Plugin: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
Patched Version: 9.8.0
Recommended Action: Update to version 9.8.0, or a newer patched version
Plugin: User Private Files – WordPress File Sharing Plugin
Vulnerability: Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access
Patched Version: 2.1.1
Recommended Action: Update to version 2.1.1, or a newer patched version
Plugin: LiteSpeed Cache
Vulnerability: Unauthenticated Privilege Escalation
Patched Version: 6.4
Recommended Action: Update to version 6.4, or a newer patched version
Plugin: Image Optimizer, Resizer and CDN – Sirv
Vulnerability: Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
Patched Version: 7.2.8
Recommended Action: Update to version 7.2.8, or a newer patched version
Plugin: Themify Builder
Vulnerability: Missing Authorization to Authenticated (Contributor+) Post Duplication
Patched Version: 7.6.2
Recommended Action: Update to version 7.6.2, or a newer patched version
Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings
Patched Version: 5.6.3
Recommended Action: Update to version 5.6.3, or a newer patched version
Plugin: Orbit Fox by ThemeIsle
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 2.10.37
Recommended Action: Update to version 2.10.37, or a newer patched version
Plugin: Responsive Lightbox & Gallery
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via File Upload
Patched Version: 2.4.8
Recommended Action: Update to version 2.4.8, or a newer patched version
Plugin: WPML
Vulnerability: Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection
Patched Version: 4.6.13
Recommended Action: Update to version 4.6.13, or a newer patched version