Watch Out Wednesday

Watch Out Wednesday – February 28, 2024

Plugin: Maintenance Page Vulnerability: Missing Authorization to Sensitive Information ExposurePatched Version: 1.0.9Recommended Action: Update to version 1.0.9, or a newer patched version Plugin: Elementor Addon Elements Vulnerability: Directory Traversal to Local File InclusionPatched Version: 1.13Recommended Action: Update to version 1.13, or a newer patched version Plugin: Colibri Page Builder Vulnerability: Cross-Site Request Fogery via extend_builderPatched […]

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 28, 2024

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Vulnerability: 2.8.2Patched Version: 2.8.3Recommended Action: Update to version 2.8.3, or a newer patched version Plugin: Orbit Fox by ThemeIsle Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 2.10.32Recommended Action: Update to version 2.10.32, or a newer patched version Plugin: Categorify –

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 21, 2024

Plugin: Premium Addons for Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 4.10.19Recommended Action: Update to version 4.10.19, or a newer patched version Plugin: Sydney Toolbox Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 1.26Recommended Action: Update to version 1.26, or a newer patched version Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos,

Watch Out Wednesday – February 21, 2024 Read More »

Watch Out Wednesday – February 14, 2024

Plugin: ImageRecycle pdf & image compression Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimizationPatched Version: 3.1.14Recommended Action: Update to version 3.1.14, or a newer patched version Plugin: WP Shortcodes Plugin — Shortcodes Ultimate Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcodePatched Version: 7.0.2Recommended Action: Update to version 7.0.2, or a newer patched version Plugin: ImageRecycle

Watch Out Wednesday – February 14, 2024 Read More »

Watch Out Wednesday – February 14, 2024

Plugin: Passster – Password Protect Pages and Content Vulnerability: Missing Authorization to Sensitive Information ExposurePatched Version: 4.2.6.3Recommended Action: Update to version 4.2.6.3, or a newer patched version Plugin: ImageRecycle pdf & image compression Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimizationPatched Version: 3.1.14Recommended Action: Update to version 3.1.14, or a newer patched version Plugin:

Watch Out Wednesday – February 14, 2024 Read More »

Watch Out Wednesday – February 7, 2024

Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store  Vulnerability: Missing AuthorizationPatched Version: 1.0.6.2Recommended Action: Update to version 1.0.6.2, or a newer patched version Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more Vulnerability: Missing Authorization via restore_records()Patched Version: 8.5.7Recommended Action: Update to version 8.5.7, or a newer patched

Watch Out Wednesday – February 7, 2024 Read More »

Watch Out Wednesday – February 7, 2024

Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store  Vulnerability: Missing AuthorizationPatched Version: 1.0.6.2Recommended Action: Update to version 1.0.6.2, or a newer patched version Plugin: Html5 Video Player Vulnerability: Unauthenticated SQL Injection via idPatched Version: 2.5.25Recommended Action: Update to version 2.5.25, or a newer patched version Plugin: Restrict Usernames Emails Characters Vulnerability:

Watch Out Wednesday – February 7, 2024 Read More »

Watch Out Wednesday – January 17, 2024

Plugin: Display custom fields in the frontend – Post and User Profile Fields Vulnerability: Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta DisclosurePatched Version: 1.3.0Recommended Action: Update to version 1.3.0, or a newer patched version Plugin: Order Export & Order Import for WooCommerce Vulnerability: Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_filePatched Version: 2.4.4Recommended

Watch Out Wednesday – January 17, 2024 Read More »

Watch Out Wednesday – January 17, 2024

Plugin: Woocommerce Vietnam Checkout Vulnerability: Authenticated (Admin+) Stored Cross-Site ScriptingPatched Version: 2.0.8Recommended Action: Update to version 2.0.8, or a newer patched version Plugin: Newsletter – Send awesome emails from WordPress Vulnerability: Cross-Site Request ForgeryPatched Version: 8.0.7Recommended Action: Update to version 8.0.7, or a newer patched version Plugin: ARMember – Membership Plugin, Content Restriction, Member Levels,

Watch Out Wednesday – January 17, 2024 Read More »