Watch Out Wednesday – May 24, 2023

Home » Watch Out Wednesday – May 24, 2023

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Leyka

Vulnerability: Privilege Escalation via Admin Password Reset
Patched Version: 3.30.3
Recommended Action: Update to version 3.30.3, or a newer patched version

Plugin: WooDiscuz – WooCommerce Comments

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version

Plugin: EventPrime – Events Calendar, Bookings and Tickets

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.0.6
Recommended Action: Update to version 3.0.6, or a newer patched version

Plugin: WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 1.2.4
Recommended Action: Update to version 1.2.4, or a newer patched version

Plugin: Unite Gallery Lite

Vulnerability: Authenticated(Administrator+) Local File Inclusion via ‘view’ parameter
Patched Version: 1.7.60
Recommended Action: Update to version 1.7.60, or a newer patched version

Plugin: Duplicator Pro

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.5.11.1
Recommended Action: Update to version 4.5.11.1, or a newer patched version

Plugin: WIP Custom Login

Vulnerability: Cross-Site Request Forgery via save_option
Patched Version: 1.3.0
Recommended Action: Update to version 1.3.0, or a newer patched version

Plugin: WooCommerce Warranty Requests

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.1.7
Recommended Action: Update to version 2.1.7, or a newer patched version

Plugin: Go Pricing – WordPress Responsive Pricing Tables

Vulnerability: WordPress Responsive Pricing Tables <= 3.3.19
Patched Version: 3.4
Recommended Action: Update to version 3.4, or a newer patched version

Plugin: EventPrime – Events Calendar, Bookings and Tickets

Vulnerability: Sensitive Information Exposure
Patched Version: 3.0.0
Recommended Action: Update to version 3.0.0, or a newer patched version

Plugin: EventPrime – Events Calendar, Bookings and Tickets

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.0.0
Recommended Action: Update to version 3.0.0, or a newer patched version

Plugin: WordPress File Upload

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 4.19.2
Recommended Action: Update to version 4.19.2, or a newer patched version

Plugin: Custom Post Type Generator

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Missing Authorization to Admin Account and Ticket Creation
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Missing Authorization to Update License
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: Waiting: One-click countdowns

Vulnerability: Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: YouTube Playlist Player

Vulnerability: Cross-Site Request Forgery in ytpp_settings
Patched Version: 4.6.5
Recommended Action: Update to version 4.6.5, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Missing Authorization to Non-Arbitrary File Upload
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: AI ChatBot for WordPress – WPBot

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 4.6.1
Recommended Action: Update to version 4.6.1, or a newer patched version

Plugin: LearnDash LMS

Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: 4.5.3.1
Recommended Action: Update to version 4.5.3.1, or a newer patched version

Plugin: Woocommerce Follow-ups

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.9.50
Recommended Action: Update to version 4.9.50, or a newer patched version

Plugin: BP Social Connect

Vulnerability: Authentication Bypass
Patched Version: 1.6.2
Recommended Action: Update to version 1.6.2, or a newer patched version

Plugin: QuBot – Chatbot Builder with Templates

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting
Patched Version: 1.1.6
Recommended Action: Update to version 1.1.6, or a newer patched version

Plugin: Go Pricing – WordPress Responsive Pricing Tables

Vulnerability: WordPress Responsive Pricing Tables <= 3.3.19
Patched Version: 3.4
Recommended Action: Update to version 3.4, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: Easy Forms for Mailchimp

Vulnerability: Reflected Cross-Site Scripting via ‘sql_error’
Patched Version: 6.8.9
Recommended Action: Update to version 6.8.9, or a newer patched version

Plugin: Database for Contact Form 7, WPforms, Elementor forms

Vulnerability: Authenticated (Contributor+) SQL Injection via shortcode
Patched Version: 1.3.1
Recommended Action: Update to version 1.3.1, or a newer patched version

Plugin: WP Activity Log Premium

Vulnerability: Cross-Site Request Forgery via ajax_switch_db
Patched Version: 4.5.2
Recommended Action: Update to version 4.5.2, or a newer patched version

Core: WordPress

Vulnerability: Shortcode Execution in User Generated Content
Patched Version: 5.9.7
Recommended Action: Update to one of the following versions, or a newer patched version: 5.9.7, 6.0.5, 6.1.3, 6.2.2

Plugin: Cookie Monster

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Slider Revolution

Vulnerability: Authenticated (Administrator+) Arbitrary File Upload
Patched Version: 6.6.13
Recommended Action: Update to version 6.6.13, or a newer patched version

