2024

Watch Out Wednesday – June 19, 2024

Plugin: Popup Builder – Create highly converting, mobile friendly marketing popups. Vulnerability: Missing Authorization in Multiple AJAX ActionsPatched Version: 4.3.2Recommended Action: Update to version 4.3.2, or a newer patched version Plugin: FooEvents for WooCommerce Vulnerability: Improper Authorization to (Contributor+) Arbitrary File UploadPatched Version: 1.19.21Recommended Action: Update to version 1.19.21, or a newer patched version Plugin: […]

Watch Out Wednesday – June 19, 2024 Read More »

Watch Out Wednesday – June 5, 2024

Plugin: Page Builder Gutenberg Blocks – CoBlocks Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Social ProfilesPatched Version: 3.1.10Recommended Action: Update to version 3.1.10, or a newer patched version Plugin: Responsive Owl Carousel for Elementor Vulnerability: Local File InclusionPatched Version: 1.2.1Recommended Action: Update to version 1.2.1, or a newer patched version Plugin: Simple Like Page Plugin

Watch Out Wednesday – June 5, 2024 Read More »

Watch Out Wednesday – May 15, 2024

Plugin: Breakdance Vulnerability: Authenticated (Contributor+) Remote Code ExecutionPatched Version: 1.7.2Recommended Action: Update to version 1.7.2, or a newer patched version Plugin: White Label CMS Vulnerability: Missing Authorization to Plugin Settings ResetPatched Version: 2.7.4Recommended Action: Update to version 2.7.4, or a newer patched version Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits &

Watch Out Wednesday – May 15, 2024 Read More »

Watch Out Wednesday – May 8, 2024

Plugin: 3D FlipBook – PDF Flipbook WordPress Vulnerability: Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URLPatched Version: 1.15.5Recommended Action: Update to version 1.15.5, or a newer patched version Plugin: HT Mega – Absolute Addons For Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery JustifyPatched Version: 2.5.1Recommended Action: Update to version 2.5.1, or a newer

Watch Out Wednesday – May 8, 2024 Read More »

Watch Out Wednesday – May 8, 2024

Plugin: 3D FlipBook – PDF Flipbook WordPress Vulnerability: Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URLPatched Version: 1.15.5Recommended Action: Update to version 1.15.5, or a newer patched version Plugin: ConvertPlug Vulnerability: Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdatePatched Version: 3.5.26Recommended Action: Update to version 3.5.26, or a newer patched version Plugin: Elementor Website

Watch Out Wednesday – May 8, 2024 Read More »

Watch Out Wednesday – May 1, 2024

Plugin: Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Vulnerability: GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21Patched Version: 2.7.7.22Recommended Action: Update to version 2.7.7.22, or a newer patched version Plugin: PDF Invoices & Packing Slips for WooCommerce Vulnerability: Unauthenticated Server-Side Request ForgeryPatched Version: 3.8.1Recommended Action: Update to version 3.8.1, or a

Watch Out Wednesday – May 1, 2024 Read More »