Plugin: Theme My Login 2fa
Vulnerability: 2FA Bypass via Brute Force
Patched Version: 1.2
Recommended Action: Update to version 1.2, or a newer patched version
Plugin: Video PopUp
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.4
Recommended Action: Update to version 2.2.4, or a newer patched version
Plugin: Parcel Pro
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.6.12
Recommended Action: Update to version 1.6.12, or a newer patched version
Plugin: Chatbot for WordPress ⚡️
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 2.4.0
Recommended Action: Update to version 2.4.0, or a newer patched version
Plugin: BackWPup – WordPress Backup Plugin
Vulnerability: Authenticated (Administrator+) Directory Traversal
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version
Plugin: WCFM Marketplace – Best Multivendor Marketplace for WooCommerce
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.6.3
Recommended Action: Update to version 3.6.3, or a newer patched version