Plugin: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget
Patched Version: 5.10.2
Recommended Action: Update to version 5.10.2, or a newer patched version
Plugin: Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 1.1.17
Recommended Action: Update to version 1.1.17, or a newer patched version
Plugin: SIP Reviews Shortcode for WooCommerce
Vulnerability: Authenticated (Contributor+) Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy SVG Upload
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Get Quote For Woocommerce – Request A Quote For Woocommerce
Vulnerability: Missing Authorization to Unauthenticated Quote PDF and CSV Download
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ReCaptcha Integration for WordPress
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.2.6
Recommended Action: Update to version 1.2.6, or a newer patched version
Plugin: Multiple Page Generator Plugin – MPG
Vulnerability: Missing Authorization
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version
Plugin: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
Patched Version: 5.10.2
Recommended Action: Update to version 5.10.2, or a newer patched version
Plugin: Shortcodes Blocks Creator Ultimate
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.2.0
Recommended Action: Update to version 2.2.0, or a newer patched version
Plugin: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 3.0.5
Recommended Action: Update to version 3.0.5, or a newer patched version
Plugin: BBP Core – Expand bbPress powered forums with useful features
Vulnerability: Reflected Cross-Site Scripting via add_query_arg Parameter
Patched Version: 1.2.6
Recommended Action: Update to version 1.2.6, or a newer patched version
Plugin: Woo Manage Fraud Orders
Vulnerability: Unauthenticated Information Exposure via Log Files
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SIP Reviews Shortcode for WooCommerce
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Group Chat & Video Chat by AtomChat
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode
Patched Version: 1.1.6
Recommended Action: Update to version 1.1.6, or a newer patched version
Plugin: AI Power: Complete AI Pack
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 1.8.90
Recommended Action: Update to version 1.8.90, or a newer patched version
Plugin: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget
Patched Version: 3.3.2
Recommended Action: Update to version 3.3.2, or a newer patched version
Plugin: WP Simple Anchors Links
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WPGlobus Translate Options
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Vulnerability: Insecure Direct Object Reference to Submission Manipulation
Patched Version: 1.36.1
Recommended Action: Update to version 1.36.1, or a newer patched version