Watch Out Wednesday

Watch Out Wednesday – March 6, 2024

Plugin: Ultimate Bootstrap Elements for Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Image WidgetPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Exclusive Addons for

Watch Out Wednesday – March 6, 2024 Read More »

Watch Out Wednesday – February 28, 2024

Plugin: Maintenance Page Vulnerability: Missing Authorization to Sensitive Information ExposurePatched Version: 1.0.9Recommended Action: Update to version 1.0.9, or a newer patched version Plugin: Elementor Addon Elements Vulnerability: Directory Traversal to Local File InclusionPatched Version: 1.13Recommended Action: Update to version 1.13, or a newer patched version Plugin: Colibri Page Builder Vulnerability: Cross-Site Request Fogery via extend_builderPatched

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 28, 2024

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Vulnerability: 2.8.2Patched Version: 2.8.3Recommended Action: Update to version 2.8.3, or a newer patched version Plugin: Orbit Fox by ThemeIsle Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 2.10.32Recommended Action: Update to version 2.10.32, or a newer patched version Plugin: Categorify –

Watch Out Wednesday – February 28, 2024 Read More »

Watch Out Wednesday – February 21, 2024

Plugin: Premium Addons for Elementor Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 4.10.19Recommended Action: Update to version 4.10.19, or a newer patched version Plugin: Sydney Toolbox Vulnerability: Authenticated (Contributor+) Stored Cross-Site ScriptingPatched Version: 1.26Recommended Action: Update to version 1.26, or a newer patched version Plugin: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos,

Watch Out Wednesday – February 21, 2024 Read More »

Watch Out Wednesday – February 14, 2024

Plugin: ImageRecycle pdf & image compression Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimizationPatched Version: 3.1.14Recommended Action: Update to version 3.1.14, or a newer patched version Plugin: WP Shortcodes Plugin — Shortcodes Ultimate Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcodePatched Version: 7.0.2Recommended Action: Update to version 7.0.2, or a newer patched version Plugin: ImageRecycle

Watch Out Wednesday – February 14, 2024 Read More »

Watch Out Wednesday – February 14, 2024

Plugin: Passster – Password Protect Pages and Content Vulnerability: Missing Authorization to Sensitive Information ExposurePatched Version: 4.2.6.3Recommended Action: Update to version 4.2.6.3, or a newer patched version Plugin: ImageRecycle pdf & image compression Vulnerability: Cross-Site Request Forgery to Settings Update in enableOptimizationPatched Version: 3.1.14Recommended Action: Update to version 3.1.14, or a newer patched version Plugin:

Watch Out Wednesday – February 14, 2024 Read More »

Watch Out Wednesday – February 7, 2024

Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store  Vulnerability: Missing AuthorizationPatched Version: 1.0.6.2Recommended Action: Update to version 1.0.6.2, or a newer patched version Plugin: NEX-Forms – Ultimate Form Builder – Contact forms and much more Vulnerability: Missing Authorization via restore_records()Patched Version: 8.5.7Recommended Action: Update to version 8.5.7, or a newer patched

Watch Out Wednesday – February 7, 2024 Read More »

Watch Out Wednesday – February 7, 2024

Plugin: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store  Vulnerability: Missing AuthorizationPatched Version: 1.0.6.2Recommended Action: Update to version 1.0.6.2, or a newer patched version Plugin: Html5 Video Player Vulnerability: Unauthenticated SQL Injection via idPatched Version: 2.5.25Recommended Action: Update to version 2.5.25, or a newer patched version Plugin: Restrict Usernames Emails Characters Vulnerability:

Watch Out Wednesday – February 7, 2024 Read More »