Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Hash Elements
Vulnerability: Missing Authorization to Unauthenticated Draft Post Title Exposure
Patched Version: 1.4.8
Recommended Action: Update to version 1.4.8, or a newer patched version
Plugin: Custom Dashboard Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AR for WordPress
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 7.0
Recommended Action: Update to version 7.0, or a newer patched version
Plugin: WP Responsive Video
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ParOne Feeds
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ESB Testimonials
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WOLF – WordPress Posts Bulk Editor and Manager Professional
Vulnerability: Authenticated (Editor+) CSV Path Traversal
Patched Version: 1.0.8.4
Recommended Action: Update to version 1.0.8.4, or a newer patched version
Plugin: WP Listings Pro
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WE – Client Logo Carousel
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: HT Politic – For Political WordPress Themes / Website
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.4.5
Recommended Action: Update to version 2.4.5, or a newer patched version
Plugin: Forms
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 2.8.1
Recommended Action: Update to version 2.8.1, or a newer patched version
Plugin: WP Testimonial Widget
Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ultimate Flipbox Addon for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: DuoGeek – Gutenberg Blocks
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Envo Extra
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 1.9.4
Recommended Action: Update to version 1.9.4, or a newer patched version
Plugin: ML Responsive Audio player with playlist Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Simple Goods
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Domain Sharding
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AzonBox
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Algori PDF Viewer
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 1.0.8
Recommended Action: Update to version 1.0.8, or a newer patched version
Plugin: SysBasics Customize My Account for WooCommerce
Vulnerability: Reflected Cross-Site Scripting via tab Parameter
Patched Version: 2.7.30
Recommended Action: Update to version 2.7.30, or a newer patched version
Plugin: Market 360 Viewer
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 4.4.5
Recommended Action: Update to version 4.4.5, or a newer patched version
Plugin: Code Embed
Vulnerability: Authenticated (Contributor+) Server-Side Request Forgery
Patched Version: 2.5.1
Recommended Action: Update to version 2.5.1, or a newer patched version
Plugin: Product Delivery Date for WooCommerce – Lite
Vulnerability: Lite <= 2.8.0
Patched Version: 2.8.1
Recommended Action: Update to version 2.8.1, or a newer patched version
Plugin: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Vulnerability: Reflected Cross-Site Scripting via add_query_arg Parameter
Patched Version: 1.15.31
Recommended Action: Update to version 1.15.31, or a newer patched version
Plugin: Inline Click To Tweet
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Moose Elementor Kit
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.1.0
Recommended Action: Update to version 1.1.0, or a newer patched version
Plugin: Golf Tracker
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Wezido – Elementor Addon Based on Easy Digital Downloads
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Assist24 Help Desk
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Extender All In One For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Zoho CRM Lead Magnet
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: 1.7.9.8
Recommended Action: Update to version 1.7.9.8, or a newer patched version
Plugin: Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version
Plugin: MyOrderDesk
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Simple User Registration
Vulnerability: Missing Authorization
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: IA Map Analytics Basic
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Devexhub Gallery
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Website price calculator
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WooCommerce Support Ticket System
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 17.8
Recommended Action: Update to version 17.8, or a newer patched version
Plugin: EzyOnlineBookings Online Booking System Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: TinyCode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Debug Tool
Vulnerability: Missing Authorization to Information Exposure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Luzuk Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Woocommerce Quote Calculator
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: GDReseller
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: adBuddy+ (AdBlocker Detection) by NetfunkDesign
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Websand Subscription Form
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Awesome Shortcodes For Genesis
Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pods – Custom Content Types and Fields
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 3.2.7.1
Recommended Action: Update to version 3.2.7.1, or a newer patched version
Plugin: myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode
Patched Version: 2.7.5
Recommended Action: Update to version 2.7.5, or a newer patched version
Plugin: Paytium: Mollie payment forms & donations
Vulnerability: Missing Authorization
Patched Version: 4.4.11
Recommended Action: Update to version 4.4.11, or a newer patched version
Plugin: TradeMe widgets
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Global Gateway e4 | Payeezy Gateway |
Vulnerability: Unauthenticated Arbitrary File Deletion
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Countdown Timer block – Display the event's date into a timer.
