Plugin: Passster – Password Protect Pages and Content
Vulnerability: Missing Authorization to Sensitive Information Exposure
Patched Version: 4.2.6.3
Recommended Action: Update to version 4.2.6.3, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: All-In-One Security (AIOS) – Security and Firewall
Vulnerability: Cross-Site Request Forgery to IP Blocking
Patched Version: 5.2.7
Recommended Action: Update to version 5.2.7, or a newer patched version
Plugin: Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
Vulnerability: Missing Authorization to Unauthenticated Events Export
Patched Version: 3.3.51
Recommended Action: Update to version 3.3.51, or a newer patched version
Plugin: WP Shortcodes Plugin — Shortcodes Ultimate
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Patched Version: 7.0.2
Recommended Action: Update to version 7.0.2, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in enableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Vulnerability: Missing Authorization to Arbitrary Page Creation and Publication
Patched Version: 4.4.3
Recommended Action: Update to version 4.4.3, or a newer patched version
Plugin: Backuply – Backup, Restore, Migrate and Clone
Vulnerability: Backup, Restore, Migrate and Clone <= 1.2.5
Patched Version: 1.2.6
Recommended Action: Update to version 1.2.6, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Plugin Data Removal in reinitialize
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Matomo Analytics – Ethical Stats. Powerful Insights.
Vulnerability: Reflected Cross-Site Scripting via idsite
Patched Version: 5.0.1
Recommended Action: Update to version 5.0.1, or a newer patched version
Plugin: InfiniteWP Client
Vulnerability: Unauthenticated Sensitive Information Exposure
Patched Version: 1.12.3.1
Recommended Action: Update to version 1.12.3.1, or a newer patched version
Plugin: Login Lockdown – Protect Login Form
Vulnerability: Missing Authorization
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Plugin Data Removal in reinitialize
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via remove_from_wishlist
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: PPWP – Password Protect Pages
Vulnerability: Protection Mechanism Bypass
Patched Version: 1.9.0
Recommended Action: Update to version 1.9.0, or a newer patched version
Plugin: Internal Link Juicer: SEO Auto Linker for WordPress
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 2.23.5
Recommended Action: Update to version 2.23.5, or a newer patched version
Plugin: Elementor Website Builder – More than Just a Page Builder
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt
Patched Version: 3.19.0
Recommended Action: Update to version 3.19.0, or a newer patched version
Plugin: Elementor Website Builder – More than Just a Page Builder
Vulnerability: Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Patched Version: 3.19.1
Recommended Action: Update to version 3.19.1, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in stopOptimizeAll
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Elementor Addons by Livemesh
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 8.3.3
Recommended Action: Update to version 8.3.3, or a newer patched version
Plugin: WP Booking Calendar
Vulnerability: Unauthenticated SQL Injection
Patched Version: 9.9.1
Recommended Action: Update to version 9.9.1, or a newer patched version
Plugin: Awesome Support – WordPress HelpDesk & Support Plugin
Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 6.1.8
Recommended Action: Update to version 6.1.8, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in optimizeAllOn
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Payment Forms for Paystack
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via remove_from_compare
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via add_to_compare
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: WP Recipe Maker
Vulnerability: Missing Authorization to Authenticated (Subscriber+) SQL Injecton
Patched Version: 9.2.0
Recommended Action: Update to version 9.2.0, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via add_to_wishlist
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in disableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Awesome Support – WordPress HelpDesk & Support Plugin
Vulnerability: Missing Authorization via wpas_get_users()
Patched Version: 6.1.8
Recommended Action: Update to version 6.1.8, or a newer patched version
Plugin: Insert PHP Code Snippet
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.3.5
Recommended Action: Update to version 1.3.5, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Cross-Site Request Forgery to Settings Update in optimizeAllOn
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in disableOptimization
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Vulnerability: Authenticated(Contributor+) SQL Injection
Patched Version: 4.4.3
Recommended Action: Update to version 4.4.3, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Missing Authorization via wpr_update_form_action_meta
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: Simple Page Access Restriction
Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 1.0.23
Recommended Action: Update to version 1.0.23, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Cross-Site Request Forgery via wpr_update_form_action_meta
Patched Version: 1.3.88
Recommended Action: Update to version 1.3.88, or a newer patched version
Plugin: Awesome Support – WordPress HelpDesk & Support Plugin
Vulnerability: Missing Authorization via editor_html()
Patched Version: 6.1.8
Recommended Action: Update to version 6.1.8, or a newer patched version
Plugin: ImageRecycle pdf & image compression
Vulnerability: Missing Authorization to Settings Update in stopOptimizeAll
Patched Version: 3.1.14
Recommended Action: Update to version 3.1.14, or a newer patched version
Plugin: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Vulnerability: Authenticated (Contributor+) User Meta Disclosure
Patched Version: 2.12.9
Recommended Action: Update to version 2.12.9, or a newer patched version