Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)
Vulnerability: Authentication Bypass
Patched Version: 7.6.5
Recommended Action: Update to version 7.6.5, or a newer patched version
Plugin: WP Post Author – The Ideal Author Box for WordPress Posts, Co-Authors and Guest Authors with Author Login and Registration Form Builder
Vulnerability: Privilege Escalation
Patched Version: 3.3.0
Recommended Action: Update to version 3.3.0, or a newer patched version
Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vulnerability: Privilege Escalation via Arbitrary User Meta Updates
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SP Project & Document Manager
Vulnerability: Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Short URL
Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 1.6.5
Recommended Action: Update to version 1.6.5, or a newer patched version
Plugin: Short URL
Vulnerability: Authenticated(Admin+) Stored Cross-Site Scripting
Patched Version: 1.6.5
Recommended Action: Update to version 1.6.5, or a newer patched version
Plugin: Active Directory Integration / LDAP Integration
Vulnerability: Unauthenticated LDAP Injection
Patched Version: 4.1.6
Recommended Action: Update to version 4.1.6, or a newer patched version
Plugin: Web3 – Crypto wallet Login & NFT token gating
Vulnerability: Authentication Bypass
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.