Plugin: Community by PeepSo – Download from PeepSo.com Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Announcement & Notification Banner – Bulletin […]
Plugin: SimpleForm – Contact form made simple Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: WP AdCenter – Ad Manager & Adsense
Plugin: Envo Extra Vulnerability: Authenticated (Contributor+) Post DisclosurePatched Version: 1.9.4Recommended Action: Update to version 1.9.4, or a newer patched version Plugin: Algori PDF Viewer Vulnerability: Authenticated (Author+) Stored Cross-Site ScriptingPatched Version: 1.0.8Recommended Action: Update to version 1.0.8, or a newer patched version Plugin: SysBasics Customize My Account for WooCommerce Vulnerability: Reflected Cross-Site Scripting via tab
Plugin: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated
Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated
Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated
Plugin: Contact Form 7 – Repeatable Fields Vulnerability: Repeatable Fields <= 2.0.1Patched Version: 2.0.2Recommended Action: Update to version 2.0.2, or a newer patched version Plugin: WP Recipe Maker Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘tooltip’Patched Version: 9.7.0Recommended Action: Update to version 9.7.0, or a newer patched version Plugin: Extra Product Options Builder for
Plugin: Transients Manager Vulnerability: Cross-Site Request ForgeryPatched Version: 2.0.7Recommended Action: Update to version 2.0.7, or a newer patched version Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended
Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended Action: Update to version 1.0.4, or a newer patched version Plugin: Product Customizer Light Vulnerability: Authenticated (Author+) Stored Cross-Site
