Watch Out Wednesday – July 3, 2024

Plugin: Ultimate Blocks – WordPress Blocks Plugin

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks
Patched Version: 3.2.0
Recommended Action: Update to version 3.2.0, or a newer patched version

Plugin: Cost Calculator Builder

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.2.13
Recommended Action: Update to version 3.2.13, or a newer patched version

Plugin: LearnPress – WordPress LMS Plugin

Vulnerability: Missing Authorization to Unauthenticated User Registration Bypass
Patched Version: 4.2.6.8.2
Recommended Action: Update to version 4.2.6.8.2, or a newer patched version

Plugin: Login with phone number

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.7.36
Recommended Action: Update to version 1.7.36, or a newer patched version

Plugin: Page and Post Clone

Vulnerability: Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure
Patched Version: 6.1
Recommended Action: Update to version 6.1, or a newer patched version

Plugin: Elementor Addons by Livemesh

Vulnerability: Authenticated (Contributor+) Limited Local File Inclusion via Widgets
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Snippet Shortcodes

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version

Plugin: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Vulnerability: Unauthenticated SQL Injection via unsubscribe
Patched Version: 5.7.26
Recommended Action: Update to version 5.7.26, or a newer patched version

Plugin: Church Admin

Vulnerability: Missing Authorization
Patched Version: 4.4.5
Recommended Action: Update to version 4.4.5, or a newer patched version

Plugin: Elementor Website Builder Pro

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.21.3
Recommended Action: Update to version 3.21.3, or a newer patched version

Plugin: Featured Image from URL (FIFU)

Vulnerability: Missing Authorization
Patched Version: 4.8.2
Recommended Action: Update to version 4.8.2, or a newer patched version

Plugin: Branda – White Label WordPress, Custom Login Page Customizer

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.4.18
Recommended Action: Update to version 3.4.18, or a newer patched version

Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Patched Version: 5.6.2
Recommended Action: Update to version 5.6.2, or a newer patched version

Plugin: Defender Security – Malware Scanner, Login Security & Firewall

Vulnerability: Missing Authorization
Patched Version: 4.7.3
Recommended Action: Update to version 4.7.3, or a newer patched version

Plugin: Stock Ticker

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode
Patched Version: 3.24.6
Recommended Action: Update to version 3.24.6, or a newer patched version

Plugin: Void Contact Form 7 Widget For Elementor Page Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute
Patched Version: 2.4.1
Recommended Action: Update to version 2.4.1, or a newer patched version

Plugin: Newspack Blocks

Vulnerability: Authenticated (Contributor+) Arbitrary File Upload
Patched Version: 3.0.9
Recommended Action: Update to version 3.0.9, or a newer patched version

Plugin: Uncanny Toolkit Pro for LearnDash

Vulnerability: Missing Authorization to Arbitrary Page/Post Duplication
Patched Version: 4.1.4.1
Recommended Action: Update to version 4.1.4.1, or a newer patched version

Plugin: Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
Patched Version: 3.4.0
Recommended Action: Update to version 3.4.0, or a newer patched version

Plugin: Rife Elementor Extensions & Templates

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version

Plugin: LA-Studio Element Kit for Elementor

Vulnerability: Authenticated (Contributor+) Local File Inclusion
Patched Version: 1.3.9
Recommended Action: Update to version 1.3.9, or a newer patched version

Plugin: WP Photo Album Plus

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 8.8.00.003
Recommended Action: Update to version 8.8.00.003, or a newer patched version

Plugin: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

Vulnerability: Unauthenticated SQL Injection via ‘uwp_sort_by’
Patched Version: 1.2.11
Recommended Action: Update to version 1.2.11, or a newer patched version

Plugin: Easy Age Verify

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.8.3
Recommended Action: Update to version 1.8.3, or a newer patched version

Plugin: All-in-One Addons for Elementor – WidgetKit

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.5.1
Recommended Action: Update to version 2.5.1, or a newer patched version

Plugin: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters
Patched Version: 3.2.2
Recommended Action: Update to version 3.2.2, or a newer patched version

