Plugin: Contact Form 7 – Repeatable Fields
Vulnerability: Repeatable Fields <= 2.0.1
Patched Version: 2.0.2
Recommended Action: Update to version 2.0.2, or a newer patched version
Plugin: WP Recipe Maker
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘tooltip’
Patched Version: 9.7.0
Recommended Action: Update to version 9.7.0, or a newer patched version
Plugin: Extra Product Options Builder for WooCommerce
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 1.2.134
Recommended Action: Update to version 1.2.134, or a newer patched version
Plugin: EventPrime – Events Calendar, Bookings and Tickets
Vulnerability: Unauthenticated Stored Cross-Site Scripting via Transaction Log
Patched Version: 4.0.4.8
Recommended Action: Update to version 4.0.4.8, or a newer patched version
Plugin: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Vulnerability: Missing Authorization to Forged Vendor Profile Deletion Email Sending
Patched Version: 4.2.5
Recommended Action: Update to version 4.2.5, or a newer patched version
Plugin: Elementor Header & Footer Builder
Vulnerability: Authenticated (Contributor+) Information Disclosure via Shortcode
Patched Version: 1.6.44
Recommended Action: Update to version 1.6.44, or a newer patched version
Plugin: WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 4.0.1.7
Recommended Action: Update to version 4.0.1.7, or a newer patched version
Plugin: Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.3.42
Recommended Action: Update to version 2.3.42, or a newer patched version
Plugin: HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Vulnerability: Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication
Patched Version: 2.11.0
Recommended Action: Update to version 2.11.0, or a newer patched version
Plugin: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Vulnerability: Cross-Site Request Forgery to Vendor Updates
Patched Version: 4.2.5
Recommended Action: Update to version 4.2.5, or a newer patched version
Plugin: Compact WP Audio Player
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode
Patched Version: 1.9.14
Recommended Action: Update to version 1.9.14, or a newer patched version
Plugin: EventPrime – Events Calendar, Bookings and Tickets
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 4.0.4.8
Recommended Action: Update to version 4.0.4.8, or a newer patched version
Plugin: Terms descriptions
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.4.7
Recommended Action: Update to version 3.4.7, or a newer patched version