Watch Out Wednesday – August 21, 2024

Plugin: AFI – The Easiest Integration Plugin

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.89.6
Recommended Action: Update to version 1.89.6, or a newer patched version

Plugin: Custom Layouts – Post + Product grids made easy

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.4.12
Recommended Action: Update to version 1.4.12, or a newer patched version

Plugin: The Ultimate Video Player For WordPress – by Presto Player

Vulnerability: Missing Authorization
Patched Version: 3.0.3
Recommended Action: Update to version 3.0.3, or a newer patched version

Plugin: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Vulnerability: 2.13.9
Patched Version: 2.13.10
Recommended Action: Update to version 2.13.10, or a newer patched version

Plugin: WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More

Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts

Vulnerability: Missing Authorization
Patched Version: 3.7.8
Recommended Action: Update to version 3.7.8, or a newer patched version

Plugin: WPC Frequently Bought Together for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 7.2.0
Recommended Action: Update to version 7.2.0, or a newer patched version

Plugin: Theme My Login

Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: 7.1.8
Recommended Action: Update to version 7.1.8, or a newer patched version

Plugin: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Vulnerability: Cross-Site Request Forgery
Patched Version: 3.1.83
Recommended Action: Update to version 3.1.83, or a newer patched version

Plugin: tagDiv Opt-In Builder

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.5
Recommended Action: Update to version 1.5, or a newer patched version

Plugin: ElementsKit Pro

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.6.6
Recommended Action: Update to version 3.6.6, or a newer patched version

Plugin: RegistrationMagic – User Registration Plugin with Custom Registration Forms

Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 6.0.1.1
Recommended Action: Update to version 6.0.1.1, or a newer patched version

Plugin: BP Profile Search

Vulnerability: Cross-Site Request Forgery to Reflected Cross-Site Scripting
Patched Version: 5.8
Recommended Action: Update to version 5.8, or a newer patched version

Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Vulnerability: Insufficient Input Validation
Patched Version: 1.6.29
Recommended Action: Update to version 1.6.29, or a newer patched version

Plugin: WP User Manager – User Profile Builder & Membership

Vulnerability: Cross-Site Request Forgery
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: JetBlocks for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.12.1
Recommended Action: Update to version 1.3.12.1, or a newer patched version

Plugin: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Vulnerability: Missing Authorization to Settings Update
Patched Version: 2.0.74
Recommended Action: Update to version 2.0.74, or a newer patched version

Plugin: Woo Inquiry

Vulnerability: Unauthenticated SQL Injection
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Hide My Site

Vulnerability: Unauthenticated Information Exposure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WPBakery Page Builder Addons by Livemesh

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.9.1
Recommended Action: Update to version 3.9.1, or a newer patched version

Plugin: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Vulnerability: 2.13.9
Patched Version: 2.13.10
Recommended Action: Update to version 2.13.10, or a newer patched version

Plugin: Newsletters

Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 4.9.9.1
Recommended Action: Update to version 4.9.9.1, or a newer patched version

Plugin: LiquidPoll – Polls, Surveys, NPS and Feedback Reviews

Vulnerability: Unauthenticated Stored Cross-Site Scripting via form_data Parameter
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Vulnerability: Missing Authorization to Player Deletion
Patched Version: 2.0.74
Recommended Action: Update to version 2.0.74, or a newer patched version

Plugin: Relevanssi – A Better Search

Vulnerability: Unauthenticated Information Exposure
Patched Version: 4.23.0
Recommended Action: Update to version 4.23.0, or a newer patched version

Plugin: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Vulnerability: 2.13.9
Patched Version: 2.13.10
Recommended Action: Update to version 2.13.10, or a newer patched version

Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget
Patched Version: 5.6.3
Recommended Action: Update to version 5.6.3, or a newer patched version

Plugin: LOGIN AND REGISTRATION ATTEMPTS LIMIT

Vulnerability: IP Address Spoofing to Protection Mechanism Bypass
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Admission AppManager

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Button contact VR

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Dark Mode for WP Dashboard

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.4
Recommended Action: Update to version 1.2.4, or a newer patched version

Plugin: oik

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.12.1
Recommended Action: Update to version 4.12.1, or a newer patched version

Plugin: WordSurvey

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via sounding_title Parameter
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Testimonial Widget

Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Event Espresso – Event Registration & Ticketing Sales

Vulnerability: Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

Vulnerability: Unauthenticated Double-Extension Arbitrary File Upload
Patched Version: 3.3.0
Recommended Action: Update to version 3.3.0, or a newer patched version

Plugin: LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Vulnerability: Missing Authorization via init_endpoint
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Stripe Payments For WooCommerce by Checkout Plugins

