Plugin: Breakdance
Vulnerability: Authenticated (Contributor+) Remote Code Execution
Patched Version: 1.7.2
Recommended Action: Update to version 1.7.2, or a newer patched version
Plugin: White Label CMS
Vulnerability: Missing Authorization to Plugin Settings Reset
Patched Version: 2.7.4
Recommended Action: Update to version 2.7.4, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘Dual Color Header’, ‘Event Calendar’, & ‘Advanced Data Table’
Patched Version: 5.9.20
Recommended Action: Update to version 5.9.20, or a newer patched version
Plugin: Enter Addons – Ultimate Template Builder for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Patched Version: 3.9.17
Recommended Action: Update to version 3.9.17, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Unauthenticated Time-Based SQL Injection
Patched Version: 4.2.6.6
Recommended Action: Update to version 4.2.6.6, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
Patched Version: 4.2.6.6
Recommended Action: Update to version 4.2.6.6, or a newer patched version
Plugin: Gallery Block (Meow Gallery)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.1.4
Recommended Action: Update to version 5.1.4, or a newer patched version
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets
Patched Version: 5.9.20
Recommended Action: Update to version 5.9.20, or a newer patched version
Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Vulnerability: Authenticated (Admin+) Command Injection
Patched Version: 1.5.103
Recommended Action: Update to version 1.5.103, or a newer patched version
Plugin: Swift Performance Lite
Vulnerability: Incorrect Authorization to Authenticated (Subscriber+) Settings Modification
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pure Chat – Live Chat Plugin & More!
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Enter Addons – Ultimate Template Builder for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘Interactive Circles’
Patched Version: 5.9.20
Recommended Action: Update to version 5.9.20, or a newer patched version
Plugin: Orders Tracking for WooCommerce
Vulnerability: Unauthenticated Arbitrary Shortcode Execution
Patched Version: 1.2.11
Recommended Action: Update to version 1.2.11, or a newer patched version
Plugin: Pods – Custom Content Types and Fields
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL
Patched Version: 3.2.1.1
Recommended Action: Update to version 3.2.1.1, or a newer patched version
Plugin: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link
Patched Version: 3.2.37
Recommended Action: Update to version 3.2.37, or a newer patched version
Plugin: Themify Shortcodes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode
Patched Version: 2.1.0
Recommended Action: Update to version 2.1.0, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Unauthenticated Bypass to User Registration
Patched Version: 4.2.6.6
Recommended Action: Update to version 4.2.6.6, or a newer patched version
Plugin: HTML5 Audio Player- Best WordPress Audio Player Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Patched Version: 2.2.22
Recommended Action: Update to version 2.2.22, or a newer patched version
Plugin: Starter Templates — Elementor, WordPress & Beaver Builder Templates
Vulnerability: Authenticated (Contributor+) Server-Side Request Forgery
Patched Version: 4.1.7
Recommended Action: Update to version 4.1.7, or a newer patched version
Plugin: Spectra Pro
Vulnerability: Authenticated (Author+) Privilege Escalation
Patched Version: 1.1.6
Recommended Action: Update to version 1.1.6, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Authenticated (Instructor+) Arbitrary File Upload
Patched Version: 4.2.6.6
Recommended Action: Update to version 4.2.6.6, or a newer patched version
Plugin: Divi Builder
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 4.25.1
Recommended Action: Update to version 4.25.1, or a newer patched version
Plugin: Porto Theme – Functionality
Vulnerability: Functionality <= 3.0.9
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version
Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.5.103
Recommended Action: Update to version 1.5.103, or a newer patched version
Plugin: Porto Theme – Functionality
Vulnerability: Functionality <= 3.1.0
Patched Version: 3.1.1
Recommended Action: Update to version 3.1.1, or a newer patched version