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 1.2.5
Recommended Action: Update to version 1.2.5, or a newer patched version
Plugin: Custom Admin Menu
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CRM 2go – Formulario de contacto
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Simple Business Manager
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: While Loading
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Share Buttons – Social Media
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: OS BXSlider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Slickstream: Engagement and Conversions
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode
Patched Version: 2.0.0
Recommended Action: Update to version 2.0.0, or a newer patched version
Plugin: xili-tidy-tags
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.12.05
Recommended Action: Update to version 1.12.05, or a newer patched version
Plugin: Awesome Progress Bar
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Boat Rental Plugin for WordPress
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Floating Buttons for WooCommerce
Vulnerability: Missing Authorization
Patched Version: 2.9.2
Recommended Action: Update to version 2.9.2, or a newer patched version
Plugin: Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Social Locker – Increase Traffic
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Black Widgets For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version
Plugin: Amazon Associate Filter
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: aThemes Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.8
Recommended Action: Update to version 1.0.8, or a newer patched version
Plugin: Lenxel Core
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 1.2.5
Recommended Action: Update to version 1.2.5, or a newer patched version
Plugin: MDC YouTube Downloader
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Feature Box
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Hotel Booking
Vulnerability: Authenticated (Contributor+) Local File Inclusion
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: FraudLabs Pro SMS Verification
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.10.2
Recommended Action: Update to version 1.10.2, or a newer patched version
Plugin: ThemeFuse Maintenance Mode
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Simple Shortcode for Google Maps
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.6
Recommended Action: Update to version 1.6, or a newer patched version
Plugin: Gutenium Blocks
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Dynamic Post Grid Elementor Addon
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.7
Recommended Action: Update to version 1.0.7, or a newer patched version
Plugin: NMR Strava activities
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Mapme
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Emoji Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: amazing neo icon font for elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RSV 360 View
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: W3SPEEDSTER
Vulnerability: Cross-Site Request Forgery
Patched Version: 7.27
Recommended Action: Update to version 7.27, or a newer patched version
Plugin: W3P SEO
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.8.6
Recommended Action: Update to version 1.8.6, or a newer patched version
Plugin: HB AUDIO GALLERY
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Royal Elementor Addons and Templates
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget
Patched Version: 1.7.1002
Recommended Action: Update to version 1.7.1002, or a newer patched version
Plugin: MyCurator Content Curation
Vulnerability: Authenticated (Editor+) Stored Cross-Site Scripting
Patched Version: 3.79
Recommended Action: Update to version 3.79, or a newer patched version
Plugin: Appointmind
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 4.1.0
Recommended Action: Update to version 4.1.0, or a newer patched version
Plugin: codeSnips
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Seo Free
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy Accordion Gutenberg Block
Vulnerability: Missing Authorization
Patched Version: 1.2.5
Recommended Action: Update to version 1.2.5, or a newer patched version
Plugin: Display Terms Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: YaDisk Files
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Luzuk Team
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: World Prayer Time
Vulnerability: Cross-Site Request Forgery to Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Clyp
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Header Footer Composer for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Map Store Locator
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Adventure Bucket List
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Category Ajax Filter
Vulnerability: Unauthenticated Local File Inclusion
Patched Version: 2.8.3
Recommended Action: Update to version 2.8.3, or a newer patched version
Plugin: jwp-a11y
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Image Carousel Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bamboo Enquiries
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Sticky Social Bar
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP EASY RECIPE
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: PF Timer
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: OS Our Team
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: (dp) AddThis
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Posts Search
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Custom Author URL
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Minical Hotel Booking Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pay With Stripe – Your WordPress Payments Stripe Gateway
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CE21 Suite
Vulnerability: Authentication Bypass
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version
Plugin: Icon Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AchillesTheme-shortcodes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Contact Form 7 – PayPal & Stripe Add-on
Vulnerability: PayPal & Stripe Add-on <= 2.3.1
Patched Version: 2.3.2
Recommended Action: Update to version 2.3.2, or a newer patched version
Plugin: Active Products Tables for WooCommerce. Use constructor to create tables
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode
Patched Version: 1.0.6.5
Recommended Action: Update to version 1.0.6.5, or a newer patched version
Plugin: best bootstrap widgets for elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Quran Shortcode
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Gboy Custom Google Map
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Relais 2FA
Vulnerability: Authentication Bypass
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: My Restaurant Menu
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: User Meta – User Profile Builder and User management plugin
Vulnerability: Insecure Direct Object Reference to Sensitive Information Exposure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RLM Elementor Widgets Pack
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.4.0
Recommended Action: Update to version 1.4.0, or a newer patched version
Plugin: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Vulnerability: Authenticated (Subscriber+) Server-Side Request Forgery
Patched Version: 1.2.3
Recommended Action: Update to version 1.2.3, or a newer patched version
Plugin: Video Gallery for WooCommerce
Vulnerability: Missing Authorization to Unauthenticated Limited File Deletion
Patched Version: 1.32
Recommended Action: Update to version 1.32, or a newer patched version
Plugin: Be Shortcodes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: 活动链接推广插件
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.4
Recommended Action: Update to version 1.2.4, or a newer patched version
Plugin: Twitter @Anywhere Plus
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Futurio Extra
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 2.0.14
Recommended Action: Update to version 2.0.14, or a newer patched version
Plugin: WP Photo Album Plus
Vulnerability: Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay
Patched Version: 8.9.01.001
Recommended Action: Update to version 8.9.01.001, or a newer patched version
Plugin: Alert Me!
