October 2024

Watch Out Wednesday – October 30, 2024

Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated […]

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: Contact Form 7 – Repeatable Fields Vulnerability: Repeatable Fields <= 2.0.1Patched Version: 2.0.2Recommended Action: Update to version 2.0.2, or a newer patched version Plugin: WP Recipe Maker Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘tooltip’Patched Version: 9.7.0Recommended Action: Update to version 9.7.0, or a newer patched version Plugin: Extra Product Options Builder for

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Transients Manager Vulnerability: Cross-Site Request ForgeryPatched Version: 2.0.7Recommended Action: Update to version 2.0.7, or a newer patched version Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended

Watch Out Wednesday – October 23, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended Action: Update to version 1.0.4, or a newer patched version Plugin: Product Customizer Light Vulnerability: Authenticated (Author+) Stored Cross-Site

Watch Out Wednesday – October 23, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Fonto – Custom Web Fonts Manager Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: 1.2.2Recommended Action: Update to version 1.2.2, or a newer patched version Plugin: WP Photo Album Plus

Watch Out Wednesday – October 23, 2024 Read More »

Watch Out Wednesday – October 16, 2024

Plugin: WP Builder Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: GDPR-Extensions-com – Consent Manager Vulnerability:

Watch Out Wednesday – October 16, 2024 Read More »

Watch Out Wednesday – October 16, 2024

Plugin: WP Builder Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: GDPR-Extensions-com – Consent Manager Vulnerability:

Watch Out Wednesday – October 16, 2024 Read More »

Watch Out Wednesday – October 9, 2024

Plugin: Shortcodes and extra features for Phlox theme Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker WidgetsPatched Version: 2.16.4Recommended Action: Update to version 2.16.4, or a newer patched version Plugin: Clio Grow Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and

Watch Out Wednesday – October 9, 2024 Read More »

Watch Out Wednesday – October 2, 2024

Plugin: PWA — easy way to Progressive Web App Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: 1.6.4Recommended Action: Update to version 1.6.4, or a newer patched version Plugin: BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.1.2Recommended Action:

Watch Out Wednesday – October 2, 2024 Read More »