Plugin: Premium Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.10.19
Recommended Action: Update to version 4.10.19, or a newer patched version
Plugin: Sydney Toolbox
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.26
Recommended Action: Update to version 1.26, or a newer patched version
Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version
Plugin: Ocean Extra
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version
Plugin: Premium Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events
Patched Version: 4.10.19
Recommended Action: Update to version 4.10.19, or a newer patched version
Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version
Plugin: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget
Patched Version: 2.7.16
Recommended Action: Update to version 2.7.16, or a newer patched version
Plugin: WP Maintenance
Vulnerability: Information Exposure
Patched Version: 6.1.7
Recommended Action: Update to version 6.1.7, or a newer patched version
Plugin: Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Vulnerability: Unauthenticated Information Exposure
Patched Version: 1.7.3
Recommended Action: Update to version 1.7.3, or a newer patched version
Plugin: Simple Share Buttons Adder
Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings
Patched Version: 8.4.12
Recommended Action: Update to version 8.4.12, or a newer patched version
Plugin: My Private Site
Vulnerability: Improper Access Control to Sensitive Information Exposure via REST API
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version
Plugin: Page scroll to id
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.7.9
Recommended Action: Update to version 1.7.9, or a newer patched version
Plugin: Microsoft Clarity
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 0.9.4
Recommended Action: Update to version 0.9.4, or a newer patched version
Plugin: Best WordPress Gallery Plugin – FooGallery
Vulnerability:
Patched Version: 2.4.9
Recommended Action: Update to version 2.4.9, or a newer patched version
Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Vulnerability: Unauthenticated SQL Injection
Patched Version: 3.2.6
Recommended Action: Update to version 3.2.6, or a newer patched version
Plugin: Piraeus Bank WooCommerce Payment Gateway
Vulnerability: Unauthenticated SQL Injection
Patched Version: 1.7.0
Recommended Action: Update to version 1.7.0, or a newer patched version