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Hoo Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: LUNA RADIO PLAYER
Vulnerability: Unauthenticated Arbitrary File Read
Patched Version: 6.24.11.07
Recommended Action: Update to version 6.24.11.07, or a newer patched version
Plugin: NV Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ultimate Accordion
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: OpenCart Product Display
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Fancy User List
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: OSM – OpenStreetMap
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 6.1.3
Recommended Action: Update to version 6.1.3, or a newer patched version
Plugin: Tigris Flexplatform
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Official SalesWizard CRM
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.4
Recommended Action: Update to version 1.0.4, or a newer patched version
Plugin: Simple Job Manager
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Advanced Control Manager for WordPress by ItalyStrap
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SimpleGMaps
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Featured product by category name
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Vulnerability: Authenticated (Administrator+) Time-Based SQL Injection
Patched Version: 5.4.7
Recommended Action: Update to version 5.4.7, or a newer patched version
Plugin: HT Builder – WordPress Theme Builder for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.1
Recommended Action: Update to version 1.3.1, or a newer patched version
Plugin: Awesome Fitness Testimonials
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Photographer Connections
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.10.3
Recommended Action: Update to version 5.10.3, or a newer patched version
Plugin: VP Sitemap
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: LIQUID BLOCKS – Slider, Carousel, Accordion
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.0
Recommended Action: Update to version 1.3.0, or a newer patched version
Plugin: Debug Tool
Vulnerability: Unauthenticated Arbitrary File Creation
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: BetterLinks – An Advanced Solution for Affiliate Link Management, Link Shortening, Link Tracking, Link Branding & Marketing
Vulnerability: Authenticated (Administrator+) SQL Injection
Patched Version: 2.1.8
Recommended Action: Update to version 2.1.8, or a newer patched version
Plugin: Keymaster Chord Notation Free
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy SVG Support
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 3.8
Recommended Action: Update to version 3.8, or a newer patched version
Plugin: Add Ribbon Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Topbar ID for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Boombox Shortcode Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: The Novel Design Store Directory
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CE21 Suite
Vulnerability: JWT Token Disclosure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Community Yard Sale
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Kings Tab Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Creative Blocks – Ultimate Blocks for Gutenberg
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Embed documents shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: DirectoryPress – Business Directory And Classified Ad Listing
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: 3.6.11
Recommended Action: Update to version 3.6.11, or a newer patched version
Plugin: Restaurant & Cafe Addon for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.5.7
Recommended Action: Update to version 1.5.7, or a newer patched version
Plugin: Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
Vulnerability: Authenticated (Contributor+) Information Disclosure via Shortcode
Patched Version: 1.6.44
Recommended Action: Update to version 1.6.44, or a newer patched version
Plugin: WP Membership
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 1.6.3
Recommended Action: Update to version 1.6.3, or a newer patched version
Plugin: Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.8.3.1
Recommended Action: Update to version 1.8.3.1, or a newer patched version
Plugin: kineticPay for WooCommerce
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 3.0
Recommended Action: Update to version 3.0, or a newer patched version
Plugin: Pricing Tables WordPress Plugin – Easy Pricing Tables
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute
Patched Version: 3.2.7
Recommended Action: Update to version 3.2.7, or a newer patched version
Plugin: Smart Mockups
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress User Extra Fields
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 16.6
Recommended Action: Update to version 16.6, or a newer patched version
Plugin: Heateor Social Login WordPress
Vulnerability: Authentication Bypass
Patched Version: 1.1.36
Recommended Action: Update to version 1.1.36, or a newer patched version
Plugin: yPHPlista
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WS Form LITE – Drag & Drop Contact Form Builder for WordPress
Vulnerability: Reflected Cross-Site Scripting via URL
Patched Version: 1.9.245
Recommended Action: Update to version 1.9.245, or a newer patched version
Plugin: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Vulnerability: Gutenberg Block <= 3.0.3
Patched Version: 3.0.4
Recommended Action: Update to version 3.0.4, or a newer patched version
Plugin: Stylish Internal Links
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ekiline Block Collection
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Events Manager Pro – extended
Vulnerability: Cross-Site Request Forgery to Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Boostify Header Footer Builder for Elementor
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version
Plugin: Classy Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Training – Courses
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Vulnerability: Missing Authorization
Patched Version: 2.1.3
Recommended Action: Update to version 2.1.3, or a newer patched version
Plugin: Podlove Podcast Publisher
Vulnerability: Authenticated (Admin+) Remote Code Execution
Patched Version: 4.1.17
