Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: Authenticated(Administrator+) Stored Cross-site Scripting via settings
Patched Version: 6.5.6
Recommended Action: Update to version 6.5.6, or a newer patched version
Plugin: WooCommerce Easy Duplicate Product
Vulnerability: Missing Authorization via wedp_duplicate_product_action
Patched Version: 0.3.0.8
Recommended Action: Update to version 0.3.0.8, or a newer patched version
Plugin: WooCommerce Warranty Requests
Vulnerability: Missing Authorization
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version
Plugin: WP Mail Log
Vulnerability: Authenticated(Contributor+) Arbitrary File Upload
Patched Version: 1.1.3
Recommended Action: Update to version 1.1.3, or a newer patched version
Plugin: WP 2FA – Two-factor authentication for WordPress
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.6.0
Recommended Action: Update to version 2.6.0, or a newer patched version
Plugin: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Vulnerability: Missing Authorization
Patched Version: 7.0.18
Recommended Action: Update to version 7.0.18, or a newer patched version
Plugin: BERTHA AI. Your AI co-pilot for WordPress and Chrome
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 1.11.10.8
Recommended Action: Update to version 1.11.10.8, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Command Injection
Patched Version: 4.2.5.8
Recommended Action: Update to version 4.2.5.8, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Insecure Direct Object Reference to Information Disclosure
Patched Version: 4.2.5.8
Recommended Action: Update to version 4.2.5.8, or a newer patched version
Plugin: MapPress Maps for WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.88.14
Recommended Action: Update to version 2.88.14, or a newer patched version
Plugin: Rate my Post – WP Rating System
Vulnerability: IP Address Spoofing
Patched Version: 3.4.3
Recommended Action: Update to version 3.4.3, or a newer patched version
Plugin: Customer Reviews for WooCommerce
Vulnerability: Missing Authorization via CR_Manual
Patched Version: 5.38.2
Recommended Action: Update to version 5.38.2, or a newer patched version
Plugin: Piotnet Forms
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Vulnerability: Missing Authorization to Settings Modification
Patched Version: 6.5.3
Recommended Action: Update to version 6.5.3, or a newer patched version
Plugin: Simple Staff List
Vulnerability: Missing Authorization via ajax_flush_rewrite_rules and staff_member_export
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version
Plugin: WP-Members Membership Plugin
Vulnerability: Missing Authorization to Sensitive Information Exposure
Patched Version: 3.4.9
Recommended Action: Update to version 3.4.9, or a newer patched version
Plugin: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vulnerability: IP Spoofing
Patched Version: 5.2.5.1
Recommended Action: Update to version 5.2.5.1, or a newer patched version
Plugin: OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.
Vulnerability: Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting
Patched Version: 5.7.10
Recommended Action: Update to version 5.7.10, or a newer patched version
Plugin: MC4WP: Mailchimp for WordPress
Vulnerability: Missing Authorization via listen
Patched Version: 4.9.10
Recommended Action: Update to version 4.9.10, or a newer patched version
Plugin: 3D FlipBook – PDF Flipbook WordPress
Vulnerability: Authenticated (Contributor+) Cross-Site Scripting via Ready Function
Patched Version: 1.15.3
Recommended Action: Update to version 1.15.3, or a newer patched version
Plugin: Woocommerce Shipping Canada Post
Vulnerability: Missing Authorization
Patched Version: 2.8.4
Recommended Action: Update to version 2.8.4, or a newer patched version
Plugin: Branda – White Label WordPress, Custom Login Page Customizer
Vulnerability: IP Address Spoofing
Patched Version: 3.4.15
Recommended Action: Update to version 3.4.15, or a newer patched version
Plugin: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Vulnerability: Missing Authorization to Order Export
Patched Version: 4.3.1
Recommended Action: Update to version 4.3.1, or a newer patched version
Plugin: WooCommerce Ship to Multiple Addresses
Vulnerability: Missing Authorization
Patched Version: 3.8.10
Recommended Action: Update to version 3.8.10, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Unauthenticated SQL Injection via order_by
Patched Version: 4.2.5.8
Recommended Action: Update to version 4.2.5.8, or a newer patched version
Plugin: Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Vulnerability: Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url
Patched Version: 1.5.9
Recommended Action: Update to version 1.5.9, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.9.3
Recommended Action: Update to version 5.9.3, or a newer patched version
Plugin: FunnelKit Checkout
Vulnerability: Authenticated(Subscriber+) Missing Authorization to Arbitrary Plugin Activation
Patched Version: 3.11.0
Recommended Action: Update to version 3.11.0, or a newer patched version
Plugin: Verge3D Publishing and E-Commerce
Vulnerability: Authenticated(Subscriber+) Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ProfileGrid – User Profiles, Memberships, Groups and Communities
Vulnerability: Missing Authorization
Patched Version: 5.6.7
Recommended Action: Update to version 5.6.7, or a newer patched version
Plugin: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
