Watch Out Wednesday – June 21, 2023

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: WordPress NextGen GalleryView

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WooCommerce Square

Vulnerability: Missing Authorization via multiple AJAX actions
Patched Version: 3.8.2
Recommended Action: Update to version 3.8.2, or a newer patched version

Plugin: Export All URLs

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.6
Recommended Action: Update to version 4.6, or a newer patched version

Plugin: Sermon’e – Sermons Online

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Elementor Website Builder Pro

Vulnerability: Missing Authorization
Patched Version: 3.13.1
Recommended Action: Update to version 3.13.1, or a newer patched version

Plugin: Recent Posts Slider

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Sermon'e – Sermons Online

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WooCommerce PayPal Payments

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.0.5
Recommended Action: Update to version 2.0.5, or a newer patched version

Plugin: Product Vendors

Vulnerability: Authenticated (Shop manager+) SQL Injection
Patched Version: 2.1.79
Recommended Action: Update to version 2.1.79, or a newer patched version

Plugin: EventON

Vulnerability: Insecure Direct Object Reference to Unauthorized Post Access
Patched Version: 2.1.2
Recommended Action: Update to version 2.1.2, or a newer patched version

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.0.9
Recommended Action: Update to version 3.0.9, or a newer patched version

Plugin: Complianz Premium – GDPR/CCPA Cookie Consent

Vulnerability: Cross-Site Request Forgery
Patched Version: 6.4.8
Recommended Action: Update to version 6.4.8, or a newer patched version

Plugin: WooPayments: Integrated WooCommerce Payments

Vulnerability: Missing Authorization via redirect_pay_for_order_to_update_payment_method
Patched Version: 5.9.1
Recommended Action: Update to version 5.9.1, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Unauthorized Account Access and Privilege Escalation
Patched Version: 4.10.8
Recommended Action: Update to version 4.10.8, or a newer patched version

Plugin: Form Builder | Create Responsive Contact Forms

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Mailtree Log Mail

Vulnerability: Unauthenticated Stored Cross-Site Scripting via Email Subject
Patched Version: 1.0.1
Recommended Action: Update to version 1.0.1, or a newer patched version

Plugin: 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件

Vulnerability: Missing Authorization
Patched Version: 2.6.1
Recommended Action: Update to version 2.6.1, or a newer patched version

Plugin: WooCommerce Bulk Stock Management

Vulnerability: Cross-Site Scripting
Patched Version: 2.2.34
Recommended Action: Update to version 2.2.34, or a newer patched version

Plugin: LWS Tools

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.4.2
Recommended Action: Update to version 2.4.2, or a newer patched version

Plugin: All In One Redirection

Vulnerability: Authenticated(Administrator+) SQL Injection
Patched Version: 2.2.0
Recommended Action: Update to version 2.2.0, or a newer patched version

Plugin: Smoothscroller

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Greeklish-permalink

Vulnerability: Missing Authorization via cyrtrans_ajax_old AJAX action
Patched Version: 3.5
Recommended Action: Update to version 3.5, or a newer patched version

Plugin: MasterStudy LMS WordPress Plugin – for Online Courses and Education

Vulnerability: Missing Authorization to Course Category Creation
Patched Version: 3.0.9
Recommended Action: Update to version 3.0.9, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Unauthenticated SQL Injection
Patched Version: 3.9.8
Recommended Action: Update to version 3.9.8, or a newer patched version

Plugin: Companion Sitemap Generator – HTML & XML

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.5.3
Recommended Action: Update to version 4.5.3, or a newer patched version

Plugin: Gutenverse – Ultimate Block Addons and Page Builder for Site Editor

Vulnerability: Missing Authorization via ‘data/update’ API Endpoint
Patched Version: 1.8.6
Recommended Action: Update to version 1.8.6, or a newer patched version

Plugin: CHP Ads Block Detector

Vulnerability: Missing Authorization to Plugin Settings Update
Patched Version: 3.9.8
Recommended Action: Update to version 3.9.8, or a newer patched version

Plugin: Social Share, Social Login and Social Comments Plugin – Super Socializer

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 7.13.53
Recommended Action: Update to version 7.13.53, or a newer patched version

Plugin: Seed Fonts

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 2.4.0
Recommended Action: Update to version 2.4.0, or a newer patched version

Plugin: Enable SVG Uploads

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: breadcrumb simple

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Float menu – awesome floating side menu

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 5.0.3
Recommended Action: Update to version 5.0.3, or a newer patched version

Plugin: Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

Vulnerability: Authenticated(Administrator+) CSV Injection
Patched Version: 2.2.6
Recommended Action: Update to version 2.2.6, or a newer patched version

Plugin: WP Backup Manager

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Core Web Vitals & PageSpeed Booster

Vulnerability: Open Redirect via _wp_http_referer
Patched Version: 1.0.13
Recommended Action: Update to version 1.0.13, or a newer patched version

Plugin: MojoPlug Slide Panel

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: CHP Ads Block Detector

Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 3.9.8
Recommended Action: Update to version 3.9.8, or a newer patched version

Plugin: Who Hit The Page – Hit Counter

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Recipe Cards For Your Food Blog from Zip Recipes

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.0.8
Recommended Action: Update to version 8.0.8, or a newer patched version

