Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: WP Shortcodes Plugin — Shortcodes Ultimate
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Patched Version: 7.0.2
Recommended Action: Update to version 7.0.2, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in enableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Plugin Data Removal in reinitialize
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Matomo Analytics – Ethical Stats. Powerful Insights.
Vulnerability: Reflected Cross-Site Scripting via idsite
Patched Version: 5.0.1
Recommended Action: Update to version 5.0.1, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Plugin Data Removal in reinitialize
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via remove_from_wishlist
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: PPWP – Password Protect Pages
Vulnerability: Protection Mechanism Bypass
Patched Version: 1.9.0
Recommended Action: Update to version 1.9.0, or a newer patched version
Plugin: Elementor Website Builder – More than Just a Page Builder
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt
Patched Version: 3.19.0
Recommended Action: Update to version 3.19.0, or a newer patched version
Plugin: Elementor Website Builder – More than Just a Page Builder
Vulnerability: Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Patched Version: 3.19.1
Recommended Action: Update to version 3.19.1, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in stopOptimizeAll
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Elementor Addons by Livemesh
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 8.3.3
Recommended Action: Update to version 8.3.3, or a newer patched version
Plugin: WP Booking Calendar
Vulnerability: Unauthenticated SQL Injection
Patched Version: 9.9.1
Recommended Action: Update to version 9.9.1, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in optimizeAllOn
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Payment Forms for Paystack
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via remove_from_compare
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via add_to_compare
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: WP Recipe Maker
Vulnerability: Missing Authorization to Authenticated (Subscriber+) SQL Injecton
Patched Version: 9.2.0
Recommended Action: Update to version 9.2.0, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via add_to_wishlist
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in disableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in optimizeAllOn
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in disableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Missing Authorization via wpr_update_form_action_meta
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: Simple Page Access Restriction
Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 1.0.23
Recommended Action: Update to version 1.0.23, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via wpr_update_form_action_meta
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in stopOptimizeAll
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version