Watch Out Wednesday – January 17, 2024

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Woocommerce Vietnam Checkout

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 2.0.8
Recommended Action: Update to version 2.0.8, or a newer patched version

Plugin: Newsletter – Send awesome emails from WordPress

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.0.7
Recommended Action: Update to version 8.0.7, or a newer patched version

Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.0.23
Recommended Action: Update to version 4.0.23, or a newer patched version

Plugin: Contact Form 7 – Dynamic Text Extension

Vulnerability: Insecure Direct Object Reference
Patched Version: 4.2.0
Recommended Action: Update to version 4.2.0, or a newer patched version

Plugin: Contact Form 7 Connector

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version

Plugin: WP Register Profile With Shortcode

Vulnerability: Cross-Site Request Forgery to User Password Reset
Patched Version: 3.6.0
Recommended Action: Update to version 3.6.0, or a newer patched version

Plugin: Products, Order & Customers Export for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version

Plugin: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications

Vulnerability: Authorization Bypass via type connect-app API
Patched Version: 2.8.8
Recommended Action: Update to version 2.8.8, or a newer patched version