Plugin: Organization chart
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters
Patched Version: 1.5.1
Recommended Action: Update to version 1.5.1, or a newer patched version
Plugin: Fuse Social Floating Sidebar
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via File Upload
Patched Version: 5.4.11
Recommended Action: Update to version 5.4.11, or a newer patched version
Plugin: Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Vulnerability: 1.1.7
Patched Version: 1.1.8
Recommended Action: Update to version 1.1.8, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: Authenticated (Contributor+) SQL Injection via order Parameter
Patched Version: 4.2.6.9.4
Recommended Action: Update to version 4.2.6.9.4, or a newer patched version
Plugin: Slider by 10Web – Responsive Image Slider
Vulnerability: Authenticated (Contributor+) SQL Injection via id Parameter
Patched Version: 1.2.58
Recommended Action: Update to version 1.2.58, or a newer patched version
Plugin: Brizy – Page Builder
Vulnerability: Cross-Site Request Forgery
Patched Version: 2.5.2
Recommended Action: Update to version 2.5.2, or a newer patched version
Plugin: Lightbox & Modal Popup WordPress Plugin – FooBox
Vulnerability: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
Patched Version: 2.7.32
Recommended Action: Update to version 2.7.32, or a newer patched version
Plugin: Premium Addons for Elementor
Vulnerability: Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
Patched Version: 4.10.39
Recommended Action: Update to version 4.10.39, or a newer patched version
Plugin: Booking for Appointments and Events Calendar – Amelia
Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version
Plugin: Falang multilanguage for WordPress
Vulnerability: Missing Authorization to Translation Update and Information Exposure
Patched Version: 1.3.53
Recommended Action: Update to version 1.3.53, or a newer patched version
Plugin: MainWP Child Reports
Vulnerability: Cross-Site Request Forgery to Arbitrary Options Update
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version