Plugin: Ultimate Blocks – WordPress Blocks Plugin

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute
Patched Version: 3.2.0
Recommended Action: Update to version 3.2.0, or a newer patched version

Plugin: Patreon WordPress

Vulnerability: Protection Mechanism Bypass
Patched Version: 1.9.1
Recommended Action: Update to version 1.9.1, or a newer patched version

Plugin: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Vulnerability: Unauthenticated Insecure Direct Object Reference to Order Status Update
Patched Version: 3.0.5
Recommended Action: Update to version 3.0.5, or a newer patched version

Plugin: Easy Google Maps

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 1.11.16
Recommended Action: Update to version 1.11.16, or a newer patched version

Plugin: WP Job Manager – Resume Manager

Vulnerability: Resume Manager <= 2.1.0
Patched Version: 2.2.0
Recommended Action: Update to version 2.2.0, or a newer patched version

Plugin: Auto Featured Image

Vulnerability: Authenticated (Contributor+) Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Maps – Display Google Maps Perfectly with Ease

Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: 4.6.2
Recommended Action: Update to version 4.6.2, or a newer patched version

Plugin: Newspack Blocks

Vulnerability: Authenticated (Contributor+) Arbitrary Directory Deletion
Patched Version: 3.0.9
Recommended Action: Update to version 3.0.9, or a newer patched version

Plugin: Social Rocket – Social Sharing Plugin

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.3.4
Recommended Action: Update to version 1.3.4, or a newer patched version

Plugin: Visual Website Collaboration, Feedback & Project Management – Atarim

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.32
Recommended Action: Update to version 3.32, or a newer patched version

Plugin: Elementor Addons by Livemesh

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Masterstudy Elementor Widgets

Vulnerability: Missing Authorization
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version

Plugin: Enter Addons – Ultimate Template Builder for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.1.7
Recommended Action: Update to version 2.1.7, or a newer patched version

Plugin: E2Pdf – Export To Pdf Tool for WordPress

Vulnerability: Missing Authorization
Patched Version: 1.23.00
Recommended Action: Update to version 1.23.00, or a newer patched version

Plugin: Motors – Car Dealer, Classifieds & Listing

Vulnerability: Missing Authorization
Patched Version: 1.4.11
Recommended Action: Update to version 1.4.11, or a newer patched version

Plugin: Extensions for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
Patched Version: 2.0.31
Recommended Action: Update to version 2.0.31, or a newer patched version

Plugin: Elementor Addon Elements

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.13.6
Recommended Action: Update to version 1.13.6, or a newer patched version

Plugin: Mailster – Email Newsletter Plugin for WordPress

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.0.10
Recommended Action: Update to version 4.0.10, or a newer patched version

Plugin: Happy Addons for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget
Patched Version: 3.11.2
Recommended Action: Update to version 3.11.2, or a newer patched version

Plugin: Zita Elementor Site Library

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: 1.6.2
Recommended Action: Update to version 1.6.2, or a newer patched version

Plugin: PayPlus Payment Gateway

Vulnerability: Unauthenticated SQL Injection
Patched Version: 6.6.9
Recommended Action: Update to version 6.6.9, or a newer patched version

Plugin: Events Manager – Calendar, Bookings, Tickets, and more!

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 6.4.9
Recommended Action: Update to version 6.4.9, or a newer patched version

Plugin: Filter & Grids

Vulnerability: Unauthenticated Local File Inclusion
Patched Version: 2.8.33
Recommended Action: Update to version 2.8.33, or a newer patched version

Plugin: Online Booking & Scheduling Calendar for WordPress by vcita

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.4.3
Recommended Action: Update to version 4.4.3, or a newer patched version

Plugin: Cards for Beaver Builder

Vulnerability: Authenticated (Editor+) Stored Cross-Site Scripting
Patched Version: 1.1.5
Recommended Action: Update to version 1.1.5, or a newer patched version

Plugin: Elementor Addons by Livemesh

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Print My Blog – Print, PDF, & eBook Converter WordPress Plugin

