Blog

Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and […]

Plugin: Thumbnail Slider With Lightbox Vulnerability: Cross-Site Request ForgeryPatched Version: 1.0.1Recommended Action: Update to version 1.0.1, or a newer patched version Plugin: AI ChatBot Vulnerability: Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_filePatched Version: 4.9.1Recommended Action: Update to version 4.9.1, or a newer patched version Plugin: Icegram Express – Email Marketing, Newsletters and

Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored

Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored

Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored

Plugin: affiliate-toolkit – WordPress Affiliate Plugin Vulnerability: Open Redirect via atkpout.phpPatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: Slick Contact Forms Vulnerability: Authenticated (Contributor+) Stored

Plugin: Geo Controller Vulnerability: Authenticated (Administrator+) Stored Cross-Site ScriptingPatched Version: 8.5.3Recommended Action: Update to version 8.5.3, or a newer patched version Plugin: Booster for WooCommerce Vulnerability: Authenticated (Subscriber+) Information Disclosure via ShortcodePatched Version: 7.1.2Recommended Action: Update to version 7.1.2, or a newer patched version Plugin: Customer Reviews for WooCommerce Vulnerability: Missing AuthorizationPatched Version: 5.36.1Recommended Action:

Plugin: Font Awesome More Icons Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodePatched Version: n/aRecommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement. Plugin: bbp style pack Vulnerability: Authenticated

Plugin: rtMedia for WordPress, BuddyPress and bbPress Vulnerability: Missing Authorization via export_settingsPatched Version: 4.6.15Recommended Action: Update to version 4.6.15, or a newer patched version Plugin: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Vulnerability: Insecure Direct Object ReferencePatched Version: 5.0.9Recommended Action: Update to version 5.0.9, or a newer patched

Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Vulnerability: Authentication BypassPatched Version: 7.6.5Recommended Action: Update to version 7.6.5, or a newer patched version Plugin: WP Post Author – The Ideal Author Box for WordPress Posts, Co-Authors and Guest Authors with Author Login and Registration Form Builder Vulnerability: Privilege EscalationPatched Version: 3.3.0Recommended Action: Update