Plugin: ElementsKit Pro
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.6.6
Recommended Action: Update to version 3.6.6, or a newer patched version
Plugin: WP MultiTasking – WP Utilities
Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Newsletters
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 4.9.9.1
Recommended Action: Update to version 4.9.9.1, or a newer patched version
Plugin: Insert PHP Code Snippet
Vulnerability: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version
Plugin: TrueBooker – Appointment Booking and Scheduler Plugin.
Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP MultiTasking – WP Utilities
Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP MultiTasking – WP Utilities
Vulnerability: Cross-Site Request Forgery to Exit Popup Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Opti Marketing
Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Zephyr Project Manager
Vulnerability: Authenticated (Subscriber+) Limited Privilege Escalation
Patched Version: 3.3.102
Recommended Action: Update to version 3.3.102, or a newer patched version
Plugin: WP MultiTasking – WP Utilities
Vulnerability: Cross-Site Request Forgery to SMTP Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: TrueBooker – Appointment Booking and Scheduler Plugin.
Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: MStore API – Create Native Android & iOS Apps On The Cloud
Vulnerability: Authentication Bypass to Account Takeover
Patched Version: 4.15.3
Recommended Action: Update to version 4.15.3, or a newer patched version
Plugin: ElementsKit Pro
Vulnerability: Authenticated (Contributor+) Sensitive Information Exposure
Patched Version: 3.6.7
Recommended Action: Update to version 3.6.7, or a newer patched version
Plugin: WP MultiTasking – WP Utilities
Vulnerability: Cross-Site Request Forgery to Welcome Popup Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.