Recommended Action: Update to version 4.1.17, or a newer patched version
Plugin: Stars SMTP Mailer
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SKSDEV Toolkit
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Tumult Hype Animations
Vulnerability: Missing Authorization
Patched Version: 1.9.15
Recommended Action: Update to version 1.9.15, or a newer patched version
Plugin: Geoportail Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: scrollup
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy Gallery
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Parallaxer – Parallax Effect on Content
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
Vulnerability: Authenticated (Editor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Social button
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Contest
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 1.6.46
Recommended Action: Update to version 1.6.46, or a newer patched version
Plugin: Text Advertisements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: MDR Webmaster Tools
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CYAN Backup
Vulnerability: Authenticated (Admin+) Arbitrary File Download
Patched Version: 2.5.4
Recommended Action: Update to version 2.5.4, or a newer patched version
Plugin: JobSearch WP Job Board
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: 2.6.8
Recommended Action: Update to version 2.6.8, or a newer patched version
Plugin: Media Modal
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Faltu Testimonial Rotator
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CRM WordPress Plugin – RepairBuddy
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 3.8116
Recommended Action: Update to version 3.8116, or a newer patched version
Plugin: OS Pricing Tables
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Mobile Kiosk
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Plenigo
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: YaDisk Files
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Picsmize
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP EIS
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Course Manager
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: wp_automatic_widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version
Plugin: Elo Rating Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.4
Recommended Action: Update to version 1.0.4, or a newer patched version
Plugin: Beds24 Online Booking
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 2.0.26
Recommended Action: Update to version 2.0.26, or a newer patched version
Plugin: Super Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Brand my Footer
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Rig Elements For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Responsive Flickr Gallery
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Hola Free Video Player
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: News Ticker
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: MasterBip para Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Delisho – Recipe Widgets and Blocks
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.7
Recommended Action: Update to version 1.0.7, or a newer patched version
Plugin: Postcasa Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI)
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 1.5.3
Recommended Action: Update to version 1.5.3, or a newer patched version
Plugin: Twigify
Vulnerability: Running Vulnerable Twig Package
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Slicko
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Mage Front End Forms
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: EventPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: bpmn.io
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Clever Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RSV PDF Preview
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Lodgix.com Vacation Rental Website Builder
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RSVP ME
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Multi Purpose Mail Form
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Dynamic Widgets
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.6.5
Recommended Action: Update to version 1.6.5, or a newer patched version
Plugin: Postify: Post Layout For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SV Forms
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Advanced PDF Generator
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Persian Nested Show/Hide Text
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Vulnerability: Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template
Patched Version: 1.2.5
Recommended Action: Update to version 1.2.5, or a newer patched version
Plugin: SKT Addons for Elementor
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 3.4
Recommended Action: Update to version 3.4, or a newer patched version
Plugin: Testimonial Slider Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Smooth Maps
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Multiple Page Generator Plugin – MPG
Vulnerability: Authenticated (Editor+) Directory Traversal to Limited File Deletion
Patched Version: 4.0.3
Recommended Action: Update to version 4.0.3, or a newer patched version
Plugin: MapPress Maps for WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block
Patched Version: 2.94.2
Recommended Action: Update to version 2.94.2, or a newer patched version
Plugin: Classified Listing – Classified ads & Business Directory Plugin
Vulnerability: Authenticated (Contributor+) Local File Inclusion
Patched Version: 3.1.17
Recommended Action: Update to version 3.1.17, or a newer patched version
Plugin: Fast Video and Image Display
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Olympus Shortcodes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Awesome Tool Tip
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Redirecter
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Ancient World Linked Data for WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Mobilize
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Admin and Site Enhancements (ASE)
Vulnerability: Authenticated Stored Cross-Site Scripting via SVG
Patched Version: 7.5.2
Recommended Action: Update to version 7.5.2, or a newer patched version
Plugin: Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.7.7
