Watch Out Wednesday – February 21, 2024

Plugin: Premium Addons for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.10.19
Recommended Action: Update to version 4.10.19, or a newer patched version

Plugin: Sydney Toolbox

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.26
Recommended Action: Update to version 1.26, or a newer patched version

Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version

Plugin: Ocean Extra

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version

Plugin: Premium Addons for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events
Patched Version: 4.10.19
Recommended Action: Update to version 4.10.19, or a newer patched version

Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version

Plugin: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget
Patched Version: 2.7.16
Recommended Action: Update to version 2.7.16, or a newer patched version

Plugin: WP Maintenance

Vulnerability: Information Exposure
Patched Version: 6.1.7
Recommended Action: Update to version 6.1.7, or a newer patched version

Plugin: Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages

Vulnerability: Unauthenticated Information Exposure
Patched Version: 1.7.3
Recommended Action: Update to version 1.7.3, or a newer patched version

Plugin: Simple Share Buttons Adder

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings
Patched Version: 8.4.12
Recommended Action: Update to version 8.4.12, or a newer patched version

Plugin: My Private Site

Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version

Plugin: Page scroll to id

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.7.9
Recommended Action: Update to version 1.7.9, or a newer patched version

Plugin: Microsoft Clarity

Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 0.9.4
Recommended Action: Update to version 0.9.4, or a newer patched version

Plugin: Best WordPress Gallery Plugin – FooGallery

Vulnerability:
Patched Version: 2.4.9
Recommended Action: Update to version 2.4.9, or a newer patched version

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education

Vulnerability: Unauthenticated SQL Injection
Patched Version: 3.2.6
Recommended Action: Update to version 3.2.6, or a newer patched version

Plugin: Piraeus Bank WooCommerce Payment Gateway

Vulnerability: Unauthenticated SQL Injection
Patched Version: 1.7.0
Recommended Action: Update to version 1.7.0, or a newer patched version