Plugin: VK Filter Search
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.3.2
Recommended Action: Update to version 2.3.2, or a newer patched version
Plugin: Image vertical reel scroll slideshow
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.1
Recommended Action: Update to version 9.1, or a newer patched version
Plugin: Jquery accordion slideshow
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 8.2
Recommended Action: Update to version 8.2, or a newer patched version
Plugin: Image horizontal reel scroll slideshow
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 13.3
Recommended Action: Update to version 13.3, or a newer patched version
Plugin: Admin and Site Enhancements (ASE)
Vulnerability: Password Protection Mode Security Feature Bypass
Patched Version: 5.8.0
Recommended Action: Update to version 5.8.0, or a newer patched version
Plugin: Up down image slideshow gallery
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version
Plugin: Custom Header Images
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Simple Galleries
Vulnerability: Authenticated (Contributor+) PHP Object Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: HTML filter and csv-file search
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.8
Recommended Action: Update to version 2.8, or a newer patched version
Plugin: kk Star Ratings
Vulnerability: Missing Authorization
Patched Version: 5.4.6
Recommended Action: Update to version 5.4.6, or a newer patched version
Plugin: WP Customer Reviews
Vulnerability: Authenticated (Subscriber+) Sensitive Information Exposure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Google Maps made Simple
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress Simple HTML Sitemap
Vulnerability: Reflected Cross-Site Scripting via id
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SAHU TikTok Pixel for E-Commerce
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bonus for Woo
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 5.8.3
Recommended Action: Update to version 5.8.3, or a newer patched version
Plugin: GiveWP – Donation Plugin and Fundraising Platform
Vulnerability: Cross-Site Request Forgery to Stripe Integration Deletion
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version
Plugin: Autolinks Manager
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)
Vulnerability: Unauthenticated Remote Code Execution via Local File Inclusion
Patched Version: 3.4.2
Recommended Action: Update to version 3.4.2, or a newer patched version
Plugin: Auto Excerpt everywhere
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Animated Counters
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.8
Recommended Action: Update to version 1.8, or a newer patched version
Plugin: EasyRecipe
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Superb slideshow gallery
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 13.2
Recommended Action: Update to version 13.2, or a newer patched version
Plugin: Jquery news ticker
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 3.1
Recommended Action: Update to version 3.1, or a newer patched version
Plugin: PubyDoc – Data Tables and Charts
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: FareHarbor for WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.6.8
Recommended Action: Update to version 3.6.8, or a newer patched version
Plugin: Shortcode Menu
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Medialist
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Patched Version: 1.4.0
Recommended Action: Update to version 1.4.0, or a newer patched version
Plugin: Remove Add to Cart WooCommerce
Vulnerability: Cross-Site Request Forgery to Settings Modification
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bellows Accordion Menu
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.4.3
Recommended Action: Update to version 1.4.3, or a newer patched version
Plugin: Wp photo text slider 50
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 8.1
Recommended Action: Update to version 8.1, or a newer patched version
Plugin: Wp anything slider
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.2
Recommended Action: Update to version 9.2, or a newer patched version
Plugin: Slick Popup: Contact Form 7 Popup Plugin
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.7.15
Recommended Action: Update to version 1.7.15, or a newer patched version
Plugin: Ads by datafeedr.com
Vulnerability: Unauthenticated (Limited) Remote Code Execution
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CloudNet360
Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Word Count
Vulnerability: Missing Authorization via calculate_statistics
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Post Popup
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: All-In-One Security (AIOS) – Security and Firewall
Vulnerability: Protection Bypass of Renamed Login Page via URL Encoding
Patched Version: 5.2.5
Recommended Action: Update to version 5.2.5, or a newer patched version
Plugin: Information Reel
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 10.1
Recommended Action: Update to version 10.1, or a newer patched version
Plugin: User Avatar
Vulnerability: Unauthenticated Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Left right image slideshow gallery
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version
Plugin: Article analytics
Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Generate Dummy Posts
Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Export WP Page to Static HTML/CSS
Vulnerability: Cross-Site Request Forgery via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: My Shortcodes
Vulnerability: Missing Authorization via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ni WooCommerce Sales Report
Vulnerability: Missing Authorization via ajax_sales_order
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: wp image slideshow
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version
Plugin: YITH WooCommerce Product Add-Ons
Vulnerability: Missing Authorization
Patched Version: 4.2.1
Recommended Action: Update to version 4.2.1, or a newer patched version
Plugin: iframe forms
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: PHP to Page
Vulnerability: Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Magic Embeds
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP EXtra
Vulnerability: Missing Authorization to Arbitrary Email Sending
Patched Version: 6.3
Recommended Action: Update to version 6.3, or a newer patched version
Plugin: Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
Vulnerability: Store Exporter <= 2.7.2
Patched Version: 2.7.2.1
Recommended Action: Update to version 2.7.2.1, or a newer patched version
