Plugin: E2Pdf – Export To Pdf Tool for WordPress
Vulnerability: Authenticated (Administrator+) Arbitrary File Upload
Patched Version: 1.20.26
Recommended Action: Update to version 1.20.26, or a newer patched version
Plugin: MW WP Form
Vulnerability: Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion
Patched Version: 5.0.4
Recommended Action: Update to version 5.0.4, or a newer patched version
Plugin: WP Shortcodes Plugin — Shortcodes Ultimate
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 7.0.1
Recommended Action: Update to version 7.0.1, or a newer patched version
Plugin: Slick Social Share Buttons
Vulnerability: Authenticated (Subscriber+) Arbitrary Option Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Essential Real Estate
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: 4.4.0
Recommended Action: Update to version 4.4.0, or a newer patched version
Plugin: Post Grid Combo – 36+ Gutenberg Blocks
Vulnerability: Authenticated (Contributor+) Cross-Site Scripting
Patched Version: 2.2.65
Recommended Action: Update to version 2.2.65, or a newer patched version
Plugin: AMP for WP – Accelerated Mobile Pages
Vulnerability: Authenticated (Contributor+) Cross-Site Scripting via Shortcode
Patched Version: 1.0.92.1
Recommended Action: Update to version 1.0.92.1, or a newer patched version
Plugin: Enable Media Replace
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version
Plugin: GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
Vulnerability: Missing Authorization to Unauthenticated Plugin Settings Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Featured Image from URL (FIFU)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text
Patched Version: 4.5.4
Recommended Action: Update to version 4.5.4, or a newer patched version
Plugin: SpeedyCache – Cache, Optimization, Performance
Vulnerability: Missing Authorization to Plugin Options Update
Patched Version: 1.1.4
Recommended Action: Update to version 1.1.4, or a newer patched version