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 3.27.1
Recommended Action: Update to version 3.27.1, or a newer patched version

Plugin: LearnPress – WordPress LMS Plugin

Vulnerability: Unauthenticated Bypass to User Registration
Patched Version: 4.2.6.8.2
Recommended Action: Update to version 4.2.6.8.2, or a newer patched version

Plugin: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Vulnerability: Authenticated (Editor+) Stored Cross-Site Scripting
Patched Version: 3.1.0
Recommended Action: Update to version 3.1.0, or a newer patched version

Plugin: File Manager

Vulnerability: Missing Authorization
Patched Version: 7.2.8
Recommended Action: Update to version 7.2.8, or a newer patched version

Plugin: PowerPack Lite for Beaver Builder

Vulnerability: Authenticated (Editor+) Stored Cross-Site Scripting
Patched Version: 1.3.0.5
Recommended Action: Update to version 1.3.0.5, or a newer patched version

Plugin: Progress Planner

Vulnerability: Missing Authorization
Patched Version: 0.9.2
Recommended Action: Update to version 0.9.2, or a newer patched version

Plugin: Slider Revolution

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 6.7.14
Recommended Action: Update to version 6.7.14, or a newer patched version

Plugin: Uncanny Automator Pro

Vulnerability: Missing Authorization to Unauthenticated License Setting Reset
Patched Version: 5.3.0.1
Recommended Action: Update to version 5.3.0.1, or a newer patched version

Plugin: Uncanny Toolkit Pro for LearnDash

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.1.4.1
Recommended Action: Update to version 4.1.4.1, or a newer patched version

Plugin: NextScripts: Social Networks Auto-Poster

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP-Lister Lite for Amazon

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.6.17
Recommended Action: Update to version 2.6.17, or a newer patched version

Plugin: Elementor Addons by Livemesh

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: DethemeKit For Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget
Patched Version: 2.1.6
Recommended Action: Update to version 2.1.6, or a newer patched version

Plugin: Create by Mediavine

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode
Patched Version: 1.9.8
Recommended Action: Update to version 1.9.8, or a newer patched version

Plugin: Advanced File Manager

Vulnerability: Sensitive Information Exposure via Directory Listing
Patched Version: 5.2.5
Recommended Action: Update to version 5.2.5, or a newer patched version

Plugin: Post Meta Data Manager

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.0
Recommended Action: Update to version 1.3.0, or a newer patched version

Plugin: Premium Addons for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Patched Version: 4.10.36
Recommended Action: Update to version 4.10.36, or a newer patched version

Plugin: Photo Gallery by Ays – Responsive Image Gallery

Vulnerability: Authenticated (Administrator+) HTML Injection
Patched Version: 5.7.1
Recommended Action: Update to version 5.7.1, or a newer patched version

Plugin: ElementsKit Elementor addons

Vulnerability: Missing Authorization
Patched Version: 3.2.0
Recommended Action: Update to version 3.2.0, or a newer patched version

Plugin: Chained Quiz

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.3.2.9
Recommended Action: Update to version 1.3.2.9, or a newer patched version

Plugin: Elementor Addon Elements

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.13.6
Recommended Action: Update to version 1.13.6, or a newer patched version

Plugin: Portfolio Gallery – Image Gallery Plugin

Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 1.6.5
Recommended Action: Update to version 1.6.5, or a newer patched version

Plugin: PowerPack Lite for Beaver Builder

Vulnerability: Authenticated (Editor+) Local File Inclusion
Patched Version: 1.3.0.4
Recommended Action: Update to version 1.3.0.4, or a newer patched version

Plugin: The Ultimate WordPress Toolkit – WP Extended

Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 3.0.0
Recommended Action: Update to version 3.0.0, or a newer patched version

Plugin: Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget
Patched Version: 3.11.8
Recommended Action: Update to version 3.11.8, or a newer patched version

Plugin: Floating Social Buttons

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: TrustedLogin Vendor

Vulnerability: Unauthenticated Information Disclosure
Patched Version: 1.1.1
Recommended Action: Update to version 1.1.1, or a newer patched version

