Watch Out Wednesday

Watch Out Wednesday – November 20, 2024

Plugin: SimpleForm – Contact form made simple Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: WP AdCenter – Ad Manager & Adsense […]

Watch Out Wednesday – November 20, 2024 Read More »

Watch Out Wednesday – November 13, 2024

Plugin: Envo Extra Vulnerability: Authenticated (Contributor+) Post DisclosurePatched Version: 1.9.4Recommended Action: Update to version 1.9.4, or a newer patched version Plugin: Algori PDF Viewer Vulnerability: Authenticated (Author+) Stored Cross-Site ScriptingPatched Version: 1.0.8Recommended Action: Update to version 1.0.8, or a newer patched version Plugin: SysBasics Customize My Account for WooCommerce Vulnerability: Reflected Cross-Site Scripting via tab

Watch Out Wednesday – November 13, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – November 6, 2024

Plugin: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Watch Out Wednesday – November 6, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: Contact Form 7 – Repeatable Fields Vulnerability: Repeatable Fields <= 2.0.1Patched Version: 2.0.2Recommended Action: Update to version 2.0.2, or a newer patched version Plugin: WP Recipe Maker Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘tooltip’Patched Version: 9.7.0Recommended Action: Update to version 9.7.0, or a newer patched version Plugin: Extra Product Options Builder for

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 30, 2024

Plugin: ID-SK Toolkit Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: ElementsKit Elementor addons Vulnerability: Authenticated

Watch Out Wednesday – October 30, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Transients Manager Vulnerability: Cross-Site Request ForgeryPatched Version: 2.0.7Recommended Action: Update to version 2.0.7, or a newer patched version Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended

Watch Out Wednesday – October 23, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Fonto – Custom Web Fonts Manager Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadPatched Version: 1.2.2Recommended Action: Update to version 1.2.2, or a newer patched version Plugin: WP Photo Album Plus

Watch Out Wednesday – October 23, 2024 Read More »

Watch Out Wednesday – October 23, 2024

Plugin: Miniorange OTP Verification with Firebase Vulnerability: Authentication BypassPatched Version: 3.6.1Recommended Action: Update to version 3.6.1, or a newer patched version Plugin: Photo Gallery Slideshow & Masonry Tiled Gallery Vulnerability: Authenticated (Admin+) SQL InjectionPatched Version: 1.0.4Recommended Action: Update to version 1.0.4, or a newer patched version Plugin: Product Customizer Light Vulnerability: Authenticated (Author+) Stored Cross-Site

Watch Out Wednesday – October 23, 2024 Read More »