Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Postie
Vulnerability: Post Submission Spoofing & Stored Cross-Site Scripting
Patched Version: 1.9.41
Recommended Action: Update to version 1.9.41, or a newer patched version
Plugin: Ultimate FAQ Accordion Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.8.30
Recommended Action: Update to version 1.8.30, or a newer patched version
Plugin: Divi Builder
Vulnerability: 4.0.9, Divi Extra 2.23
Patched Version: 4.0.10
Recommended Action: Update to version 4.0.10, or a newer patched version
Plugin: BuddyPress
Vulnerability: Sensitive Information Disclosure
Patched Version: 5.1.2
Recommended Action: Update to version 5.1.2, or a newer patched version
Plugin: Postie
Vulnerability: Cross-Site Scripting
Patched Version: 1.9.41
Recommended Action: Update to version 1.9.41, or a newer patched version
Plugin: WP Simple Spreadsheet Fetcher for Google
Vulnerability: Cross-Site Request Forgery
Patched Version: 0.3.7
Recommended Action: Update to version 0.3.7, or a newer patched version
Plugin: WooCommerce Conversion Tracking
Vulnerability: Cross-Site Request Forgery and Cross-Site Scripting
Patched Version: 2.0.6
Recommended Action: Update to version 2.0.6, or a newer patched version
Plugin: Import and export users and customers
Vulnerability: Sensitive Data Exposure
Patched Version: 1.15.0.1
Recommended Action: Update to version 1.15.0.1, or a newer patched version
Plugin: Awesome Support – WordPress HelpDesk & Support Plugin
Vulnerability: Cross-Site Scripting via post_title
Patched Version: 6.0.14
Recommended Action: Update to version 6.0.14, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
