Watch Out Wednesday

Watch Out Wednesday – August 14, 2024

Plugin: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting via Currency SettingsPatched Version: 3.3.3Recommended Action: Update to version 3.3.3, or a newer patched version Plugin: Organization chart Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description ParametersPatched Version: 1.5.1Recommended Action: Update to version 1.5.1, or a […]

Watch Out Wednesday – August 14, 2024 Read More »

Watch Out Wednesday – August 7, 2024

Plugin: CTT Expresso para WooCommerce Vulnerability: Information Exposure via Unprotected DirectoryPatched Version: 3.2.13Recommended Action: Update to version 3.2.13, or a newer patched version Plugin: Gutenberg Blocks, Page Builder – ComboBlocks Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown WidgetPatched Version: 2.2.86Recommended Action: Update to version 2.2.86, or a newer patched version

Watch Out Wednesday – August 7, 2024 Read More »

Watch Out Wednesday – August 7, 2024

Plugin: Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability: HubSpot Developer API Key Sensitive Information ExposurePatched Version: 1.29.2Recommended Action: Update to version 1.29.2, or a newer patched version Plugin: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: n/aRecommended Action:

Watch Out Wednesday – August 7, 2024 Read More »

Watch Out Wednesday – July 31, 2024

Plugin: Add Admin CSS Vulnerability: Unauthenticated Full Path DislcosurePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: IgnitionDeck Crowdfunding Platform Vulnerability: Missing AuthorizationPatched Version: n/aRecommended Action:

Watch Out Wednesday – July 31, 2024 Read More »

Watch Out Wednesday – July 24, 2024

Plugin: Booking Ultra Pro Appointments Booking Calendar Plugin Vulnerability: Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdatesPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Timeline

Watch Out Wednesday – July 24, 2024 Read More »

Watch Out Wednesday – July 3, 2024

Plugin: Ultimate Blocks – WordPress Blocks Plugin Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple BlocksPatched Version: 3.2.0Recommended Action: Update to version 3.2.0, or a newer patched version Plugin: Cost Calculator Builder Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 3.2.13Recommended Action: Update to version 3.2.13, or a newer patched version Plugin: LearnPress – WordPress LMS Plugin

Watch Out Wednesday – July 3, 2024 Read More »

Watch Out Wednesday – June 26, 2024

Plugin: User Profile Picture Vulnerability: Authenticated (Author+) Insecure Direct Object Reference to Profile Picture UpdatePatched Version: 2.6.2Recommended Action: Update to version 2.6.2, or a newer patched version Plugin: ContentLock Vulnerability: Cross-Site Request Forgery to Group/Email DeletionPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on

Watch Out Wednesday – June 26, 2024 Read More »

Watch Out Wednesday – July 3, 2024

Plugin: Auto Featured Image Vulnerability: Authenticated (Contributor+) Arbitrary File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Elementor Addon Elements Vulnerability: Authenticated (Contributor+) Stored Cross-Site

Watch Out Wednesday – July 3, 2024 Read More »

Watch Out Wednesday – July 3, 2024

Plugin: Auto Featured Image Vulnerability: Authenticated (Contributor+) Arbitrary File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Elementor Addon Elements Vulnerability: Authenticated (Contributor+) Stored Cross-Site

Watch Out Wednesday – July 3, 2024 Read More »

Watch Out Wednesday – July 3, 2024

Plugin: Auto Featured Image Vulnerability: Authenticated (Contributor+) Arbitrary File UploadPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Elementor Addon Elements Vulnerability: Authenticated (Contributor+) Stored Cross-Site

Watch Out Wednesday – July 3, 2024 Read More »