Watch Out Wednesday – August 14, 2024

Plugin: Organization chart

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters
Patched Version: 1.5.1
Recommended Action: Update to version 1.5.1, or a newer patched version

Plugin: Fuse Social Floating Sidebar

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via File Upload
Patched Version: 5.4.11
Recommended Action: Update to version 5.4.11, or a newer patched version

Plugin: Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Vulnerability: 1.1.7
Patched Version: 1.1.8
Recommended Action: Update to version 1.1.8, or a newer patched version

Plugin: LearnPress – WordPress LMS Plugin

Vulnerability: Authenticated (Contributor+) SQL Injection via order Parameter
Patched Version: 4.2.6.9.4
Recommended Action: Update to version 4.2.6.9.4, or a newer patched version

Plugin: Slider by 10Web – Responsive Image Slider

Vulnerability: Authenticated (Contributor+) SQL Injection via id Parameter
Patched Version: 1.2.58
Recommended Action: Update to version 1.2.58, or a newer patched version

Plugin: Brizy – Page Builder

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.5.2
Recommended Action: Update to version 2.5.2, or a newer patched version

Plugin: Lightbox & Modal Popup WordPress Plugin – FooBox

Vulnerability: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
Patched Version: 2.7.32
Recommended Action: Update to version 2.7.32, or a newer patched version

Plugin: Premium Addons for Elementor

Vulnerability: Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
Patched Version: 4.10.39
Recommended Action: Update to version 4.10.39, or a newer patched version

Plugin: Booking for Appointments and Events Calendar – Amelia

Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version

Plugin: Falang multilanguage for WordPress

Vulnerability: Missing Authorization to Translation Update and Information Exposure
Patched Version: 1.3.53
Recommended Action: Update to version 1.3.53, or a newer patched version

Plugin: MainWP Child Reports

Vulnerability: Cross-Site Request Forgery to Arbitrary Options Update
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version