Plugin: Maintenance Page
Vulnerability: Missing Authorization to Sensitive Information Exposure
Patched Version: 1.0.9
Recommended Action: Update to version 1.0.9, or a newer patched version
Plugin: Elementor Addon Elements
Vulnerability: Directory Traversal to Local File Inclusion
Patched Version: 1.13
Recommended Action: Update to version 1.13, or a newer patched version
Plugin: Colibri Page Builder
Vulnerability: Cross-Site Request Fogery via extend_builder
Patched Version: 1.0.260
Recommended Action: Update to version 1.0.260, or a newer patched version
Plugin: Elementor Addon Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget
Patched Version: 1.13
Recommended Action: Update to version 1.13, or a newer patched version
Plugin: Elementor Addon Elements
Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet
Patched Version: 1.13
Recommended Action: Update to version 1.13, or a newer patched version
Plugin: Admin side data storage for Contact Form 7
Vulnerability: Missing Authorization to Unauthenticated Read Status Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode
Patched Version: 4.15.1
Recommended Action: Update to version 4.15.1, or a newer patched version
Plugin: Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio
Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Maintenance Page
Vulnerability: Security Mechanism Bypass via REST API
Patched Version: 1.0.9
Recommended Action: Update to version 1.0.9, or a newer patched version
Plugin: Relevanssi – A Better Search
Vulnerability: Missing Authorization to Unauthenticated Query Log Export
Patched Version: 4.22.1
Recommended Action: Update to version 4.22.1, or a newer patched version
Plugin: Admin side data storage for Contact Form 7
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio
Vulnerability: Authenticated (Contributor+) PHP Object Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Elementor Addon Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget
Patched Version: 1.13
Recommended Action: Update to version 1.13, or a newer patched version
Plugin: Colibri Page Builder
Vulnerability: Cross-Site Request Fogery via cp_shortcode_refresh
Patched Version: 1.0.260
Recommended Action: Update to version 1.0.260, or a newer patched version
Plugin: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 1.0.14
Recommended Action: Update to version 1.0.14, or a newer patched version
Plugin: Event Tickets and Registration
Vulnerability: Missing Authorization
Patched Version: 5.8.2
Recommended Action: Update to version 5.8.2, or a newer patched version
Plugin: Academy LMS – eLearning and online course solution for WordPress
Vulnerability: Authenticated (Subscriber+) Privilege Escalation
Patched Version: 1.9.20
Recommended Action: Update to version 1.9.20, or a newer patched version
Plugin: Admin side data storage for Contact Form 7
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Elementor Addon Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget
Patched Version: 1.13
Recommended Action: Update to version 1.13, or a newer patched version
Plugin: Admin side data storage for Contact Form 7
Vulnerability: Missing Authorization to Unauthenticated Bookmark Status Alteration
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio
Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Page Builder: Pagelayer – Drag and Drop website builder
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Button
Patched Version: 1.8.3
Recommended Action: Update to version 1.8.3, or a newer patched version