2024

Watch Out Wednesday – May 15, 2024

Plugin: Breakdance Vulnerability: Authenticated (Contributor+) Remote Code ExecutionPatched Version: 1.7.2Recommended Action: Update to version 1.7.2, or a newer patched version Plugin: White Label CMS Vulnerability: Missing Authorization to Plugin Settings ResetPatched Version: 2.7.4Recommended Action: Update to version 2.7.4, or a newer patched version Plugin: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits &

Watch Out Wednesday – May 15, 2024 Read More »

Watch Out Wednesday – May 8, 2024

Plugin: 3D FlipBook – PDF Flipbook WordPress Vulnerability: Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URLPatched Version: 1.15.5Recommended Action: Update to version 1.15.5, or a newer patched version Plugin: HT Mega – Absolute Addons For Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery JustifyPatched Version: 2.5.1Recommended Action: Update to version 2.5.1, or a newer

Watch Out Wednesday – May 8, 2024 Read More »

Watch Out Wednesday – May 8, 2024

Plugin: 3D FlipBook – PDF Flipbook WordPress Vulnerability: Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URLPatched Version: 1.15.5Recommended Action: Update to version 1.15.5, or a newer patched version Plugin: ConvertPlug Vulnerability: Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdatePatched Version: 3.5.26Recommended Action: Update to version 3.5.26, or a newer patched version Plugin: Elementor Website

Watch Out Wednesday – May 8, 2024 Read More »

Watch Out Wednesday – May 1, 2024

Plugin: Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery Vulnerability: GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21Patched Version: 2.7.7.22Recommended Action: Update to version 2.7.7.22, or a newer patched version Plugin: PDF Invoices & Packing Slips for WooCommerce Vulnerability: Unauthenticated Server-Side Request ForgeryPatched Version: 3.8.1Recommended Action: Update to version 3.8.1, or a

Watch Out Wednesday – May 1, 2024 Read More »

Watch Out Wednesday – April 17, 2024

Plugin: Language Translate Widget for WordPress – ConveyThis Vulnerability: Unauthenticated Stored Cross-Site Scripting via api_keyPatched Version: 224Recommended Action: Update to version 224, or a newer patched version Plugin: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider ShortcodePatched Version: 3.70.1Recommended Action: Update to version 3.70.1, or

Watch Out Wednesday – April 17, 2024 Read More »