Watch Out Wednesday

Watch Out Wednesday – September 25, 2024

Plugin: LiteSpeed Cache Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 6.5Recommended Action: Update to version 6.5, or a newer patched version Plugin: Backup Database Vulnerability: Authenticated (Admin+) Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may […]

Watch Out Wednesday – September 25, 2024 Read More »

Watch Out Wednesday – October 2, 2024

Plugin: WP MultiTasking – WP Utilities Vulnerability: WP Utilities <= 0.1.17Patched Version: 0.1.18Recommended Action: Update to version 0.1.18, or a newer patched version Plugin: Absolute Reviews Vulnerability: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria NamePatched Version: 1.1.4Recommended Action: Update to version 1.1.4, or a newer patched version Plugin: Beaver Builder – WordPress Page Builder

Watch Out Wednesday – October 2, 2024 Read More »

Watch Out Wednesday – September 25, 2024

Plugin: MC4WP: Mailchimp for WordPress Vulnerability: 4.9.16Patched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Limit Login Attempts Plus – WordPress Limit Login Attempts By Felix

Watch Out Wednesday – September 25, 2024 Read More »

Watch Out Wednesday – September 18, 2024

Plugin: amCharts: Charts and Maps Vulnerability: Reflected Cross-Site Scripting via Cross-Site Request ForgeryPatched Version: 1.4.5Recommended Action: Update to version 1.4.5, or a newer patched version Plugin: LearnPress – WordPress LMS Plugin Vulnerability: Unauthenticated SQL Injection via ‘c_fields’Patched Version: 4.2.7.1Recommended Action: Update to version 4.2.7.1, or a newer patched version Plugin: LearnPress – WordPress LMS Plugin

Watch Out Wednesday – September 18, 2024 Read More »

Watch Out Wednesday – September 18, 2024

Plugin: amCharts: Charts and Maps Vulnerability: Reflected Cross-Site Scripting via Cross-Site Request ForgeryPatched Version: 1.4.5Recommended Action: Update to version 1.4.5, or a newer patched version Plugin: LearnPress – WordPress LMS Plugin Vulnerability: Unauthenticated SQL Injection via ‘c_fields’Patched Version: 4.2.7.1Recommended Action: Update to version 4.2.7.1, or a newer patched version Plugin: LearnPress – WordPress LMS Plugin

Watch Out Wednesday – September 18, 2024 Read More »

Watch Out Wednesday – September 18, 2024

Plugin: YITH Custom Login Vulnerability: Reflected Cross-Site ScriptingPatched Version: 1.7.4Recommended Action: Update to version 1.7.4, or a newer patched version Plugin: Roles & Capabilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best

Watch Out Wednesday – September 18, 2024 Read More »

Watch Out Wednesday – September 18, 2024

Plugin: YITH Custom Login Vulnerability: Reflected Cross-Site ScriptingPatched Version: 1.7.4Recommended Action: Update to version 1.7.4, or a newer patched version Plugin: WP Booking System – Booking Calendar Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.0.19.9Recommended Action: Update to version 2.0.19.9, or a newer patched version Plugin: Roles & Capabilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No

Watch Out Wednesday – September 18, 2024 Read More »

Watch Out Wednesday – September 11, 2024

Plugin: Ivory Search – WordPress Search Plugin Vulnerability: Information Exposure via AJAX Search FormPatched Version: 5.5.7Recommended Action: Update to version 5.5.7, or a newer patched version Plugin: HelloAsso Vulnerability: Missing Authorization to Authenticated (Contributor+) Limited Options UpdatePatched Version: 1.1.11Recommended Action: Update to version 1.1.11, or a newer patched version Plugin: Cab fare calculator Vulnerability: Authenticated

Watch Out Wednesday – September 11, 2024 Read More »

Watch Out Wednesday – September 11, 2024

Plugin: Ivory Search – WordPress Search Plugin Vulnerability: Information Exposure via AJAX Search FormPatched Version: 5.5.7Recommended Action: Update to version 5.5.7, or a newer patched version Plugin: Remember Me Controls Vulnerability: Unauthenticated Full Path DisclosurePatched Version: 2.1Recommended Action: Update to version 2.1, or a newer patched version Plugin: HelloAsso Vulnerability: Missing Authorization to Authenticated (Contributor+)

Watch Out Wednesday – September 11, 2024 Read More »

Watch Out Wednesday – August 28, 2024

Plugin: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive FunctionPatched Version: 9.8.0Recommended Action: Update to version 9.8.0, or a newer patched version Plugin: Mollie Payments for WooCommerce Vulnerability: Unauthenticated Full Path DisclosurePatched Version: 7.8.0Recommended Action: Update to version 7.8.0, or a newer patched

Watch Out Wednesday – August 28, 2024 Read More »