Plugin: Add Admin CSS
Vulnerability: Unauthenticated Full Path Dislcosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: IgnitionDeck Crowdfunding Platform
Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 5.1.20
Recommended Action: Update to version 5.1.20, or a newer patched version
Plugin: Tutor LMS – Migration Tool
Vulnerability: Missing Authorization in tutor_import_from_xml
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Tutor LMS – Migration Tool
Vulnerability: Missing Authorization in tutor_lp_export_xml
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Flipbox Builder
Vulnerability: Authenticated (Contributor+) PHP Object Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Add Admin JavaScript
Vulnerability: Unauthenticated Full Path Dislcosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Piotnet Addons For Elementor
Vulnerability: Unauthenticated Sensitive Information Exposure
Patched Version: 2.4.30
Recommended Action: Update to version 2.4.30, or a newer patched version
Plugin: Ultimate WordPress Auction Plugin
Vulnerability: Missing Authorization to Unauthenticated Email Creation
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Media.net Ads Manager
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Happy Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget
Patched Version: 3.11.3
Recommended Action: Update to version 3.11.3, or a newer patched version
Plugin: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 5.1.20
Recommended Action: Update to version 5.1.20, or a newer patched version
Plugin: Photo Gallery, Images, Slider in Rbs Image Gallery
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Title
Patched Version: 3.2.20
Recommended Action: Update to version 3.2.20, or a newer patched version
Plugin: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields
Patched Version: 5.1.20
Recommended Action: Update to version 5.1.20, or a newer patched version
Plugin: Admin Trim Interface
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Intelligence
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Authenticated (Contributor+) Local File Inclusion
Patched Version: 4.2.6.9
Recommended Action: Update to version 4.2.6.9, or a newer patched version
Plugin: Campaign Monitor for WordPress
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 2.8.16
Recommended Action: Update to version 2.8.16, or a newer patched version
Plugin: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 5.1.20
Recommended Action: Update to version 5.1.20, or a newer patched version
Plugin: aThemes Starter Sites
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 1.0.54
Recommended Action: Update to version 1.0.54, or a newer patched version
Plugin: Admin Post Navigation
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Aramex Shipping WooCommerce
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WooCommerce Product Table Lite
Vulnerability: Missing Authorization to (Subscriber+) Stored Cross-Site Scripting
Patched Version: 3.8.6
Recommended Action: Update to version 3.8.6, or a newer patched version
Plugin: ParityPress – Parity Pricing with Discount Rules
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Master Currency WP
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: One Click Close Comments
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.