January 2024

Watch Out Wednesday – January 17, 2024

Plugin: Display custom fields in the frontend – Post and User Profile Fields Vulnerability: Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta DisclosurePatched Version: 1.3.0Recommended Action: Update to version 1.3.0, or a newer patched version Plugin: Order Export & Order Import for WooCommerce Vulnerability: Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_filePatched Version: 2.4.4Recommended […]

Watch Out Wednesday – January 17, 2024 Read More »

Watch Out Wednesday – January 17, 2024

Plugin: Woocommerce Vietnam Checkout Vulnerability: Authenticated (Admin+) Stored Cross-Site ScriptingPatched Version: 2.0.8Recommended Action: Update to version 2.0.8, or a newer patched version Plugin: Newsletter – Send awesome emails from WordPress Vulnerability: Cross-Site Request ForgeryPatched Version: 8.0.7Recommended Action: Update to version 8.0.7, or a newer patched version Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels,

Watch Out Wednesday – January 17, 2024 Read More »

Watch Out Wednesday – January 3, 2024

Plugin: Complianz – GDPR/CCPA Cookie Consent Vulnerability: Authenticated(Administrator+) Stored Cross-site Scripting via settingsPatched Version: 6.5.6Recommended Action: Update to version 6.5.6, or a newer patched version Plugin: WooCommerce Easy Duplicate Product Vulnerability: Missing Authorization via wedp_duplicate_product_actionPatched Version: 0.3.0.8Recommended Action: Update to version 0.3.0.8, or a newer patched version Plugin: WooCommerce Warranty Requests Vulnerability: Missing AuthorizationPatched Version:

Watch Out Wednesday – January 3, 2024 Read More »