Plugin: rtMedia for WordPress, BuddyPress and bbPress
Vulnerability: Missing Authorization via export_settings
Patched Version: 4.6.15
Recommended Action: Update to version 4.6.15, or a newer patched version
Plugin: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
Vulnerability: Insecure Direct Object Reference
Patched Version: 5.0.9
Recommended Action: Update to version 5.0.9, or a newer patched version
Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
Vulnerability: Cross-Site Request Forgery
Patched Version: 3.8.4
Recommended Action: Update to version 3.8.4, or a newer patched version
Plugin: Simple Download Counter
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.6.1
Recommended Action: Update to version 1.6.1, or a newer patched version
Plugin: Staff / Employee Business Directory for Active Directory
Vulnerability: Insufficient Escaping of Stored LDAP Values
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version
Plugin: User Submitted Posts – Enable Users to Submit Posts from the Front End
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 20230902
Recommended Action: Update to version 20230902, or a newer patched version
Plugin: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 1.15.20
Recommended Action: Update to version 1.15.20, or a newer patched version
Plugin: Duplicate Post Page Menu & Custom Post Type
Vulnerability: Missing Authorization to Post Duplication
Patched Version: 2.4.0
Recommended Action: Update to version 2.4.0, or a newer patched version
Plugin: EWWW Image Optimizer
Vulnerability: Sensitive Information Exposure
Patched Version: 7.2.1
Recommended Action: Update to version 7.2.1, or a newer patched version
Plugin: WP Crowdfunding
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.1.6
Recommended Action: Update to version 2.1.6, or a newer patched version
Plugin: Easy Form by AYS
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.3.9
Recommended Action: Update to version 1.3.9, or a newer patched version
Plugin: My Account Page Editor
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: 1.3.2
Recommended Action: Update to version 1.3.2, or a newer patched version