Watch Out Wednesday – January 18, 2023

Home » Watch Out Wednesday – January 18, 2023

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: WidgetShortcode

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Booklet

Vulnerability: Authenticated (Subscriber+) Remote Code Execution
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MainWP Wordfence Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.0.8
Recommended Action: Update to version 4.0.8, or a newer patched version

Plugin: MainWP Maintenance Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version

Plugin: WP Super Popup

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: jQuery T(-) Countdown Widget

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
Patched Version: 2.3.24
Recommended Action: Update to version 2.3.24, or a newer patched version

Plugin: Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages

Vulnerability: Information Disclosure
Patched Version: 1.9.4.1
Recommended Action: Update to version 1.9.4.1, or a newer patched version

Plugin: MainWP Buddy Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version

Plugin: YaMaps for WordPress Plugin

Vulnerability: Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 0.6.26
Recommended Action: Update to version 0.6.26, or a newer patched version

Plugin: alfred24 Click & Collect

Vulnerability: Authenticated (Administrator+) Stored Cross Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MainWP Google Analytics Extension

Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 4.0.5
Recommended Action: Update to version 4.0.5, or a newer patched version

Plugin: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 115
Recommended Action: Update to version 115, or a newer patched version

Plugin: Widget Shortcode

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Custom 404 Pro

Vulnerability: Authenticated (Administrator+) SQL Injection
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version

Plugin: Rich Table of Contents

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.3.9
Recommended Action: Update to version 1.3.9, or a newer patched version

Plugin: MagicForm

Vulnerability: Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Crayon Syntax Highlighter

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Dashicons + Custom Post Types

Vulnerability: Missing Authorization
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Kraken.io Image Optimizer

Vulnerability: Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
Patched Version: 2.6.8
Recommended Action: Update to version 2.6.8, or a newer patched version

Plugin: Extra Block Design, Style, CSS for ANY Gutenberg Blocks

Vulnerability: Cross-Site Request Forgery
Patched Version: 0.2.7
Recommended Action: Update to version 0.2.7, or a newer patched version

Plugin: Advanced Custom Fields: Image Crop Add-on

Vulnerability: Improper Authorization
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP FullCalendar

Vulnerability: Missing Authorization to Information Disclosure
Patched Version: 1.5
Recommended Action: Update to version 1.5, or a newer patched version

Plugin: Security Optimizer – The All-In-One Protection Plugin

Vulnerability: Authenticated (Administrator+) SQL Injection
Patched Version: 1.3.1
Recommended Action: Update to version 1.3.1, or a newer patched version

Plugin: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 8.12.1
Recommended Action: Update to version 8.12.1, or a newer patched version

Plugin: ResponsiveVoice Text To Speech

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.7.7
Recommended Action: Update to version 1.7.7, or a newer patched version

Plugin: Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
Patched Version: 2.6.9
Recommended Action: Update to version 2.6.9, or a newer patched version

Plugin: Hover Image

Plugin: MainWP Post Plus Extension

Vulnerability: Missing Authorization to Arbitrary Page/Post Deletion
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version

Plugin: Login with phone number

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.4.2
Recommended Action: Update to version 1.4.2, or a newer patched version

Plugin: Enable Media Replace

Vulnerability: Authenticated (Author+) Arbitrary File Upload
Patched Version: 4.0.2
Recommended Action: Update to version 4.0.2, or a newer patched version

Plugin: Hide My WP – Amazing Security Plugin for WordPress!

Vulnerability: Unauthenticated SQL Injection
Patched Version: 6.2.9
Recommended Action: Update to version 6.2.9, or a newer patched version

Plugin: MainWP File Uploader Extension

Vulnerability: Authenticated (Subscriber+) Arbitrary File Deletion
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version

Plugin: Simple Tooltips

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.1.4
Recommended Action: Update to version 2.1.4, or a newer patched version

Plugin: MainWP Wordfence Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.8
Recommended Action: Update to version 4.0.8, or a newer patched version

Plugin: WP Show Posts

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.1.4
Recommended Action: Update to version 1.1.4, or a newer patched version

Plugin: MainWP White Label Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.1.2
Recommended Action: Update to version 4.1.2, or a newer patched version