Plugin: Woocommerce Follow-ups

Vulnerability: Cross-Site Request Forgery
Patched Version: 4.9.50
Recommended Action: Update to version 4.9.50, or a newer patched version

Plugin: Database for Contact Form 7, WPforms, Elementor forms

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via vx-entries shortcode
Patched Version: 1.3.1
Recommended Action: Update to version 1.3.1, or a newer patched version

Plugin: Elementor Website Builder – More than Just a Page Builder

Vulnerability: No subtitle
Patched Version: 3.13.3
Recommended Action: Update to version 3.13.3, or a newer patched version

Plugin: WooCommerce Shipping & Tax

Vulnerability: Stored Cross-Site Scripting
Patched Version: 2.2.5
Recommended Action: Update to version 2.2.5, or a newer patched version

Plugin: Go Pricing – WordPress Responsive Pricing Tables

Vulnerability: WordPress Responsive Pricing Tables <= 3.3.19
Patched Version: 3.4
Recommended Action: Update to version 3.4, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Authentication Bypass
Patched Version: 3.9.2
Recommended Action: Update to version 3.9.2, or a newer patched version

Plugin: UpdraftPlus: WP Backup & Migration Plugin

Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage
Patched Version: 1.23.4
Recommended Action: Update to version 1.23.4, or a newer patched version

Core: WordPress

Vulnerability: Shortcode Execution in User Generated Content
Patched Version: 5.9.6
Recommended Action: Update to one of the following versions, or a newer patched version: 5.9.6, 6.0.4, 6.1.2, 6.2.1

Plugin: Jazz Popups

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP htaccess Control

Plugin: WP-Hijri

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.5.2
Recommended Action: Update to version 1.5.2, or a newer patched version

Plugin: Connect Matomo (WP-Matomo, WP-Piwik)

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Display Name
Patched Version: 1.0.28
Recommended Action: Update to version 1.0.28, or a newer patched version

Plugin: Novelist

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting via Book Information Fields
Patched Version: 1.2.1
Recommended Action: Update to version 1.2.1, or a newer patched version

Plugin: AI Engine

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: 1.6.83
Recommended Action: Update to version 1.6.83, or a newer patched version

Plugin: WP Activity Log Premium

Vulnerability: Missing Authorization via ajax_switch_db
Patched Version: 4.5.2
Recommended Action: Update to version 4.5.2, or a newer patched version

Plugin: Performance Lab

Vulnerability: Cross-Site Request Forgery via dismiss-wp-pointer
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version

Plugin: SupportCandy – Helpdesk & Customer Support Ticket System

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 3.1.7
Recommended Action: Update to version 3.1.7, or a newer patched version

Plugin: Customize WordPress Emails and Alerts – Better Notifications for WP

Vulnerability: Cross-Site Request Forgery via handle_actions
Patched Version: 1.9.3
Recommended Action: Update to version 1.9.3, or a newer patched version

Plugin: Predictive Search for WooCommerce

Vulnerability: Missing Authorization via multiple AJAX actions
Patched Version: 5.8.1
Recommended Action: Update to version 5.8.1, or a newer patched version

Plugin: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 4.0.9.2
Recommended Action: Update to version 4.0.9.2, or a newer patched version

Plugin: Social Proof Popups & Real-Time Notifications – Herd Effects

Vulnerability: No subtitle
Patched Version: 5.2.2
Recommended Action: Update to version 5.2.2, or a newer patched version

Plugin: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.1.12
Recommended Action: Update to version 3.1.12, or a newer patched version

Plugin: Easy Captcha

Vulnerability: Missing Authorization via easy_captcha_update_settings
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Vulnerability: Arbitrary File Upload in File Manager
Patched Version: 1.5.61
Recommended Action: Update to version 1.5.61, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Cross-Site Request Forgery to Privilege Escalation
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: Woocommerce Follow-ups

Vulnerability: Authenticated Arbitrary File Upload in Template Editing
Patched Version: 4.9.50
Recommended Action: Update to version 4.9.50, or a newer patched version

Plugin: Abandoned Cart Lite for WooCommerce

Vulnerability: Cross-Site Request Forgery via delete_expired_used_coupon_code
Patched Version: 5.14.2
Recommended Action: Update to version 5.14.2, or a newer patched version

Plugin: Stop Referrer Spam

Vulnerability: Cross-Site Request Forgery via processParameters
Patched Version: 1.3.1
Recommended Action: Update to version 1.3.1, or a newer patched version

Plugin: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Vulnerability: Cross-Site Request Forgery via Multiple Functions
Patched Version: 1.1.3.2
Recommended Action: Update to version 1.1.3.2, or a newer patched version

