Watch Out Wednesday

Watch Out Wednesday – September 18, 2024

Plugin: YITH Custom Login Vulnerability: Reflected Cross-Site ScriptingPatched Version: 1.7.4Recommended Action: Update to version 1.7.4, or a newer patched version Plugin: WP Booking System – Booking Calendar Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.0.19.9Recommended Action: Update to version 2.0.19.9, or a newer patched version Plugin: Roles & Capabilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No […]

Watch Out Wednesday – September 18, 2024 Read More »

Watch Out Wednesday – September 11, 2024

Plugin: Ivory Search – WordPress Search Plugin Vulnerability: Information Exposure via AJAX Search FormPatched Version: 5.5.7Recommended Action: Update to version 5.5.7, or a newer patched version Plugin: HelloAsso Vulnerability: Missing Authorization to Authenticated (Contributor+) Limited Options UpdatePatched Version: 1.1.11Recommended Action: Update to version 1.1.11, or a newer patched version Plugin: Cab fare calculator Vulnerability: Authenticated

Watch Out Wednesday – September 11, 2024 Read More »

Watch Out Wednesday – September 11, 2024

Plugin: Ivory Search – WordPress Search Plugin Vulnerability: Information Exposure via AJAX Search FormPatched Version: 5.5.7Recommended Action: Update to version 5.5.7, or a newer patched version Plugin: Remember Me Controls Vulnerability: Unauthenticated Full Path DisclosurePatched Version: 2.1Recommended Action: Update to version 2.1, or a newer patched version Plugin: HelloAsso Vulnerability: Missing Authorization to Authenticated (Contributor+)

Watch Out Wednesday – September 11, 2024 Read More »

Watch Out Wednesday – September 4, 2024

Plugin: Front End Users Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: 3.2.29Recommended Action: Update to version 3.2.29, or a newer patched version Plugin: Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking Vulnerability: Cross-Site Request Forgery in Multiple FunctionsPatched Version: 2.11.21Recommended Action: Update to version 2.11.21, or

Watch Out Wednesday – September 4, 2024 Read More »

Watch Out Wednesday – August 28, 2024

Plugin: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive FunctionPatched Version: 9.8.0Recommended Action: Update to version 9.8.0, or a newer patched version Plugin: Mollie Payments for WooCommerce Vulnerability: Unauthenticated Full Path DisclosurePatched Version: 7.8.0Recommended Action: Update to version 7.8.0, or a newer patched

Watch Out Wednesday – August 28, 2024 Read More »

Watch Out Wednesday – August 28, 2024

Plugin: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive FunctionPatched Version: 9.8.0Recommended Action: Update to version 9.8.0, or a newer patched version Plugin: User Private Files – WordPress File Sharing Plugin Vulnerability: Insecure Direct Object Reference to Authenticated (Subscriber+) Private File AccessPatched Version:

Watch Out Wednesday – August 28, 2024 Read More »

Watch Out Wednesday – August 21, 2024

Plugin: ElementsKit Pro Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 3.6.6Recommended Action: Update to version 3.6.6, or a newer patched version Plugin: WP MultiTasking – WP Utilities Vulnerability: Reflected Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It

Watch Out Wednesday – August 21, 2024 Read More »

Watch Out Wednesday – August 21, 2024

Plugin: AFI – The Easiest Integration Plugin Vulnerability: Cross-Site Request ForgeryPatched Version: 1.89.6Recommended Action: Update to version 1.89.6, or a newer patched version Plugin: Custom Layouts – Post + Product grids made easy Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 1.4.12Recommended Action: Update to version 1.4.12, or a newer patched version Plugin: The Ultimate Video

Watch Out Wednesday – August 21, 2024 Read More »

Watch Out Wednesday – August 14, 2024

Plugin: Organization chart Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description ParametersPatched Version: 1.5.1Recommended Action: Update to version 1.5.1, or a newer patched version Plugin: Fuse Social Floating Sidebar Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via File UploadPatched Version: 5.4.11Recommended Action: Update to version 5.4.11, or a newer patched version Plugin: Appointment Booking

Watch Out Wednesday – August 14, 2024 Read More »