Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: WooCommerce
Vulnerability: Settings Bypass leading to Account Creation
Patched Version: 4.6.2
Recommended Action: Update to version 4.6.2, or a newer patched version
Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vulnerability: Unauthenticated Privilege Escalation via User Roles
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version
Plugin: Abandoned Cart Lite for WooCommerce
Vulnerability: SQL Injection
Patched Version: 5.8.3
Recommended Action: Update to version 5.8.3, or a newer patched version
Plugin: Welcart e-Commerce
Vulnerability: PHP Object Injection
Patched Version: 1.9.36
Recommended Action: Update to version 1.9.36, or a newer patched version
Plugin: WooCommerce Blocks
Vulnerability: Authorization Bypass
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version
Plugin: Ultimate Reviews
Vulnerability: PHP Object Injection
Patched Version: 2.1.33
Recommended Action: Update to version 2.1.33, or a newer patched version
Plugin: WP Activity Log
Vulnerability: SQL Injection
Patched Version: 4.1.5
Recommended Action: Update to version 4.1.5, or a newer patched version
Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vulnerability: Unauthenticated Privilege Escalation via User Meta
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version
Plugin: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Vulnerability: Authenticated Privilege Escalation via Profile Update
Patched Version: 2.1.12
Recommended Action: Update to version 2.1.12, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.