Login
Facebook-f Linkedin-in Youtube

Watch Out Wednesday – December 22, 2021

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version

Plugin: Simple Download Monitor

Vulnerability: Multiple Cross-Site Request Forgery vulnerabilities
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version

Plugin: Simple Download Monitor

Vulnerability: Contributor+ Stored Cross-Site Scripting via Shortcodes
Patched Version: 3.9.11
Recommended Action: Update to version 3.9.11, or a newer patched version

Plugin: Crisp – Live Chat and Chatbot

Vulnerability: No subtitle
Patched Version: 0.32
Recommended Action: Update to version 0.32, or a newer patched version

Plugin: AnyComment

Vulnerability: Open Redirect via redirect parameter
Patched Version: 0.3.5
Recommended Action: Update to version 0.3.5, or a newer patched version

Plugin: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 14.0.0
Recommended Action: Update to version 14.0.0, or a newer patched version

Plugin: Event Calendar WD version

Vulnerability: Subscriber+ Event Creation
Patched Version: 1.1.51
Recommended Action: Update to version 1.1.51, or a newer patched version

Plugin: Easy Forms for Mailchimp

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 6.8.6
Recommended Action: Update to version 6.8.6, or a newer patched version

Plugin: Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)

Vulnerability: Unauthenticated Arbitrary Options Update
Patched Version: 9.6.2
Recommended Action: Update to version 9.6.2, or a newer patched version

Plugin: Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.4.9.6
Recommended Action: Update to version 1.4.9.6, or a newer patched version

Plugin: Backup and Staging by WP Time Capsule

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.22.7
Recommended Action: Update to version 1.22.7, or a newer patched version

Plugin: Post Grid and Gutenberg Blocks – ComboBlocks

Vulnerability: Contributor+ SQL Injection
Patched Version: 2.1.13
Recommended Action: Update to version 2.1.13, or a newer patched version

Plugin: Five Star Restaurant Reservations – WordPress Booking Plugin

Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched Version: 2.4.8
Recommended Action: Update to version 2.4.8, or a newer patched version

Plugin: tarteaucitron.js – Cookies legislation & GDPR

Vulnerability: Cross-Site Scripting
Patched Version: 1.6.1
Recommended Action: Update to version 1.6.1, or a newer patched version

Plugin: AMP for WP – Accelerated Mobile Pages

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 1.0.77.33
Recommended Action: Update to version 1.0.77.33, or a newer patched version

Plugin: Asgaros Forum

Vulnerability: Admin+ SQL Injection via forum_id
Patched Version: 1.15.15
Recommended Action: Update to version 1.15.15, or a newer patched version

Plugin: ACF Photo Gallery Field

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.7.5
Recommended Action: Update to version 1.7.5, or a newer patched version

Plugin: SEUR Oficial

Vulnerability: Cross-Site Scripting
Patched Version: 1.7.0
Recommended Action: Update to version 1.7.0, or a newer patched version

Plugin: Event Calendar WD version

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.1.51
Recommended Action: Update to version 1.1.51, or a newer patched version

Plugin: Tabs – Responsive Tabs with WooCommerce Product Tab Extension

Vulnerability: Unauthenticated Arbitrary Option Update
Patched Version: 3.6.0
Recommended Action: Update to version 3.6.0, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Picture of Odell Duppins Jr

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.

Recent Posts

WordPress

Login