Watch Out Wednesday – January 17, 2024
Plugin: Display custom fields in the frontend – Post and User Profile Fields Vulnerability: Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta DisclosurePatched Version: 1.3.0Recommended Action: Update to version 1.3.0, or a newer patched version Plugin: Order Export & Order Import for WooCommerce Vulnerability: Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_filePatched Version: 2.4.4Recommended […]