Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Events Manager – Calendar, Bookings, Tickets, and more!
Vulnerability: CSV Injection
Patched Version: 5.9.7.2
Recommended Action: Update to version 5.9.7.2, or a newer patched version
Plugin: Participants Database
Vulnerability: SQL Injection
Patched Version: 1.9.5.6
Recommended Action: Update to version 1.9.5.6, or a newer patched version
Plugin: Events Manager Pro
Vulnerability: Unauthenticated CSV Injection
Patched Version: 2.6.7.2
Recommended Action: Update to version 2.6.7.2, or a newer patched version
Plugin: WP Fastest Cache
Vulnerability: Authenticated (Subscriber+) Arbitrary File Deletion
Patched Version: 0.9.0.3
Recommended Action: Update to version 0.9.0.3, or a newer patched version
Plugin: ManageWP Worker
Vulnerability: Authentication Bypass
Patched Version: 4.9.3
Recommended Action: Update to version 4.9.3, or a newer patched version
Plugin: Indeed Membership Pro
Vulnerability: 8.6
Patched Version: 8.6.1
Recommended Action: Update to version 8.6.1, or a newer patched version
Plugin: Indeed Membership Pro
Vulnerability: 8.6
Patched Version: 8.6.1
Recommended Action: Update to version 8.6.1, or a newer patched version
Plugin: CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)
Vulnerability: Authenticated Stored Cross-Site Scripting and Authorization Bypass
Patched Version: 1.8.3
Recommended Action: Update to version 1.8.3, or a newer patched version
Plugin: WP Database Backup – Unlimited Database & Files Backup by Backup for WP
Vulnerability: Unauthenticated Information Disclosure
Patched Version: 5.5.1
Recommended Action: Update to version 5.5.1, or a newer patched version
Plugin: Merge + Minify + Refresh
Vulnerability: Cross-Site Request Forgery leading to Arbitrary File Deletion and Site Reset
Patched Version: 1.10.8
Recommended Action: Update to version 1.10.8, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.