Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Pricing Table by Supsystic
Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version
Plugin: Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 2.2
Recommended Action: Update to version 2.2, or a newer patched version
Plugin: CardGate Payments for WooCommerce
Vulnerability: Lack of Origin Validation
Patched Version: 3.1.16
Recommended Action: Update to version 3.1.16, or a newer patched version
Plugin: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Vulnerability: Multiple Cross-Site Scripting Issues
Patched Version: 1.5.46
Recommended Action: Update to version 1.5.46, or a newer patched version
Plugin: WP All Import Pro
Vulnerability: Reflected Cross Site Scripting
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version
Plugin: WP All Import Pro
Vulnerability: SQL Injection
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version
Plugin: Modula Image Gallery
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version
Plugin: Hero Maps Premium
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.2.3
Recommended Action: Update to version 2.2.3, or a newer patched version
Plugin: WP All Import Pro
Vulnerability: Missing Authorization and Cross-Site Request Forgery Checks
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version
Plugin: Pricing Table by Supsystic
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version
Plugin: Pricing Table by Supsystic
Vulnerability: Missing Authorization on AJAX Actions
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version
Plugin: Indeed Membership Pro
Vulnerability: Cross-Site Request Forgery
Patched Version: 8.7
Recommended Action: Update to version 8.7, or a newer patched version
Plugin: Indeed Membership Pro
Vulnerability: Cross-Site Request Forgery
Patched Version: 8.6.2
Recommended Action: Update to version 8.6.2, or a newer patched version
Plugin: Chained Quiz
Vulnerability: No subtitle
Patched Version: 1.1.9.1
Recommended Action: Update to version 1.1.9.1, or a newer patched version
Plugin: Gallery Plugin for WordPress – Envira Photo Gallery
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 1.7.7
Recommended Action: Update to version 1.7.7, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.