Plugin: Scripts n Styles

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.5.4
Recommended Action: Update to version 3.5.4, or a newer patched version

Plugin: WordPress File Upload

Vulnerability: Authenticated (Administrator+) Path Traversal
Patched Version: 4.19.2
Recommended Action: Update to version 4.19.2, or a newer patched version

Plugin: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

Vulnerability: Cross-Site Request Forgery to Disable All Plugins
Patched Version: 2.7.10
Recommended Action: Update to version 2.7.10, or a newer patched version

Plugin: Rank Math SEO PRO

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.0.36
Recommended Action: Update to version 3.0.36, or a newer patched version

Plugin: WishSuite – Wishlist for WooCommerce

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.3.5
Recommended Action: Update to version 1.3.5, or a newer patched version

Plugin: Easy Forms for Mailchimp

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 6.8.9
Recommended Action: Update to version 6.8.9, or a newer patched version

Plugin: Jazz Popups

Vulnerability: Reflected Cross-Site Scripting via ‘wpjazzpopup_switchonoff’
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Leyka

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.30.2
Recommended Action: Update to version 3.30.2, or a newer patched version

Plugin: SupportCandy – Helpdesk & Customer Support Ticket System

Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 3.1.7
Recommended Action: Update to version 3.1.7, or a newer patched version

Plugin: AI ChatBot for WordPress – WPBot

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 4.5.5
Recommended Action: Update to version 4.5.5, or a newer patched version

Plugin: SEO Change Monitor – Track Website Changes

Vulnerability: Authenticated (Subscriber+) SQL Injection
Patched Version: 1.3
Recommended Action: Update to version 1.3, or a newer patched version

Plugin: MStore API – Create Native Android & iOS Apps On The Cloud

Vulnerability: Authentication Bypass
Patched Version: 3.9.1
Recommended Action: Update to version 3.9.1, or a newer patched version

Plugin: SIS Handball

Vulnerability: Authenticated (Administrator+) SQL Injection via ‘orderby’
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Easy Captcha

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Multiple Page Generator Plugin – MPG

Vulnerability: Authenticated (Administrator+) SQL Injection in projects_list and total_projects
Patched Version: 3.3.20
Recommended Action: Update to version 3.3.20, or a newer patched version

Plugin: WeSecur Security – Antivirus, Malware Scanner and Protection for your WordPress

Plugin: WS Form LITE – Drag & Drop Contact Form Builder for WordPress

Vulnerability: CAPTCHA Bypass
Patched Version: 1.9.118
Recommended Action: Update to version 1.9.118, or a newer patched version

Plugin: Predictive Search for WooCommerce

Vulnerability: Cross-Site Request Forgery via multiple AJAX actions
Patched Version: 5.8.1
Recommended Action: Update to version 5.8.1, or a newer patched version

Plugin: Front End Users

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 3.2.25
Recommended Action: Update to version 3.2.25, or a newer patched version

Plugin: WP Activity Log

Vulnerability: Cross-Site Request Forgery via ajax_run_cleanup
Patched Version: 4.5.2
Recommended Action: Update to version 4.5.2, or a newer patched version

Plugin: Baidu Tongji generator

Plugin: Ultimate Dashboard – Custom WordPress Dashboard

Vulnerability: Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
Patched Version: 3.7.6
Recommended Action: Update to version 3.7.6, or a newer patched version

Plugin: Abandoned Cart Lite for WooCommerce

Vulnerability: Cross-Site Request Forgery via ts_reset_tracking_setting
Patched Version: 5.14.2
Recommended Action: Update to version 5.14.2, or a newer patched version

Plugin: WP Activity Log

Vulnerability: Missing Capabilities Check to User Enumeration
Patched Version: 4.5.2
Recommended Action: Update to version 4.5.2, or a newer patched version

Plugin: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Vulnerability: Zip Extraction to Arbitrary File Upload in File Manager
Patched Version: 1.5.67
Recommended Action: Update to version 1.5.67, or a newer patched version

Plugin: Smart App Banner

Vulnerability: Cross-Site Request Forgery via wsl_smart_app_banner_options
Patched Version: 1.1.3
Recommended Action: Update to version 1.1.3, or a newer patched version

Plugin: Go Pricing – WordPress Responsive Pricing Tables

Vulnerability: WordPress Responsive Pricing Tables <= 3.3.19
Patched Version: 3.4
Recommended Action: Update to version 3.4, or a newer patched version

Plugin: nuajik

Plugin: Easy Admin Menu

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.