Plugin: Tutor LMS – eLearning and online course solution

Vulnerability: Authenticated (Admin+) Path Traversal
Patched Version: 2.7.2
Recommended Action: Update to version 2.7.2, or a newer patched version

Plugin: Newspack Blocks

Vulnerability: Missing Authorization
Patched Version: 3.0.9
Recommended Action: Update to version 3.0.9, or a newer patched version

Plugin: Progress Planner

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 0.9.3
Recommended Action: Update to version 0.9.3, or a newer patched version

Plugin: Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Vulnerability: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
Patched Version: 3.2.46
Recommended Action: Update to version 3.2.46, or a newer patched version

Plugin: PixelYourSite – Your smart PIXEL (TAG) & API Manager

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 9.6.2
Recommended Action: Update to version 9.6.2, or a newer patched version

Plugin: WP Mobile Menu – The Mobile-Friendly Responsive Menu

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.8.4.4
Recommended Action: Update to version 2.8.4.4, or a newer patched version

Plugin: Easy Image Collage

Vulnerability: Missing Authorization to Authenticated (Contributor+) Data Clearance
Patched Version: 1.13.6
Recommended Action: Update to version 1.13.6, or a newer patched version

Plugin: Media Library Assistant

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.18
Recommended Action: Update to version 3.18, or a newer patched version

Plugin: Uncanny Automator Pro

Vulnerability: Cross-Site Request Forgery to License Setting Reset
Patched Version: 5.3.0.1
Recommended Action: Update to version 5.3.0.1, or a newer patched version

Plugin: HTML5 Audio Player- Audio Player Plugin

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.24
Recommended Action: Update to version 2.2.24, or a newer patched version

Plugin: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter
Patched Version: 3.5.6
Recommended Action: Update to version 3.5.6, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.4.3
Recommended Action: Update to version 3.4.3, or a newer patched version

Plugin: IdeaPush

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 8.61
Recommended Action: Update to version 8.61, or a newer patched version

Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Vulnerability:
Patched Version: 5.6.1
Recommended Action: Update to version 5.6.1, or a newer patched version

Plugin: Stackable – Page Builder Gutenberg Blocks

Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 3.13.2
Recommended Action: Update to version 3.13.2, or a newer patched version

Plugin: Permalink Manager Lite

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.4.3.4
Recommended Action: Update to version 2.4.3.4, or a newer patched version

Plugin: Easy Affiliate Links

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Settings Reset
Patched Version: 3.7.4
Recommended Action: Update to version 3.7.4, or a newer patched version

Plugin: Uncanny Toolkit Pro for LearnDash

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.1.4.1
Recommended Action: Update to version 4.1.4.1, or a newer patched version

Plugin: WooCommerce

Vulnerability: Authenticated (Shop Manager+) Content Injection
Patched Version: 9.0.0
Recommended Action: Update to version 9.0.0, or a newer patched version

Plugin: Elementor Website Builder – More than Just a Page Builder

Vulnerability: Authenticated (Contributor+) Arbitrary SVG Download
Patched Version: 3.22.2
Recommended Action: Update to version 3.22.2, or a newer patched version

Plugin: SEO SIMPLE PACK

Vulnerability: Information Exposure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Conversios – Google Analytics 4 (GA4), Google Ads, Meta Pixel & more for WooCommerce

Vulnerability: All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0
Patched Version: 7.1.1
Recommended Action: Update to version 7.1.1, or a newer patched version

Plugin: Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget
Patched Version: 3.2.43
Recommended Action: Update to version 3.2.43, or a newer patched version

Plugin: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag
Patched Version: 7.7.2
Recommended Action: Update to version 7.7.2, or a newer patched version

Plugin: Cost Calculator Builder

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation
Patched Version: 3.2.13
Recommended Action: Update to version 3.2.13, or a newer patched version

Plugin: WP Lightbox 2

Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 3.0.6.7
Recommended Action: Update to version 3.0.6.7, or a newer patched version