Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Injection Guard
Vulnerability: Cross-Site Request Forgery to Whitelist Update
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version
Plugin: SEO by 10Web
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.2.7
Recommended Action: Update to version 1.2.7, or a newer patched version
Plugin: Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.8.2
Recommended Action: Update to version 2.8.2, or a newer patched version
Plugin: Simple Calendar – Google Calendar Plugin
Vulnerability: Cross-Site Request Forgery to Transient Cache Clearing
Patched Version: 3.1.43
Recommended Action: Update to version 3.1.43, or a newer patched version
Plugin: Link Whisper Free
Vulnerability: Missing Authorization via init()
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Get your number
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Active Directory Integration / LDAP Integration
Vulnerability: Authenticated (Administrator+) SQL Injection
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version
Plugin: Order Your Posts Manually
Vulnerability: Authenticated (Administrator+) SQL Injection via ‘sortdata’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Brands for WooCommerce
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.8.2
Recommended Action: Update to version 3.8.2, or a newer patched version
Plugin: Active Directory Integration / LDAP Integration
Vulnerability: Cross-Site Request Forgery to SQL Injection
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Woo Custom Emails
Vulnerability: Missing Authorization to Unauthenticated Settings Change
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: GiveWP – Donation Plugin and Fundraising Platform
Vulnerability: Authenticated (Admin+) PHP Object Injection
Patched Version: 2.26.0
Recommended Action: Update to version 2.26.0, or a newer patched version
Plugin: Pricing Table Builder – AP Pricing Tables Lite
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Order Your Posts Manually
Vulnerability: Reflected Cross-Site Scripting via ‘_user_request’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: WP Replicate Post
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: 4.1
Recommended Action: Update to version 4.1, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Download Manager
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.2.71
Recommended Action: Update to version 3.2.71, or a newer patched version
Plugin: Injection Guard
Vulnerability: Missing Authorization to Whitelist Update
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version
Plugin: Elementor Website Builder
Vulnerability: Missing Authorization to Settings Update
Patched Version: 3.13.2
Recommended Action: Update to version 3.13.2, or a newer patched version
Plugin: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
Vulnerability: Reflected Cross-Site Scripting via ‘lang’
Patched Version: 3.1.61
Recommended Action: Update to version 3.1.61, or a newer patched version
Plugin: Announcement & Notification Banner – Bulletin
Vulnerability: Cross-Site Request Forgery
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version
Plugin: WPCS – WordPress Currency Switcher Professional
Vulnerability: Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version
Plugin: WPCS – WordPress Currency Switcher Professional
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Announcement & Notification Banner – Bulletin
Vulnerability: Missing Authorization Checks
Patched Version: 3.7.0
Recommended Action: Update to version 3.7.0, or a newer patched version
Plugin: WPCS – WordPress Currency Switcher Professional
Vulnerability: Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version
Plugin: Order Your Posts Manually
Vulnerability: Reflected Cross-Site Scripting via ‘cat_id’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: 10Web Social Post Feed
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.2.9
Recommended Action: Update to version 1.2.9, or a newer patched version
Plugin: WPCS – WordPress Currency Switcher Professional
Vulnerability: Missing Authorization to Custom Drop-Down Currency Switcher Creation
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version
Plugin: Custom Base Terms
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via ‘base’
Patched Version: 1.0.3
Recommended Action: Update to version 1.0.3, or a newer patched version
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Essential Addons for Elementor
Vulnerability: Unauthenticated Arbitrary Password Reset to Privilege Escalation
Patched Version: 5.7.2
Recommended Action: Update to version 5.7.2, or a newer patched version
Plugin: Whydonate – FREE Donate button – Crowdfunding – Fundraising
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Google Site Verification plugin using Meta Tag
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: GDPR/CCPA Cookie Consent <= 6.4.4
Patched Version: 6.4.5
Recommended Action: Update to version 6.4.5, or a newer patched version
Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.