Plugin: Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer
Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Wheel of Life: Coaching and Assessment Tool for Life Coach
Vulnerability: Missing Authorization on Several AJAX Endpoints
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Lifeline Donation
Vulnerability: Authentication Bypass
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Media Library Assistant
Vulnerability: Authenticated (Contributor+) SQL Injection via order Parameter
Patched Version: 3.17
Recommended Action: Update to version 3.17, or a newer patched version
Plugin: JetWidgets For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters
Patched Version: 1.0.18
Recommended Action: Update to version 1.0.18, or a newer patched version
Plugin: WP Hotel Booking
Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Export WP Page to Static HTML/CSS
Vulnerability: Open Redirect
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 3.5.5
Recommended Action: Update to version 3.5.5, or a newer patched version
Plugin: Custom Field Suite
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Custom Field Suite
Vulnerability: Authenticated (Contributor+) SQL Injection via Term Custom Field
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SEOPress – On-site SEO
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Vulnerability: Authenticated (Contributor+) Arbitrary Nonce Generation
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version
Plugin: Custom Field Suite
Vulnerability: Authenticated (Contributor+) PHP Code Injection via Loop Custom Field
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Shariff Wrapper
Vulnerability: Unauthenticated Local File Inclusion
Patched Version: 4.6.14
Recommended Action: Update to version 4.6.14, or a newer patched version
Plugin: WPZOOM Addons for Elementor (Templates, Widgets)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
Patched Version: 1.1.39
Recommended Action: Update to version 1.1.39, or a newer patched version