Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: WP Upload Restriction
Vulnerability: No subtitle
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Privilege Escalation
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: WooCommerce
Vulnerability: Authenticated Blind SQL Injection
Patched Version: 3.3.6
Recommended Action: Update to one of the following versions, or a newer patched version: 3.3.6, 3.4.8, 3.5.9, 3.6.6, 3.7.2, 3.8.2, 3.9.4, 4.0.2, 4.1.2, 4.2.3, 4.3.4, 4.4.2, 4.5.3, 4.6.3, 4.7.2, 4.8.1, 4.9.3, 5.0.1, 5.1.1, 5.2.3, 5.3.1, 5.4.2, 5.5.1, 5.5.2
Plugin: Advance Menu Manager
Vulnerability: Cross-Site Request Forgery to Menu Edition
Patched Version: 3.0
Recommended Action: Update to version 3.0, or a newer patched version
Plugin: UpdraftPlus: WP Backup & Migration Plugin
Vulnerability: Authenticated (Admin+) Local File Inclusion
Patched Version: 1.16.59
Recommended Action: Update to version 1.16.59, or a newer patched version
Plugin: WOWRestro – Online Ordering System For WooCommerce
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.1
Recommended Action: Update to version 1.1, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated HTML Injection leading to Spam Emails
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: Remove Footer Credit
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version
Plugin: Software License Manager
Vulnerability: Cross-Site Request Forgery
Patched Version: 4.4.6
Recommended Action: Update to version 4.4.6, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated Post Meta Change
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: WPFront Notification Bar
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 2.0.0
Recommended Action: Update to version 2.0.0, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated Arbitrary File Download
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated Arbitrary Post Deletion
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: VDZ CallBack Plugin
Vulnerability: Cross-Site Scripting
Patched Version: 1.14.6
Recommended Action: Update to version 1.14.6, or a newer patched version
Plugin: Wr Age Verification
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.0.0
Recommended Action: Update to version 2.0.0, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Authenticated Settings Change leading to Arbitrary File Upload
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: Advance Menu Manager
Vulnerability: Authenticated (Subscriber+) Menu Creation/Deletion
Patched Version: 3.0.7
Recommended Action: Update to version 3.0.7, or a newer patched version
Plugin: Frontend File Manager Plugin
Vulnerability: Unauthenticated Content Injection
Patched Version: 18.3
Recommended Action: Update to version 18.3, or a newer patched version
Plugin: Hubbub Lite – Fast, Reliable Social Sharing Buttons
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.19.0
Recommended Action: Update to version 1.19.0, or a newer patched version
Plugin: Astra Pro Addon
Vulnerability: Unauthenticated SQL Injection
Patched Version: 3.5.2
Recommended Action: Update to version 3.5.2, or a newer patched version
Plugin: Page View Count
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched Version: 2.4.9
Recommended Action: Update to version 2.4.9, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.