Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Woocommerce Vietnam Checkout
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 2.0.8
Recommended Action: Update to version 2.0.8, or a newer patched version
Plugin: Newsletter – Send awesome emails from WordPress
Vulnerability: Cross-Site Request Forgery
Patched Version: 8.0.7
Recommended Action: Update to version 8.0.7, or a newer patched version
Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Vulnerability: Cross-Site Request Forgery
Patched Version: 4.0.23
Recommended Action: Update to version 4.0.23, or a newer patched version
Plugin: Contact Form 7 – Dynamic Text Extension
Vulnerability: Insecure Direct Object Reference
Patched Version: 4.2.0
Recommended Action: Update to version 4.2.0, or a newer patched version
Plugin: Contact Form 7 Connector
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version
Plugin: WP Register Profile With Shortcode
Vulnerability: Cross-Site Request Forgery to User Password Reset
Patched Version: 3.6.0
Recommended Action: Update to version 3.6.0, or a newer patched version
Plugin: Products, Order & Customers Export for WooCommerce
Vulnerability: Missing Authorization
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version
Plugin: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
Vulnerability: Authorization Bypass via type connect-app API
Patched Version: 2.8.8
Recommended Action: Update to version 2.8.8, or a newer patched version