Plugin: MainWP Post Dripper Extension

Vulnerability: Missing Authorization to Arbitrary Page/Post Deletion
Patched Version: 4.0.5
Recommended Action: Update to version 4.0.5, or a newer patched version

Plugin: WP Blog and Widgets

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.3.1
Recommended Action: Update to version 2.3.1, or a newer patched version

Plugin: ipBlockList

Vulnerability: Cross Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MainWP UpdraftPlus Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.7
Recommended Action: Update to version 4.0.7, or a newer patched version

Plugin: MainWP Matomo Extension

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.0.5
Recommended Action: Update to version 4.0.5, or a newer patched version

Plugin: MainWP Clone Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version

Plugin: WP-CommentNavi

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.12.2
Recommended Action: Update to version 1.12.2, or a newer patched version

Plugin: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Vulnerability: SQL Injection
Patched Version: 3.1.0.4
Recommended Action: Update to version 3.1.0.4, or a newer patched version

Plugin: HUSKY – Products Filter Professional for WooCommerce

Vulnerability: Authenticated (Admin+) PHP Object Injection
Patched Version: 1.3.2
Recommended Action: Update to version 1.3.2, or a newer patched version

Plugin: Map Multi Marker

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Widgets on Pages

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.7.0
Recommended Action: Update to version 1.7.0, or a newer patched version

Plugin: Annual Archive

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.6.0
Recommended Action: Update to version 1.6.0, or a newer patched version

Plugin: MainWP Rocket Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.0.4
Recommended Action: Update to version 4.0.4, or a newer patched version

Plugin: Stream

Vulnerability: Missing Authorization to Sensitive Information Disclosure
Patched Version: 3.9.2
Recommended Action: Update to version 3.9.2, or a newer patched version

Plugin: teachPress

Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 8.1.9
Recommended Action: Update to version 8.1.9, or a newer patched version

Plugin: WP Visitor Statistics (Real Time Traffic)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 6.5
Recommended Action: Update to version 6.5, or a newer patched version

Plugin: Naver Map

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Simple Membership WP user Import

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.8
Recommended Action: Update to version 1.8, or a newer patched version

Plugin: OOPSpam Anti-Spam

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.1.36
Recommended Action: Update to version 1.1.36, or a newer patched version

Plugin: Form builder to get in touch with visitors and grow your email list — Happyforms

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks
Patched Version: 1.22.0
Recommended Action: Update to version 1.22.0, or a newer patched version

Plugin: GamiPress – Vimeo integration

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.0.9
Recommended Action: Update to version 1.0.9, or a newer patched version

Plugin: Universal Star Rating

Plugin: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.5.1
Recommended Action: Update to version 2.5.1, or a newer patched version

Plugin: TemplatesNext ToolKit

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.2.8
Recommended Action: Update to version 3.2.8, or a newer patched version

Plugin: WordPrezi

Vulnerability: Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode
Patched Version: 0.9
Recommended Action: Update to version 0.9, or a newer patched version

Plugin: MainWP Page Speed Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version

Plugin: Judge.me Product Reviews for WooCommerce

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.3.21
Recommended Action: Update to version 1.3.21, or a newer patched version

Plugin: My YouTube Channel

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.23.0
Recommended Action: Update to version 3.23.0, or a newer patched version

Plugin: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 115
Recommended Action: Update to version 115, or a newer patched version

Plugin: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Vulnerability: Unauthenticated SQL Injection
Patched Version: 2.9.8
Recommended Action: Update to version 2.9.8, or a newer patched version

Plugin: Survey Maker

Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 3.1.2
Recommended Action: Update to version 3.1.2, or a newer patched version

Plugin: Send PDF for Contact Form 7

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 0.9.9.2
Recommended Action: Update to version 0.9.9.2, or a newer patched version

Plugin: Gallery Factory Lite

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Vimeo Video Autoplay Automute

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.11.3
Recommended Action: Update to version 1.11.3, or a newer patched version

Plugin: MainWP Google Analytics Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.0.5
Recommended Action: Update to version 4.0.5, or a newer patched version

