: Update to version 5.1.4, or a newer patched version
Plugin: Icons Font Loader
Vulnerability: Authenticated(Administrator+) Arbitrary File Upload
Patched Version: 1.1.5
Recommended Action: Update to version 1.1.5, or a newer patched version
Plugin: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Vulnerability: Unauthenticated Second Order SQL Injection
Patched Version: 3.7.2
Recommended Action: Update to version 3.7.2, or a newer patched version
Plugin: WooCommerce Conversion Tracking
Vulnerability: Missing Authorization via wcct_install_happy_addons
Patched Version: 2.0.12
Recommended Action: Update to version 2.0.12, or a newer patched version
Plugin: Chartify – WordPress Chart Plugin
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 2.0.7
Recommended Action: Update to version 2.0.7, or a newer patched version
Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.0.6.2
Recommended Action: Update to version 1.0.6.2, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via set_starred()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version
Plugin: Relevanssi – A Better Search (Pro)
Vulnerability: Unauthenticated Sensitive Information Exposure
Patched Version: 2.25
Recommended Action: Update to version 2.25, or a newer patched version
Plugin: Orbit Fox by ThemeIsle
Vulnerability: Missing Authorization
Patched Version: 2.10.29
Recommended Action: Update to version 2.10.29, or a newer patched version
Plugin: LearnDash LMS
Vulnerability: Sensitive Information Exposure via API
Patched Version: 4.10.2
Recommended Action: Update to version 4.10.2, or a newer patched version
Plugin: LearnDash LMS
Vulnerability: Sensitive Information Exposure via assignments
Patched Version: 4.10.2
Recommended Action: Update to version 4.10.2, or a newer patched version
Plugin: Popup More Popups, Lightboxes, and more popup modules
Vulnerability: Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Vulnerability: Missing Authorization via seedprod_lite_new_lpage
Patched Version: 6.15.22
Recommended Action: Update to version 6.15.22, or a newer patched version
Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.14.4
Recommended Action: Update to version 4.14.4, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.9.8
Recommended Action: Update to version 5.9.8, or a newer patched version
Plugin: Orbit Fox by ThemeIsle
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.10.230
Recommended Action: Update to version 2.10.230, or a newer patched version
Plugin: TablePress – Tables in WordPress made easy
Vulnerability: Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version
Plugin: PDF Flipbook, 3D Flipbook – DearFlip
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.27
Recommended Action: Update to version 2.2.27, or a newer patched version
Plugin: Woostify Sites Library
Vulnerability:
Patched Version: 1.4.8
Recommended Action: Update to version 1.4.8, or a newer patched version
Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Vulnerability: Missing Authorization
Patched Version: 4.4.2
Recommended Action: Update to version 4.4.2, or a newer patched version
Plugin: LearnDash LMS
Vulnerability: Sensitive Information Exposure via API
Patched Version: 4.10.3
Recommended Action: Update to version 4.10.3, or a newer patched version
Plugin: Auto Listings – Car Listings & Car Dealership Plugin for WordPress
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.6.6
Recommended Action: Update to version 2.6.6, or a newer patched version
Plugin: Page Builder: Pagelayer – Drag and Drop website builder
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting via Header/Footer code
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Beds24 Online Booking
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 2.0.24
Recommended Action: Update to version 2.0.24, or a newer patched version
Plugin: Calculated Fields Form
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.53
Recommended Action: Update to version 1.2.53, or a newer patched version
Plugin: Booking Calendar | Appointment Booking | BookIt
Vulnerability: Price Bypass
Patched Version: 2.4.1
Recommended Action: Update to version 2.4.1, or a newer patched version
Plugin: EventON Pro
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.4.1
Recommended Action: Update to version 4.4.1, or a newer patched version
Plugin: Feed Them Social – Page, Post, Video, and Photo Galleries
Vulnerability: Cross-Site Request Forgery via review_nag_check
Patched Version: 4.2.1
Recommended Action: Update to version 4.2.1, or a newer patched version
Plugin: UserPro – Community and User Profile WordPress Plugin
Vulnerability: Disabled Membership Registration Bypass
Patched Version: 5.1.7
Recommended Action: Update to version 5.1.7, or a newer patched version
Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 4.0.25
Recommended Action: Update to version 4.0.25, or a newer patched version
Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Vulnerability: Missing Authorization via set_read()
Patched Version: 8.5.7
Recommended Action: Update to version 8.5.7, or a newer patched version
Plugin: Anonymous Restricted Content
Vulnerability: Protection Mechanism Bypass
Patched Version: 1.6.3
Recommended Action: Update to version 1.6.3, or a newer patched version
Plugin: WP STAGING WordPress Backup Plugin – Migration Backup Restore
Vulnerability: Sensitive Information Exposure via cache files
Patched Version: 3.2.0
Recommended Action: Update to version 3.2.0, or a newer patched version