Plugin: Parcel Pro
Vulnerability: Open Redirect via ‘redirect’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Seraphinite Accelerator
Vulnerability: Arbitrary Redirect via ‘redir’
Patched Version: 2.20.29
Recommended Action: Update to version 2.20.29, or a newer patched version
Plugin: Seraphinite Accelerator
Vulnerability: Reflected Cross-Site Scripting via ‘rt’
Patched Version: 2.20.29
Recommended Action: Update to version 2.20.29, or a newer patched version
Plugin: ImageLinks Interactive Image Builder for WordPress
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.6.0
Recommended Action: Update to version 1.6.0, or a newer patched version
Plugin: Simple Shortcodes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Grid Plus – Unlimited grid layout
Vulnerability: Authenticated (Subscriber+) Local File Inclusion via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin
Vulnerability: Missing Authorization via Multiple AJAX Actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.12.2
Recommended Action: Update to version 1.12.2, or a newer patched version
Plugin: Accordion
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.7
Recommended Action: Update to version 2.7, or a newer patched version
Plugin: WDSocialWidgets
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Related Products for WooCommerce
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Original texts Yandex WebMaster
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress Knowledge base & Documentation Plugin – WP Knowledgebase
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Live updates from Excel
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: idbbee
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP fade in text news
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 12.1
Recommended Action: Update to version 12.1, or a newer patched version
Plugin: FLOWFACT WP Connector
Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: GD Security Headers
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.7.1
Recommended Action: Update to version 1.7.1, or a newer patched version
Plugin: DeepL API translation plugin
Vulnerability: Cross-Site Request Forgery via wpdeepl_prune_logs
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Thumbnail carousel slider
Vulnerability: Cross-Site Request Forgery to Mass Slider Deletion
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version
Plugin: Buzzsprout Podcasting
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Weather Atlas Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Simple User Listing
Vulnerability: Reflected Cross-Site Scripting via as
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Popup with fancybox
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 3.6
Recommended Action: Update to version 3.6, or a newer patched version
Plugin: Booking calendar, Appointment Booking System
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 3.2.12
Recommended Action: Update to version 3.2.12, or a newer patched version
Plugin: WPPizza – A Restaurant Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.18.3
Recommended Action: Update to version 3.18.3, or a newer patched version
Plugin: Vertical marquee plugin
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 7.2
Recommended Action: Update to version 7.2, or a newer patched version
Plugin: Message ticker
Vulnerability: Authenticated (Subscriber+) SQL Injection via Shortcode
Patched Version: 9.3
Recommended Action: Update to version 9.3, or a newer patched version
Plugin: Seraphinite Accelerator
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.20.32
Recommended Action: Update to version 2.20.32, or a newer patched version
Plugin: Grid Plus – Unlimited grid layout
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Fathom Analytics for WP
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version
Plugin: WCP OpenWeather
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Post Meta Data Manager
Vulnerability: Missing Authorization to User, Term, and Post Meta Deletion
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version
Plugin: Current Menu Item for Custom Post Types
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.6
Recommended Action: Update to version 1.6, or a newer patched version
Plugin: Post Meta Data Manager
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version
Plugin: GiveWP – Donation Plugin and Fundraising Platform
Vulnerability: Cross-Site Request Forgery to plugin installation
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version
Plugin: Category SEO Meta Tags
Vulnerability: Cross-Site Request Forgery via csmt_admin_options
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: GiveWP – Donation Plugin and Fundraising Platform
Vulnerability: Cross-Site Request Forgery to plugin deactivation
Patched Version: 2.33.4
Recommended Action: Update to version 2.33.4, or a newer patched version
Plugin: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer
Vulnerability: Unauthenticated Arbitrary Option Deletion
Patched Version: 2.24.18
Recommended Action: Update to version 2.24.18, or a newer patched version
Plugin: Thumbnail Slider With Lightbox
Vulnerability: Cross-Site Request Forgery to Arbitrary File Upload
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version
Plugin: Alter
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pre-Orders for WooCommerce
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.14
Recommended Action: Update to version 1.2.14, or a newer patched version
Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data
Patched Version: 2.7.11.11
Recommended Action: Update to version 2.7.11.11, or a newer patched version
Plugin: HTML filter and csv-file search
Vulnerability: Authenticated (Contributor+) Local File Inclusion via Shortcode
Patched Version: 2.8
Recommended Action: Update to version 2.8, or a newer patched version
Plugin: Product Recommendation Quiz for eCommerce
Vulnerability: Missing Authorization in prq_set_token
Patched Version: 2.1.2
Recommended Action: Update to version 2.1.2, or a newer patched version
Plugin: Deeper Comments
Vulnerability: Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Mail logging – WP Mail Catcher
Vulnerability: WP Mail Catcher <= 2.1.3
Patched Version: 2.1.4
Recommended Action: Update to version 2.1.4, or a newer patched version
Plugin: Neon text
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2
Recommended Action: Update to version 1.2, or a newer patched version
Plugin: WP Glossary
Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Custom My Account for Woocommerce
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Auto Limit Posts Reloaded
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.