Vulnerability: Reflected Cross-Site Scripting via msg
Patched Version: 2.8.7
Recommended Action: Update to version 2.8.7, or a newer patched version
Plugin: Frontend Admin by DynamiApps
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
Vulnerability: Unauthenticated Stored Cross-Site Scripting via device
Patched Version: 2.8.8
Recommended Action: Update to version 2.8.8, or a newer patched version
Plugin: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vulnerability: Form Submission Limit Bypass
Patched Version: 5.2.5.1
Recommended Action: Update to version 5.2.5.1, or a newer patched version
Plugin: WooCommerce Per Product Shipping
Vulnerability: Missing Authorization
Patched Version: 2.5.5
Recommended Action: Update to version 2.5.5, or a newer patched version
Plugin: BulkGate SMS Plugin for WooCommerce
Vulnerability: Missing Authorization via Multiple AJAX Actions
Patched Version: 3.0.3
Recommended Action: Update to version 3.0.3, or a newer patched version
Plugin: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Vulnerability: Cross-Site Request Forgery to Subscriber Deletion
Patched Version: 6.5.1
Recommended Action: Update to version 6.5.1, or a newer patched version
Plugin: FunnelKit Checkout
Vulnerability: Authenticated(Subscriber+) Missing Authorization to Settings Change
Patched Version: 3.11.0
Recommended Action: Update to version 3.11.0, or a newer patched version
Plugin: Booster Elite for WooCommerce
Vulnerability: Authenticated(Subscriber+) Content Injection
Patched Version: 7.1.3
Recommended Action: Update to version 7.1.3, or a newer patched version
Plugin: JVM Gutenberg Rich Text Icons
Vulnerability: Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion
Patched Version: 1.2.7
Recommended Action: Update to version 1.2.7, or a newer patched version
Plugin: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site
Vulnerability: Missing Authorization via save_settings
Patched Version: 1.3.4
Recommended Action: Update to version 1.3.4, or a newer patched version
Plugin: Doofinder WP & WooCommerce Search
Vulnerability: Missing Authorization via multiple AJAX actions
Patched Version: 2.1.1
Recommended Action: Update to version 2.1.1, or a newer patched version
Plugin: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Vulnerability: Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
Patched Version: 6.5.1
Recommended Action: Update to version 6.5.1, or a newer patched version
Plugin: Product Expiry for WooCommerce
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
Patched Version: 2.6
Recommended Action: Update to version 2.6, or a newer patched version
Plugin: WooCommerce Warranty Requests
Vulnerability: Missing Authorization
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version
Plugin: FunnelKit Checkout
Vulnerability: Unauthenticated Arbitrary Content Deletion
Patched Version: 3.11.0
Recommended Action: Update to version 3.11.0, or a newer patched version
Plugin: JVM Gutenberg Rich Text Icons
Vulnerability: Authenticated(Subscriber+) Arbitrary File Upload
Patched Version: 1.2.4
Recommended Action: Update to version 1.2.4, or a newer patched version
Plugin: WP 2FA – Two-factor authentication for WordPress
Vulnerability: Insecure Direct Object Reference to Arbitrary Email Sending
Patched Version: 2.6.0
Recommended Action: Update to version 2.6.0, or a newer patched version
Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.9.6
Recommended Action: Update to version 3.9.6, or a newer patched version
Plugin: Page Builder: Pagelayer – Drag and Drop website builder
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields
Patched Version: 1.7.9
Recommended Action: Update to version 1.7.9, or a newer patched version
Plugin: Slider by Soliloquy – Responsive Image Slider for WordPress
Vulnerability: Missing Authorization
Patched Version: 2.7.3
Recommended Action: Update to version 2.7.3, or a newer patched version
Plugin: FooGallery Premium
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.4.6
Recommended Action: Update to version 2.4.6, or a newer patched version
Plugin: WP Compress – Image Optimizer [All-In-One]
Vulnerability: Unauthenticated Directory Traversal via css
Patched Version: 6.10.34
Recommended Action: Update to version 6.10.34, or a newer patched version
Plugin: Product Vendors
Vulnerability: Missing Authorization
Patched Version: 2.2.3
Recommended Action: Update to version 2.2.3, or a newer patched version
Plugin: Business Directory Plugin – Easy Listing Directories for WordPress
Vulnerability: Missing Authorization via dispatch
Patched Version: 6.3.10
Recommended Action: Update to version 6.3.10, or a newer patched version
Plugin: Piotnet Forms
Vulnerability: Missing Authorization via multiple AJAX actions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: weForms – Easy Drag & Drop Contact Form Builder For WordPress
Vulnerability: Missing Authorization via export_form_entries
Patched Version: 1.6.19
Recommended Action: Update to version 1.6.19, or a newer patched version
Plugin: Malware Scanner
Vulnerability: IP Spoofing
Patched Version: 4.7.2
Recommended Action: Update to version 4.7.2, or a newer patched version
Plugin: Product Vendors
Vulnerability: Missing Authorization
Patched Version: 2.2.2
Recommended Action: Update to version 2.2.2, or a newer patched version
Plugin: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.7.14
Recommended Action: Update to version 2.7.14, or a newer patched version