Watch Out Wednesday – February 26, 2020

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Pricing Table by Supsystic

Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version

Plugin: Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 2.2
Recommended Action: Update to version 2.2, or a newer patched version

Plugin: CardGate Payments for WooCommerce

Vulnerability: Lack of Origin Validation
Patched Version: 3.1.16
Recommended Action: Update to version 3.1.16, or a newer patched version

Plugin: Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Vulnerability: Multiple Cross-Site Scripting Issues
Patched Version: 1.5.46
Recommended Action: Update to version 1.5.46, or a newer patched version

Plugin: WP All Import Pro

Vulnerability: Reflected Cross Site Scripting
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version

Plugin: WP All Import Pro

Vulnerability: SQL Injection
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version

Plugin: Modula Image Gallery

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version

Plugin: Hero Maps Premium

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.2.3
Recommended Action: Update to version 2.2.3, or a newer patched version

Plugin: WP All Import Pro

Vulnerability: Missing Authorization and Cross-Site Request Forgery Checks
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version

Plugin: Pricing Table by Supsystic

Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version

Plugin: Pricing Table by Supsystic

Vulnerability: Missing Authorization on AJAX Actions
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version

Plugin: Indeed Membership Pro

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.7
Recommended Action: Update to version 8.7, or a newer patched version

Plugin: Indeed Membership Pro

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.6.2
Recommended Action: Update to version 8.6.2, or a newer patched version

Plugin: Chained Quiz

Vulnerability: No subtitle
Patched Version: 1.1.9.1
Recommended Action: Update to version 1.1.9.1, or a newer patched version

Plugin: Gallery Plugin for WordPress – Envira Photo Gallery

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 1.7.7
Recommended Action: Update to version 1.7.7, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Recent Posts

WordPress