Plugin: Font Awesome More Icons
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: bbp style pack
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 5.6.8
Recommended Action: Update to version 5.6.8, or a newer patched version
Plugin: OpenHook
Vulnerability: Authenticated (Subscriber+) Remote Code Execution via Shortcode
Patched Version: 4.3.1
Recommended Action: Update to version 4.3.1, or a newer patched version
Plugin: Block Plugin Update
Vulnerability: Cross-Site Request Forgery via bspu_plugin_select.php
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Schema App Structured Data
Vulnerability: Missing Authorization via page_init
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Custom Admin Interface
Vulnerability: Missing Authorization to Transients Deletion
Patched Version: 7.33
Recommended Action: Update to version 7.33, or a newer patched version
Plugin: Woocommerce ESTO
Vulnerability: Cross-Site Request Forgery via saveSetting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Comments by Startbit
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: BuddyMeet
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version
Plugin: TM WooCommerce Compare & Wishlist
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Font Awesome Integration
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Custom Admin Interface
Vulnerability: Cross-Site Request Forgery to Transients Deletion
Patched Version: 7.33
Recommended Action: Update to version 7.33, or a newer patched version
Plugin: Mediavine Control Panel
Vulnerability: Cross-Site Request Forgery via render_settings_page
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Magic Action Box
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Advanced Custom Fields: Extended
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 0.8.9.4
Recommended Action: Update to version 0.8.9.4, or a newer patched version
Plugin: Mang Board WP
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Modern Events Calendar Lite
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 7.1.0
Recommended Action: Update to version 7.1.0, or a newer patched version