Blog

Watch Out Wednesday – April 17, 2024

Plugin: Language Translate Widget for WordPress – ConveyThis Vulnerability: Unauthenticated Stored Cross-Site Scripting via api_keyPatched Version: 224Recommended Action: Update to version 224, or a newer patched version Plugin: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider ShortcodePatched Version: 3.70.1Recommended Action: Update to version 3.70.1, or

Watch Out Wednesday – April 17, 2024 Read More »

Watch Out Wednesday – April 10, 2024

Plugin: BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin Vulnerability: Authenticated (Admin+) Arbitrary File UploadPatched Version: 1.0.88Recommended Action: Update to version 1.0.88, or a newer patched version Plugin: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Vulnerability: Sensitive Information ExposurePatched Version: 3.2.10Recommended Action: Update to version

Watch Out Wednesday – April 10, 2024 Read More »

Watch Out Wednesday – March 6, 2024

Plugin: Ultimate Bootstrap Elements for Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Image WidgetPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Exclusive Addons for

Watch Out Wednesday – March 6, 2024 Read More »

Watch Out Wednesday – February 28, 2024

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Vulnerability: 2.8.2Patched Version: 2.8.3Recommended Action: Update to version 2.8.3, or a newer patched version Plugin: Orbit Fox by ThemeIsle Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 2.10.32Recommended Action: Update to version 2.10.32, or a newer patched version Plugin: Categorify –

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 28, 2024

Plugin: Maintenance Page Vulnerability: Missing Authorization to Sensitive Information ExposurePatched Version: 1.0.9Recommended Action: Update to version 1.0.9, or a newer patched version Plugin: Elementor Addon Elements Vulnerability: Directory Traversal to Local File InclusionPatched Version: 1.13Recommended Action: Update to version 1.13, or a newer patched version Plugin: Colibri Page Builder Vulnerability: Cross-Site Request Fogery via extend_builderPatched

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 21, 2024

Plugin: Premium Addons for Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 4.10.19Recommended Action: Update to version 4.10.19, or a newer patched version Plugin: Sydney Toolbox Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 1.26Recommended Action: Update to version 1.26, or a newer patched version Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos,

Watch Out Wednesday – February 21, 2024 Read More »