Plugin: Ivory Search – WordPress Search Plugin
Vulnerability: Information Exposure via AJAX Search Form
Patched Version: 5.5.7
Recommended Action: Update to version 5.5.7, or a newer patched version
Plugin: HelloAsso
Vulnerability: Missing Authorization to Authenticated (Contributor+) Limited Options Update
Patched Version: 1.1.11
Recommended Action: Update to version 1.1.11, or a newer patched version
Plugin: Cab fare calculator
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Geo Controller
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Booking for Appointments and Events Calendar – Amelia Premium
Vulnerability: Missing Authorization to Sensitive Information Exposure
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Geo Controller
Vulnerability: Missing Authorization to Unauthenticated Shortcode Execution
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
Vulnerability: 6.5.5
Patched Version: 6.5.6
Recommended Action: Update to version 6.5.6, or a newer patched version
Plugin: Dynamic Featured Image
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RD Station
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Form Vibes – Database Manager for Forms
Vulnerability: Missing Authorization in Multiple Functions
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Security, Antivirus, Firewall – S.A.F
Vulnerability: IP Address Spoofing to Protection Mechanism Bypass
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Share This Image
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode
Patched Version: 2.03
Recommended Action: Update to version 2.03, or a newer patched version