Watch Out Wednesday – January 17, 2024

/ By

Plugin: Woocommerce Vietnam Checkout

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 2.0.8
Recommended Action: Update to version 2.0.8, or a newer patched version

Plugin: Newsletter – Send awesome emails from WordPress

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.0.7
Recommended Action: Update to version 8.0.7, or a newer patched version

Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.0.23
Recommended Action: Update to version 4.0.23, or a newer patched version

Plugin: Contact Form 7 – Dynamic Text Extension

Vulnerability: Insecure Direct Object Reference
Patched Version: 4.2.0
Recommended Action: Update to version 4.2.0, or a newer patched version

Plugin: Contact Form 7 Connector

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version

Plugin: WP Register Profile With Shortcode

Vulnerability: Cross-Site Request Forgery to User Password Reset
Patched Version: 3.6.0
Recommended Action: Update to version 3.6.0, or a newer patched version

Plugin: Products, Order & Customers Export for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version

Plugin: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications

Vulnerability: Authorization Bypass via type connect-app API
Patched Version: 2.8.8
Recommended Action: Update to version 2.8.8, or a newer patched version

Related Posts