Plugin: CTT Expresso para WooCommerce
Vulnerability: Information Exposure via Unprotected Directory
Patched Version: 3.2.13
Recommended Action: Update to version 3.2.13, or a newer patched version
Plugin: Gutenberg Blocks, Page Builder – ComboBlocks
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget
Patched Version: 2.2.86
Recommended Action: Update to version 2.2.86, or a newer patched version
Plugin: Element Pack Pro – Addon for Elementor Page Builder WordPress Plugin
Vulnerability: Addon for Elementor Page Builder WordPress Plugin <= 7.9.0
Patched Version: 7.9.1
Recommended Action: Update to version 7.9.1, or a newer patched version
Plugin: FundEngine – Donation and Crowdfunding Platform
Vulnerability: Authenticated (Subscriber+) Privilege Escalation
Patched Version: 1.7.1
Recommended Action: Update to version 1.7.1, or a newer patched version
Plugin: AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Vulnerability: Missing Authorization to Unauthenticated Ad Status Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Blog2Social: Social Media Auto Post & Scheduler
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via File Upload
Patched Version: 7.5.5
Recommended Action: Update to version 7.5.5, or a newer patched version
Plugin: Breakdance
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.0.0
Recommended Action: Update to version 2.0.0, or a newer patched version
Plugin: Breakdance
Vulnerability: Missing Authorization
Patched Version: 2.0.0
Recommended Action: Update to version 2.0.0, or a newer patched version
Plugin: Remote Content Shortcode
Vulnerability: Authenticated (Contributor+) Server-Side Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.