Plugin: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Vulnerability: Reflected Cross-Site Scripting via error messagePatched Version: 4.11.0Recommended Action: Update to version 4.11.0, or a newer patched version Plugin: Gravity Forms Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.7.5Recommended Action: Update to version 2.7.5, or a newer patched version Plugin: […]
Plugin: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Vulnerability: Reflected Cross-Site Scripting via error messagePatched Version: 4.11.0Recommended Action: Update to version 4.11.0, or a newer patched version Plugin: Gravity Forms Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.7.5Recommended Action: Update to version 2.7.5, or a newer patched version Plugin:
Plugin: JS Job Manager Vulnerability: Cross-Site Request Forgery via multiple functionsPatched Version: 2.0.1Recommended Action: Update to version 2.0.1, or a newer patched version Plugin: Directorist – WordPress Business Directory Plugin with Classified Ads Listings Vulnerability: Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege EscalationPatched Version: 7.5.5Recommended Action: Update to version 7.5.5, or a newer patched
Plugin: WooDiscuz – WooCommerce Comments Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 2.3.0Recommended Action: Update to version 2.3.0, or a newer patched version Plugin: Go Pricing – WordPress Responsive Pricing Tables Vulnerability: WordPress Responsive Pricing Tables <= 3.3.19Patched Version: 3.4Recommended Action: Update to version 3.4, or a newer patched version Plugin: WordPress File Upload Vulnerability:
Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin Vulnerability: Unauthenticated Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: CALL ME NOW Vulnerability: Cross-Site
Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin Vulnerability: Unauthenticated Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: CALL ME NOW Vulnerability: Cross-Site
Plugin: Zero Spam for WordPress Vulnerability: Authenticated(Administrator+) SQL InjectionPatched Version: 5.4.5Recommended Action: Update to version 5.4.5, or a newer patched version Plugin: WPO365 | Mail Integration for Office 365 / Outlook Vulnerability: reflected Cross-Site Scripting via error_descriptionPatched Version: 1.9.1Recommended Action: Update to version 1.9.1, or a newer patched version Plugin: WPPizza – A Restaurant Plugin
Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin Vulnerability: Unauthenticated Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Complianz – GDPR/CCPA Cookie Consent
Plugin: AJAX Thumbnail Rebuild Vulnerability: Missing AuthorizationPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Emails & Newsletters with Jackmail Vulnerability: Authenticated (Subscriber+) CSV InjectonPatched Version:
