2023

Plugin: Advance Menu Manager Vulnerability: Missing AuthorizationPatched Version: 3.0.7Recommended Action: Update to version 3.0.7, or a newer patched version Plugin: Telephone Number Linker Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It […]

Plugin: Advance Menu Manager Vulnerability: Missing AuthorizationPatched Version: 3.0.7Recommended Action: Update to version 3.0.7, or a newer patched version Plugin: Telephone Number Linker Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It

Plugin: Advance Menu Manager Vulnerability: Missing AuthorizationPatched Version: 3.0.7Recommended Action: Update to version 3.0.7, or a newer patched version Plugin: Icons Font Loader Vulnerability: Authenticated (Administrator+) Arbitrary File UploadPatched Version: 1.1.3Recommended Action: Update to version 1.1.3, or a newer patched version Plugin: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor

Plugin: Advance Menu Manager Vulnerability: Missing AuthorizationPatched Version: 3.0.7Recommended Action: Update to version 3.0.7, or a newer patched version Plugin: Icons Font Loader Vulnerability: Authenticated (Administrator+) Arbitrary File UploadPatched Version: 1.1.3Recommended Action: Update to version 1.1.3, or a newer patched version Plugin: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor

Plugin: VK Filter Search Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: 2.3.2Recommended Action: Update to version 2.3.2, or a newer patched version Plugin: Image vertical reel scroll slideshow Vulnerability: Authenticated (Subscriber+) SQL Injection via ShortcodePatched Version: 9.1Recommended Action: Update to version 9.1, or a newer patched version Plugin: Jquery accordion slideshow Vulnerability: Authenticated

Plugin: WP Hotel Booking Vulnerability: Missing Authorization to (Subscriber+) Arbitrary Post DeletionPatched Version: 2.0.8Recommended Action: Update to version 2.0.8, or a newer patched version Plugin: Appointment Calendar Vulnerability: Cross-Site Request ForgeryPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It

Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and

Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and

Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and

Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored