Plugin: WP Hotel Booking Vulnerability: Missing Authorization to (Subscriber+) Arbitrary Post DeletionPatched Version: 2.0.8Recommended Action: Update to version 2.0.8, or a newer patched version Plugin: Appointment Calendar Vulnerability: Cross-Site Request ForgeryPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It […]
Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and
Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and
Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and
Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored
Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored
Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored
Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored
Plugin: Geo Controller Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 8.5.3Recommended Action: Update to version 8.5.3, or a newer patched version Plugin: Booster for WooCommerce Vulnerability: Authenticated (Subscriber+) Information Disclosure via ShortcodePatched Version: 7.1.2Recommended Action: Update to version 7.1.2, or a newer patched version Plugin: Customer Reviews for WooCommerce Vulnerability: Missing AuthorizationPatched Version: 5.36.1Recommended Action:
Plugin: Font Awesome More Icons Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: bbp style pack Vulnerability: Authenticated
