Watch Out Wednesday – August 21, 2024

Plugin: ElementsKit Pro

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.6.6
Recommended Action: Update to version 3.6.6, or a newer patched version

Plugin: WP MultiTasking – WP Utilities

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Newsletters

Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 4.9.9.1
Recommended Action: Update to version 4.9.9.1, or a newer patched version

Plugin: Insert PHP Code Snippet

Vulnerability: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version

Plugin: TrueBooker – Appointment Booking and Scheduler Plugin.

Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP MultiTasking – WP Utilities

Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP MultiTasking – WP Utilities

Vulnerability: Cross-Site Request Forgery to Exit Popup Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Opti Marketing

Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Zephyr Project Manager

Vulnerability: Authenticated (Subscriber+) Limited Privilege Escalation
Patched Version: 3.3.102
Recommended Action: Update to version 3.3.102, or a newer patched version

Plugin: WP MultiTasking – WP Utilities

Vulnerability: Cross-Site Request Forgery to SMTP Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: TrueBooker – Appointment Booking and Scheduler Plugin.

Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Authentication Bypass to Account Takeover
Patched Version: 4.15.3
Recommended Action: Update to version 4.15.3, or a newer patched version

Plugin: ElementsKit Pro

Vulnerability: Authenticated (Contributor+) Sensitive Information Exposure
Patched Version: 3.6.7
Recommended Action: Update to version 3.6.7, or a newer patched version

Plugin: WP MultiTasking – WP Utilities

Vulnerability: Cross-Site Request Forgery to Welcome Popup Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.