Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Fonto – Custom Web Fonts Manager Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: 1.2.2Recommended Action: Update to version 1.2.2, or a newer patched version Plugin: WP Photo Album Plus […]
Plugin: WP Builder Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: GDPR-Extensions-com – Consent Manager Vulnerability:
Plugin: WP Builder Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: GDPR-Extensions-com – Consent Manager Vulnerability:
Plugin: Shortcodes and extra features for Phlox theme Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker WidgetsPatched Version: 2.16.4Recommended Action: Update to version 2.16.4, or a newer patched version Plugin: Clio Grow Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and
Plugin: PWA — easy way to Progressive Web App Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: 1.6.4Recommended Action: Update to version 1.6.4, or a newer patched version Plugin: BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.1.2Recommended Action:
Plugin: WP MultiTasking – WP Utilities Vulnerability: WP Utilities <= 0.1.17Patched Version: 0.1.18Recommended Action: Update to version 0.1.18, or a newer patched version Plugin: Absolute Reviews Vulnerability: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria NamePatched Version: 1.1.4Recommended Action: Update to version 1.1.4, or a newer patched version Plugin: Beaver Builder – WordPress Page Builder
Plugin: LiteSpeed Cache Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 6.5Recommended Action: Update to version 6.5, or a newer patched version Plugin: Backup Database Vulnerability: Authenticated (Admin+) Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may
Plugin: MC4WP: Mailchimp for WordPress Vulnerability: 4.9.16Patched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Limit Login Attempts Plus – WordPress Limit Login Attempts By Felix
Plugin: YITH Custom Login Vulnerability: Reflected Cross-Site ScriptingPatched Version: 1.7.4Recommended Action: Update to version 1.7.4, or a newer patched version Plugin: WP Booking System – Booking Calendar Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.0.19.9Recommended Action: Update to version 2.0.19.9, or a newer patched version Plugin: Roles & Capabilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No
Plugin: YITH Custom Login Vulnerability: Reflected Cross-Site ScriptingPatched Version: 1.7.4Recommended Action: Update to version 1.7.4, or a newer patched version Plugin: Roles & Capabilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best
