Plugin: Star CloudPRNT for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.0.4
Recommended Action: Update to version 2.0.4, or a newer patched version
Plugin: EasyRotator for WordPress – Slider Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Product Catalog Simple
Vulnerability: Cross-Site Request Forgery via ic_system_status
Patched Version: 1.7.6
Recommended Action: Update to version 1.7.6, or a newer patched version
Plugin: Sponsors
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Popup Box – Best WordPress Popup Plugin
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.8.7
Recommended Action: Update to version 3.8.7, or a newer patched version
Plugin: Ultimate Dashboard – Custom WordPress Dashboard
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Patched Version: 3.7.8
Recommended Action: Update to version 3.7.8, or a newer patched version
Plugin: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
Vulnerability: Multiple Cross-Site Request Forgery
Patched Version: 8.1.19
Recommended Action: Update to version 8.1.19, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Authenticated (Editor+) Directory Traversal
Patched Version: 22.6
Recommended Action: Update to version 22.6, or a newer patched version
Plugin: eCommerce Product Catalog Plugin for WordPress
Vulnerability: Cross-Site Request Forgery
Patched Version: 3.3.26
Recommended Action: Update to version 3.3.26, or a newer patched version
Plugin: Contact Form – Custom Builder, Payment Form, and More
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Advanced iFrame
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2023.9
Recommended Action: Update to version 2023.9, or a newer patched version
Plugin: Delete Duplicate Posts
Vulnerability: Missing Authorization via AJAX Actions
Patched Version: 4.9
Recommended Action: Update to version 4.9, or a newer patched version