Plugin: Call Now Accessibility Button

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.1
Recommended Action: Update to version 1.1, or a newer patched version

Plugin: HTTP Headers

Vulnerability: Authenticated(Administrator+) Remote Code Execution
Patched Version: 1.18.11
Recommended Action: Update to version 1.18.11, or a newer patched version

Plugin: WPBakery Page Builder for WordPress

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 6.13.0
Recommended Action: Update to version 6.13.0, or a newer patched version

Plugin: Matterport Shortcode

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.1.5
Recommended Action: Update to version 2.1.5, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Unauthenticated Privilege Escalation
Patched Version: 3.9.9
Recommended Action: Update to version 3.9.9, or a newer patched version

Plugin: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Vulnerability: Missing Authorization in check_score
Patched Version: 1.15.17
Recommended Action: Update to version 1.15.17, or a newer patched version

Plugin: Simple Iframe

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version

Plugin: Extra User Details

Vulnerability: Cross-Site Request Forgery
Patched Version: 0.5.1
Recommended Action: Update to version 0.5.1, or a newer patched version

Plugin: Template Debugger

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: PrePost SEO

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: JS Help Desk – The Ultimate Help Desk & Support Plugin

Vulnerability: Authenticated (Subscriber+) Insecure Direct Object Reference
Patched Version: 2.7.8
Recommended Action: Update to version 2.7.8, or a newer patched version

Plugin: Potent Donations for WooCommerce

Vulnerability: Cross-Site Request Forgery in hm_wcdon_admin_page
Patched Version: 1.1.10
Recommended Action: Update to version 1.1.10, or a newer patched version

Plugin: Stock Manager for WooCommerce

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.11.0
Recommended Action: Update to version 2.11.0, or a newer patched version

Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Vulnerability: Missing Authorization
Patched Version: 1.5.66
Recommended Action: Update to version 1.5.66, or a newer patched version

Plugin: Extra User Details

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 0.5.1
Recommended Action: Update to version 0.5.1, or a newer patched version

Plugin: WooCommerce Brands

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.6.50
Recommended Action: Update to version 1.6.50, or a newer patched version

Plugin: WP Sticky Social

Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.0.2
Recommended Action: Update to version 1.0.2, or a newer patched version

Plugin: myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.5.1
Recommended Action: Update to version 2.5.1, or a newer patched version

Plugin: WooCommerce Subscription

Vulnerability: Missing Authorization to Insecure Direct Object Reference
Patched Version: 5.1.3
Recommended Action: Update to version 5.1.3, or a newer patched version

Plugin: WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.8.1.3
Recommended Action: Update to version 1.8.1.3, or a newer patched version

Plugin: LWS Cleaner

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.3.1
Recommended Action: Update to version 2.3.1, or a newer patched version

Plugin: Constant Contact Forms

Vulnerability: Missing Authorization via constant_contact_privacy_ajax_handler
Patched Version: 2.0.3
Recommended Action: Update to version 2.0.3, or a newer patched version

Plugin: WP Affiliate Links

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Flo Forms – Easy Drag & Drop Form Builder

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.0.41
Recommended Action: Update to version 1.0.41, or a newer patched version

Plugin: Display Custom Fields – wpView

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: CMS Commander – Manage Multiple Sites

Vulnerability: Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
Patched Version: 2.288
Recommended Action: Update to version 2.288, or a newer patched version

Plugin: Google Map Shortcode

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Vulnerability: Authenticated (Contributor+) Arbitrary File Upload
Patched Version: 1.5.67
Recommended Action: Update to version 1.5.67, or a newer patched version

Plugin: Booking Calendar | Appointment Booking | Bookit

Vulnerability: Authentication Bypass
Patched Version: 2.3.8
Recommended Action: Update to version 2.3.8, or a newer patched version

Plugin: TinyMCE Custom Styles

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.1.4
Recommended Action: Update to version 1.1.4, or a newer patched version

Plugin: AN_GradeBook

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Unauthenticated SQL Injection
Patched Version: 3.9.8
Recommended Action: Update to version 3.9.8, or a newer patched version

Plugin: EventON

Vulnerability: Missing Authorization to Event Access
Patched Version: 2.1.2
Recommended Action: Update to version 2.1.2, or a newer patched version

Plugin: WooPayments: Integrated WooCommerce Payments

Vulnerability: Authenticated (Shop manager+) SQL Injection via currency parameters
Patched Version: 5.9.1
Recommended Action: Update to version 5.9.1, or a newer patched version

Plugin: CHP Ads Block Detector

Vulnerability: Cross-Site Request Forgery via chp_abd_action
Patched Version: 3.9.8
Recommended Action: Update to version 3.9.8, or a newer patched version

Plugin: Galleria

Vulnerability: Cross-Site Request Forgery via showOptionsPage
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Recipe Cards For Your Food Blog from Zip Recipes

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.0.8
Recommended Action: Update to version 8.0.8, or a newer patched version

Plugin: Image Protector

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Buy Me a Coffee – Button and Widget Plugin

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.7
Recommended Action: Update to version 3.7, or a newer patched version

Plugin: Contact Form by WD – responsive drag & drop contact form builder tool

Vulnerability: Authenticated (Administrator+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.7.0
Recommended Action: Update to version 1.7.0, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.