Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: eCommerce Product Catalog Plugin for WordPress
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 3.0.18
Recommended Action: Update to version 3.0.18, or a newer patched version
Plugin: WP Private Content Plus
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 3.2
Recommended Action: Update to version 3.2, or a newer patched version
Plugin: WP Travel – Ultimate Travel Booking System, Tour Management Engine
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 4.4.7
Recommended Action: Update to version 4.4.7, or a newer patched version
Plugin: Process Steps Template Designer
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.3
Recommended Action: Update to version 1.3, or a newer patched version
Plugin: NextGen Gallery Pro
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.1.11
Recommended Action: Update to version 3.1.11, or a newer patched version
Plugin: WooCommerce Customers Manager
Vulnerability: Authenticated Account Creation and Privilege Escalation
Patched Version: 26.5
Recommended Action: Update to version 26.5, or a newer patched version
Plugin: Under Construction, Coming Soon & Maintenance Mode
Vulnerability: Server Side Request Forgery
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version
Plugin: Cookie Information | Free GDPR Consent Solution
Vulnerability: Stored Cross-Site Scripting
Patched Version: 1.5.6
Recommended Action: Update to version 1.5.6, or a newer patched version
Plugin: Better Search – Relevant search results for WordPress
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 2.5.3
Recommended Action: Update to version 2.5.3, or a newer patched version
Plugin: Style Kits – Advanced Theme Styles for Elementor
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.8.1
Recommended Action: Update to version 1.8.1, or a newer patched version
Plugin: Under Construction, Coming Soon & Maintenance Mode
Vulnerability: Server Side Request Forgery
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version
Plugin: ElasticPress
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 3.5.4
Recommended Action: Update to version 3.5.4, or a newer patched version
Plugin: Custom Banners
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 3.3
Recommended Action: Update to version 3.3, or a newer patched version
Plugin: Process Steps Template Designer
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.3
Recommended Action: Update to version 1.3, or a newer patched version
Plugin: Abandoned Cart Lite for WooCommerce
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 5.8.6
Recommended Action: Update to version 5.8.6, or a newer patched version
Plugin: Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.13.5
Recommended Action: Update to version 1.13.5, or a newer patched version
Plugin: Better Search – Relevant search results for WordPress
Vulnerability: Cross-Site Request Forgery to Settings Import
Patched Version: 2.5.3
Recommended Action: Update to version 2.5.3, or a newer patched version
Plugin: Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 2.0.21
Recommended Action: Update to version 2.0.21, or a newer patched version
Plugin: Defender Security – Malware Scanner, Login Security & Firewall
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 2.4.6.1
Recommended Action: Update to version 2.4.6.1, or a newer patched version
Plugin: File Manager
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 7.1
Recommended Action: Update to version 7.1, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