Vulnerability: Unauthenticated Insecure Direct Object Reference
Patched Version: 1.9.2
Recommended Action: Update to version 1.9.2, or a newer patched version

Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget
Patched Version: 5.6.3
Recommended Action: Update to version 5.6.3, or a newer patched version

Plugin: Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.19.1
Recommended Action: Update to version 1.19.1, or a newer patched version

Plugin: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Vulnerability: 2.13.9
Patched Version: 2.13.10
Recommended Action: Update to version 2.13.10, or a newer patched version

Plugin: Cookie Notice & Compliance for GDPR / CCPA

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: tagDiv Opt-In Builder

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.5
Recommended Action: Update to version 1.5, or a newer patched version

Plugin: Asset CleanUp: Page Speed Booster

Vulnerability: Missing Authorization
Patched Version: 1.3.9.4
Recommended Action: Update to version 1.3.9.4, or a newer patched version

Plugin: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Vulnerability: Missing Authorization to Player Update
Patched Version: 2.0.74
Recommended Action: Update to version 2.0.74, or a newer patched version

Plugin: JetElements

Vulnerability: Authenticated (Contributor+) Arbitrary Local File Inclusion
Patched Version: 2.6.20.1
Recommended Action: Update to version 2.6.20.1, or a newer patched version

Plugin: InPost PL

Vulnerability: Missing Authorization to Unauthenticated Arbitrary File Read and Delete
Patched Version: 1.4.5
Recommended Action: Update to version 1.4.5, or a newer patched version

Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 4.0.38
Recommended Action: Update to version 4.0.38, or a newer patched version

Plugin: Order Tracking – WordPress Status Tracking Plugin

Vulnerability: Missing Authorization via send_test_email()
Patched Version: 3.3.12b
Recommended Action: Update to one of the following versions, or a newer patched version: 3.3.12b, 3.3.13

Plugin: Tutor LMS Elementor Addons

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget
Patched Version: 2.1.5
Recommended Action: Update to version 2.1.5, or a newer patched version

Plugin: PowerPack for Beaver Builder

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.37.4
Recommended Action: Update to version 2.37.4, or a newer patched version

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Limited File Deletion
Patched Version: 3.14.2
Recommended Action: Update to version 3.14.2, or a newer patched version

Plugin: WP Data Access – WordPress App, Table and Form Builder plugin

Vulnerability: Cross-Site Request Forgery
Patched Version: 5.5.9
Recommended Action: Update to version 5.5.9, or a newer patched version

Plugin: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts

Vulnerability: Cross-Site Request Forgery
Patched Version: 3.7.8
Recommended Action: Update to version 3.7.8, or a newer patched version

Plugin: Smart Online Order for Clover

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Plugin Data Update
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Photo Engine (Media Organizer & Lightroom)

Vulnerability: Missing Authorization
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Last Modified Info

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via lmt-post-modified-info Shortcode
Patched Version: 1.9.1
Recommended Action: Update to version 1.9.1, or a newer patched version

Plugin: Insert PHP Code Snippet

Vulnerability: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version

Plugin: All Bootstrap Blocks

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Void Contact Form 7 Widget For Elementor Page Builder

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 2.4.2
Recommended Action: Update to version 2.4.2, or a newer patched version

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Unauthenticated PHP Object Injection to Remote Code Execution
Patched Version: 3.14.2
Recommended Action: Update to version 3.14.2, or a newer patched version

Plugin: BackWPup – WordPress Backup & Restore Plugin

Vulnerability: Authenticated (Administrator+) Directory Traversal
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version

Plugin: Custom Field For WP Job Manager

Vulnerability: Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode
Patched Version: 1.3
Recommended Action: Update to version 1.3, or a newer patched version

Plugin: Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

Vulnerability: Cross-Site Request Forgery
Patched Version: 0.7.1
Recommended Action: Update to version 0.7.1, or a newer patched version

Plugin: Smart Online Order for Clover

Vulnerability: Missing Authorization to Plugin Deactivation and Data Deletion
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: OTA Sync Booking Engine Widget

Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: AdRotate Banner Manager – The only ad manager you'll need

Vulnerability: Authenticated (Admin+) Double Extension Arbitrary File Upload
Patched Version: 5.13.3
Recommended Action: Update to version 5.13.3, or a newer patched version

Plugin: JetSearch

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.5.2.1
Recommended Action: Update to version 3.5.2.1, or a newer patched version

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Missing Authorization to Limited Information Exposure
Patched Version: 3.14.0
Recommended Action: Update to version 3.14.0, or a newer patched version

