Plugin: Language Translate Widget for WordPress – ConveyThis
Vulnerability: Unauthenticated Stored Cross-Site Scripting via api_key
Patched Version: 224
Recommended Action: Update to version 224, or a newer patched version
Plugin: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode
Patched Version: 3.70.1
Recommended Action: Update to version 3.70.1, or a newer patched version
Plugin: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Vulnerability: Sensitive Information Exposure via element_pack_ajax_search
Patched Version: 5.6.0
Recommended Action: Update to version 5.6.0, or a newer patched version
Plugin: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
Patched Version: 2.6.9
Recommended Action: Update to version 2.6.9, or a newer patched version
Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 2.8.5
Recommended Action: Update to version 2.8.5, or a newer patched version
Plugin: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Vulnerability: Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting
Patched Version: 2.6.9
Recommended Action: Update to version 2.6.9, or a newer patched version