Login
Facebook-f Linkedin-in Youtube

Watch Out Wednesday – November 11, 2020

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: WooCommerce

Vulnerability: Settings Bypass leading to Account Creation
Patched Version: 4.6.2
Recommended Action: Update to version 4.6.2, or a newer patched version

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Vulnerability: Unauthenticated Privilege Escalation via User Roles
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version

Plugin: Abandoned Cart Lite for WooCommerce

Vulnerability: SQL Injection
Patched Version: 5.8.3
Recommended Action: Update to version 5.8.3, or a newer patched version

Plugin: Welcart e-Commerce

Vulnerability: PHP Object Injection
Patched Version: 1.9.36
Recommended Action: Update to version 1.9.36, or a newer patched version

Plugin: WooCommerce Blocks

Vulnerability: Authorization Bypass
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version

Plugin: Ultimate Reviews

Vulnerability: PHP Object Injection
Patched Version: 2.1.33
Recommended Action: Update to version 2.1.33, or a newer patched version

Plugin: WP Activity Log

Vulnerability: SQL Injection
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Vulnerability: Unauthenticated Privilege Escalation via User Meta
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version

Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Vulnerability: Authenticated Privilege Escalation via Profile Update
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Picture of Odell Duppins Jr

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.

Recent Posts

WordPress

Login