Plugin: Clever Addons for Elementor

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version

Plugin: JetTabs for Elementor

Vulnerability: Authenticated (Contributor+) Arbitrary Local File Inclusion
Patched Version: 2.2.3.1
Recommended Action: Update to version 2.2.3.1, or a newer patched version

Plugin: Shopping Cart & eCommerce Store

Vulnerability: Authenticated (Contributor+) SQL Injection via model_number Parameter
Patched Version: 5.7.3
Recommended Action: Update to version 5.7.3, or a newer patched version

Plugin: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

Vulnerability: Missing Authorization
Patched Version: 1.2.16
Recommended Action: Update to version 1.2.16, or a newer patched version

Plugin: LH Add Media From Url

Vulnerability: Reflected Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Clone

Vulnerability: Missing Authorization
Patched Version: 2.4.6
Recommended Action: Update to version 2.4.6, or a newer patched version

Plugin: App Builder – Create Native Android & iOS Apps On The Flight

Vulnerability: Unauthenticated Limited SQL Injection via app-builder-search
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Snapshot Backup

Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin

Vulnerability: Missing Authorization
Patched Version: 3.3.2
Recommended Action: Update to version 3.3.2, or a newer patched version

Plugin: Short URL

Vulnerability: Cross-Site Request Forgery via configuration_page
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: JoomSport – for Sports: Team & League, Football, Hockey & more

Vulnerability: Missing Authorization
Patched Version: 5.5.7
Recommended Action: Update to version 5.5.7, or a newer patched version

Plugin: Zephyr Project Manager

Vulnerability: Authenticated (Subscriber+) Limited Privilege Escalation
Patched Version: 3.3.102
Recommended Action: Update to version 3.3.102, or a newer patched version

Plugin: Stripe Payments For WooCommerce by Checkout Plugins

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.9.2
Recommended Action: Update to version 1.9.2, or a newer patched version

Plugin: Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 3.4.10
Recommended Action: Update to version 3.4.10, or a newer patched version

Plugin: Visual Website Collaboration, Feedback & Project Management – Atarim

Vulnerability: Missing Authorization via remove_feedbacktool_notice()
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version

Plugin: Responsive Video

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Bold Timeline Lite

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version

Plugin: JetElements

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.6.20.1
Recommended Action: Update to version 2.6.20.1, or a newer patched version

Plugin: WordPress Webinar Plugin – WebinarPress

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.33.21
Recommended Action: Update to version 1.33.21, or a newer patched version

Plugin: FOX – Currency Switcher Professional for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 1.4.2.1
Recommended Action: Update to version 1.4.2.1, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Authentication Bypass to Account Takeover
Patched Version: 4.15.3
Recommended Action: Update to version 4.15.3, or a newer patched version

Plugin: SpeedyCache – Cache, Optimization, Performance

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.1.9
Recommended Action: Update to version 1.1.9, or a newer patched version

Plugin: ElementsKit Pro

Vulnerability: Authenticated (Contributor+) Sensitive Information Exposure
Patched Version: 3.6.7
Recommended Action: Update to version 3.6.7, or a newer patched version

Plugin: Slideshow, Image Slider by 2J

Vulnerability: Reflected Cross-Site Scripting via ‘post’
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: GiveWP – Donation Plugin and Fundraising Platform

Vulnerability: Missing Authorization to Unauthenticated Event Settings Update
Patched Version: 3.14.0
Recommended Action: Update to version 3.14.0, or a newer patched version

Plugin: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Vulnerability: 2.13.4
Patched Version: 2.13.5
Recommended Action: Update to version 2.13.5, or a newer patched version

Plugin: Cryptocurrency Widgets – Price Ticker & Coins List

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.8.1
Recommended Action: Update to version 2.8.1, or a newer patched version

Plugin: Flamix: Bitrix24 and Contact Form 7 integrations

Vulnerability: Unauthenticated Full Path Disclosure
Patched Version: 3.2.0
Recommended Action: Update to version 3.2.0, or a newer patched version

Plugin: Download Plugins and Themes in ZIP from Dashboard

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.8.8
Recommended Action: Update to version 1.8.8, or a newer patched version

Plugin: WordPress File Upload

Vulnerability: Unauthenticated Stored Cross-Site Scripting via SVG File Upload
Patched Version: 4.24.9
Recommended Action: Update to version 4.24.9, or a newer patched version

Plugin: Plugin Notes Plus

Vulnerability: Authenticated (Subscriber+) Arbitrary Note Deletion
Patched Version: 1.2.8
Recommended Action: Update to version 1.2.8, or a newer patched version