Blog

Watch Out Wednesday – January 3, 2024

January 10, 2024 / Watch Out Wednesday /

Plugin: Complianz – GDPR/CCPA Cookie Consent Vulnerability: Authenticated(Administrator+) Stored Cross-site Scripting via settingsPatched Version: 6.5.6Recommended Action: Update to version 6.5.6, or a newer patched version Plugin: WooCommerce Easy Duplicate Product Vulnerability: Missing Authorization via wedp_duplicate_product_actionPatched Version: 0.3.0.8Recommended Action: Update to version 0.3.0.8, or a newer patched version Plugin: WooCommerce Warranty Requests Vulnerability: Missing AuthorizationPatched Version: […]

Watch Out Wednesday – January 3, 2024 Read More »

Watch Out Wednesday – December 20, 2023

December 27, 2023 / Watch Out Wednesday /

Plugin: E2Pdf – Export To Pdf Tool for WordPress Vulnerability: Authenticated (Administrator+) Arbitrary File UploadPatched Version: 1.20.26Recommended Action: Update to version 1.20.26, or a newer patched version Plugin: Image horizontal reel scroll slideshow Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: 13.4Recommended Action: Update to version 13.4, or a newer patched version Plugin: Simple

Watch Out Wednesday – December 20, 2023 Read More »

Watch Out Wednesday – December 20, 2023

December 20, 2023 / Watch Out Wednesday /

Plugin: E2Pdf – Export To Pdf Tool for WordPress Vulnerability: Authenticated (Administrator+) Arbitrary File UploadPatched Version: 1.20.26Recommended Action: Update to version 1.20.26, or a newer patched version Plugin: MW WP Form Vulnerability: Improper Limitation of File Name to Unauthenticated Arbitrary File DeletionPatched Version: 5.0.4Recommended Action: Update to version 5.0.4, or a newer patched version Plugin:

Watch Out Wednesday – December 20, 2023 Read More »

Watch Out Wednesday – December 6, 2023

December 6, 2023 / Watch Out Wednesday /

Plugin: Backup Migration Vulnerability: Unauthenticated Arbitrary File Download to Sensitive Information ExposurePatched Version: 1.3.7Recommended Action: Update to version 1.3.7, or a newer patched version Plugin: Guest Author Vulnerability: Authenticated Stored Cross-Site ScriptingPatched Version: 2.4Recommended Action: Update to version 2.4, or a newer patched version Plugin: Abandoned Cart Lite for WooCommerce Vulnerability: Cross-Site Request ForgeryPatched Version:

Watch Out Wednesday – December 6, 2023 Read More »

Watch Out Wednesday – December 6, 2023

December 6, 2023 / Watch Out Wednesday /

Plugin: Backup Migration Vulnerability: Unauthenticated Arbitrary File Download to Sensitive Information ExposurePatched Version: 1.3.7Recommended Action: Update to version 1.3.7, or a newer patched version Plugin: Guest Author Vulnerability: Authenticated Stored Cross-Site ScriptingPatched Version: 2.4Recommended Action: Update to version 2.4, or a newer patched version Plugin: Abandoned Cart Lite for WooCommerce Vulnerability: Cross-Site Request ForgeryPatched Version:

Watch Out Wednesday – December 6, 2023 Read More »

Watch Out Wednesday – December 6, 2023

December 6, 2023 / Watch Out Wednesday /

Plugin: Backup Migration Vulnerability: Unauthenticated Arbitrary File Download to Sensitive Information ExposurePatched Version: 1.3.7Recommended Action: Update to version 1.3.7, or a newer patched version Plugin: Contact Form 7 Vulnerability: Authenticated (Editor+) Arbitrary File UploadPatched Version: 5.8.4Recommended Action: Update to version 5.8.4, or a newer patched version Plugin: Quotes for WooCommerce Vulnerability: Missing AuthorizationPatched Version: 2.0.2Recommended

Watch Out Wednesday – December 6, 2023 Read More »

Watch Out Wednesday – November 29, 2023

November 29, 2023 / Watch Out Wednesday /

Plugin: Theme My Login 2fa Vulnerability: 2FA Bypass via Brute ForcePatched Version: 1.2Recommended Action: Update to version 1.2, or a newer patched version Plugin: Video PopUp Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s

Watch Out Wednesday – November 29, 2023 Read More »

Watch Out Wednesday – November 22, 2023

November 22, 2023 / Watch Out Wednesday /

Plugin: URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress Vulnerability: Authenticated (Admin+) Stored Cross-Site ScriptingPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Watch Out Wednesday – November 22, 2023 Read More »

Watch Out Wednesday – November 15, 2023

November 15, 2023 / Watch Out Wednesday /

Plugin: Star CloudPRNT for WooCommerce Vulnerability: Reflected Cross-Site ScriptingPatched Version: 2.0.4Recommended Action: Update to version 2.0.4, or a newer patched version Plugin: EasyRotator for WordPress – Slider Plugin Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on

Watch Out Wednesday – November 15, 2023 Read More »