Plugin: Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Vulnerability: GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21
Patched Version: 2.7.7.22
Recommended Action: Update to version 2.7.7.22, or a newer patched version
Plugin: PDF Invoices & Packing Slips for WooCommerce
Vulnerability: Unauthenticated Server-Side Request Forgery
Patched Version: 3.8.1
Recommended Action: Update to version 3.8.1, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.9.16
Recommended Action: Update to version 5.9.16, or a newer patched version
Plugin: TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
Vulnerability: Authenticated (Shop Manager+) Stored Cross-Site Scripting
Patched Version: 1.5.1
Recommended Action: Update to version 1.5.1, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle
Patched Version: 5.9.16
Recommended Action: Update to version 5.9.16, or a newer patched version
Plugin: PDF Invoices & Packing Slips for WooCommerce
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 3.8.1
Recommended Action: Update to version 3.8.1, or a newer patched version
Plugin: Tutor LMS – eLearning and online course solution
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘tutor_instructor_list’ Shortcode
Patched Version: 2.7.0
Recommended Action: Update to version 2.7.0, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Information Exposure
Patched Version: 5.9.16
Recommended Action: Update to version 5.9.16, or a newer patched version
Plugin: Premium Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’
Patched Version: 4.10.29
Recommended Action: Update to version 4.10.29, or a newer patched version
Plugin: FOX – Currency Switcher Professional for WooCommerce
Vulnerability: Unauthenticated Arbitrary Shortcode Execution
Patched Version: 1.4.1.9
Recommended Action: Update to version 1.4.1.9, or a newer patched version
Plugin: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version
Plugin: Cornerstone
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 0.8.1
Recommended Action: Update to version 0.8.1, or a newer patched version
Plugin: Simple Membership
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 4.4.4
Recommended Action: Update to version 4.4.4, or a newer patched version
Plugin: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget
Patched Version: 3.5.3
Recommended Action: Update to version 3.5.3, or a newer patched version
Plugin: Interactive World Maps
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.5
Recommended Action: Update to version 2.5, or a newer patched version
Plugin: PropertyHive
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Patched Version: 2.0.13
Recommended Action: Update to version 2.0.13, or a newer patched version
Plugin: Classified Listing – Classified ads & Business Directory Plugin
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
Patched Version: 3.0.11
Recommended Action: Update to version 3.0.11, or a newer patched version
Plugin: Popup Box – Best WordPress Popup Plugin
Vulnerability: Missing Authorization to Information Exposure
Patched Version: 4.3.7
Recommended Action: Update to version 4.3.7, or a newer patched version
Plugin: CM Tooltip Glossary
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.