Login
Facebook-f Linkedin-in Youtube

Watch Out Wednesday – July 15, 2020

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Contact Builder by Themify

Vulnerability: Email Injection
Patched Version: 1.4.6
Recommended Action: Update to version 1.4.6, or a newer patched version

Plugin: Newsletter – Send awesome emails from WordPress

Vulnerability: Stored Cross-Site Scripting
Patched Version: 6.7.7
Recommended Action: Update to version 6.7.7, or a newer patched version

Plugin: Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme

Vulnerability: Stored Cross-Site Scripting
Patched Version: 2.9.4
Recommended Action: Update to version 2.9.4, or a newer patched version

Plugin: Customer Email Verification for WooCommerce

Vulnerability: Authentication Bypass
Patched Version: 1.8.2
Recommended Action: Update to version 1.8.2, or a newer patched version

Plugin: Responsive Menu – Create Mobile-Friendly Menu

Vulnerability: Cross-Site Request Forgery
Patched Version: 3.1.4
Recommended Action: Update to version 3.1.4, or a newer patched version

Plugin: 3CX Free Live Chat, Calls & WhatsApp

Vulnerability: Stored Cross-Site Scripting
Patched Version: 8.2.0
Recommended Action: Update to version 8.2.0, or a newer patched version

Plugin: SRS Simple Hits Counter

Vulnerability: 1.04
Patched Version: 1.1.0
Recommended Action: Update to version 1.1.0, or a newer patched version

Plugin: Knight Lab Timeline

Vulnerability: Stored Cross-Site Scripting
Patched Version: 3.7.0
Recommended Action: Update to version 3.7.0, or a newer patched version

Plugin: Wise Chat

Vulnerability: CSV Injection
Patched Version: 2.8.4
Recommended Action: Update to version 2.8.4, or a newer patched version

Plugin: SendPress Newsletters

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 1.20.7.13
Recommended Action: Update to version 1.20.7.13, or a newer patched version

Plugin: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.13.40
Recommended Action: Update to version 1.13.40, or a newer patched version

Plugin: Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.5.1
Recommended Action: Update to version 4.5.1, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Picture of Odell Duppins Jr

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.

Recent Posts

WordPress

Login