Plugin: Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 3.12.7
Recommended Action: Update to version 3.12.7, or a newer patched version

Plugin: MainWP iThemes Security Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version

Plugin: MainWP Rocket Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.4
Recommended Action: Update to version 4.0.4, or a newer patched version

Plugin: WP Customer Area

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.1.4
Recommended Action: Update to version 8.1.4, or a newer patched version

Plugin: Mediamatic – Media Library Folders

Plugin: Cloak Front End Email

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.9.2
Recommended Action: Update to version 1.9.2, or a newer patched version

Plugin: No API Amazon Affiliate

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 4.4.0
Recommended Action: Update to version 4.4.0, or a newer patched version

Plugin: PDF Generator for WordPress – Create & Customize PDF for Posts, Pages and WooCommerce Products

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version

Plugin: MainWP Broken Link Checker

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Meks Flexible Shortcodes

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.3.5
Recommended Action: Update to version 1.3.5, or a newer patched version

Plugin: Launchpad – Coming Soon & Maintenance Mode Plugin

Vulnerability: Authenticated (Administrator+) Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Better Emails

Plugin: WP Private Content Plus

Vulnerability: Authenticated(Admin+) Stored Cross-Site Scripting
Patched Version: 3.5
Recommended Action: Update to version 3.5, or a newer patched version

Plugin: Easy Accept Payments via PayPal

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 4.9.10
Recommended Action: Update to version 4.9.10, or a newer patched version

Plugin: EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

Vulnerability: Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode
Patched Version: 4.4.3
Recommended Action: Update to version 4.4.3, or a newer patched version

Plugin: uTubeVideo Gallery

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.0.8
Recommended Action: Update to version 2.0.8, or a newer patched version

Plugin: Quick Event Manager

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 9.7.5
Recommended Action: Update to version 9.7.5, or a newer patched version

Plugin: MainWP Boilerplate Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.1.1
Recommended Action: Update to version 4.1.1, or a newer patched version

Plugin: HTML5 Audio Player- Best WordPress Audio Player Plugin

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version

Plugin: WP-OliveCart

Plugin: Online Exam Software : eExamhall

Plugin: Materialis Companion

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.40
Recommended Action: Update to version 1.3.40, or a newer patched version

Plugin: ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

Vulnerability: Authenticated (Contributor+) Cross-Site Scripting
Patched Version: 7.12.1
Recommended Action: Update to version 7.12.1, or a newer patched version

Plugin: YourChannel: Everything you want in a YouTube plugin.

Vulnerability: Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version

Plugin: DNUI

Vulnerability: Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors

Vulnerability: Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode
Patched Version: 2.4.5
Recommended Action: Update to version 2.4.5, or a newer patched version

Plugin: Responsive Gallery Grid

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.3.9
Recommended Action: Update to version 2.3.9, or a newer patched version

Plugin: YourChannel: Everything you want in a YouTube plugin.

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting via ‘yrc_lang[Videos]’
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version

Plugin: TemplatesNext ToolKit

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.2.8
Recommended Action: Update to version 3.2.8, or a newer patched version

Plugin: WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 8.2.7
Recommended Action: Update to version 8.2.7, or a newer patched version

Plugin: Tutor LMS – eLearning and online course solution

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.0.10
Recommended Action: Update to version 2.0.10, or a newer patched version

Plugin: Breadcrumb

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.5.33
Recommended Action: Update to version 1.5.33, or a newer patched version

Plugin: GamiPress – Button

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.0.5
Recommended Action: Update to version 1.0.5, or a newer patched version

Plugin: Flexible Captcha

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: 10Web Map Builder for Google Maps

Vulnerability: Unauthenticated SQL Injection
Patched Version: 1.0.73
Recommended Action: Update to version 1.0.73, or a newer patched version

Plugin: MainWP Code Snippets Extension

Vulnerability: Missing Authorization to Plugin Settings Change
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version

Plugin: MainWP WordPress SEO Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version

Plugin: MainWP Staging Extension

Vulnerability: Missing Authorization to Arbitrary Plugin Activation
Patched Version: 4.0.4
Recommended Action: Update to version 4.0.4, or a newer patched version

Plugin: Superior FAQ

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.