Recommended Action: Update to version 1.7.7, or a newer patched version
Plugin: Image Classify
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ID-SK Toolkit
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: RSVPMaker for Toastmasters
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 6.2.5
Recommended Action: Update to version 6.2.5, or a newer patched version
Plugin: WP Job Portal – A Complete Recruitment System for Company or Job Board website
Vulnerability: Authenticated (Subscriber+) Stored Cross-Site Scripting
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version
Plugin: Real WP Shop Lite Ajax eCommerce Shopping Cart
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Naver Blog
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Luzuk Testimonials
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Browsing History
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Location Click Map
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress User Extra Fields
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Patched Version: 16.7
Recommended Action: Update to version 16.7, or a newer patched version
Plugin: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Vulnerability: Cross-Site Request Forgery
Patched Version: 3.7.1
Recommended Action: Update to version 3.7.1, or a newer patched version
Plugin: Audio Comparison Lite
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.5
Recommended Action: Update to version 3.5, or a newer patched version
Plugin: Admin SMS Alert
Vulnerability: Cross-Site Request Forgery to Stored Cross Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pro Addons For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.6.0
Recommended Action: Update to version 1.6.0, or a newer patched version
Plugin: Contact Forms, Live Support, CRM, Video Messages
Vulnerability: Unauthenticated Information Disclosure
Patched Version: 1.11.1
Recommended Action: Update to version 1.11.1, or a newer patched version
Plugin: Web Stories Widgets For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.1.1
Recommended Action: Update to version 1.1.1, or a newer patched version
Plugin: Attesa Extra
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 1.4.3
Recommended Action: Update to version 1.4.3, or a newer patched version
Plugin: Kognetiks Chatbot for WordPress
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Assistant Addition
Patched Version: 2.1.8
Recommended Action: Update to version 2.1.8, or a newer patched version
Plugin: Flash Show And Hide Box
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Vulnerability: Unauthenticated Sensitive Information Disclosure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: IntelliWidget Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy CSV Importer BETA
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: L Squared Hub WP – Virtual Device Plugin
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Do That Task
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Meta Store Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pricer Ninja: Create and add responsive Pricing Tables to your website on-the-fly
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.2.4
Recommended Action: Update to version 2.2.4, or a newer patched version
Plugin: UPDATE NOTIFICATIONS
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Royal Elementor Addons and Templates
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Patched Version: 1.7.1002
Recommended Action: Update to version 1.7.1002, or a newer patched version
Plugin: ZIJ KART
Vulnerability: Unauthenticated Local File Inclusion
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Multifox Plus
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Show Visitor IP Address
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bigmart Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Datasets Manager by Arttia Creative
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Semantic Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Skip To
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: audioCase
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: GreenCon – Table, Listing, Marketing builder for Gutenberg
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WordPress User Extra Fields
Vulnerability: Unauthenticated Arbitrary File Deletion
Patched Version: 16.7
Recommended Action: Update to version 16.7, or a newer patched version
Plugin: Hover Video Preview
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: ra_qrcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Selar.co Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: LH QR Codes
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Wd-image-magnifier-xoss
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Easy Social Sharebar
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Testimonial Widget
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Agenda
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Download-Mirror-Counter
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Step by Step
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Manage User Columns
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version
Plugin: Buy one click WooCommerce
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Settings Import
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: 3D Presentation
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Themedy Toolbox
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WeChat Subscribers Lite 微信公众订阅号插件
Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Charity Addon for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.3.3
Recommended Action: Update to version 1.3.3, or a newer patched version
Plugin: Addressbook
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP PagSeguro Payments
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Platform.ly Official
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.14
Recommended Action: Update to version 1.14, or a newer patched version
Plugin: Sell Media File with Stripe
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Surbma | Font Awesome
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Beacon For Help Scout
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WooCommerce Upload Files
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 84.4
Recommended Action: Update to version 84.4, or a newer patched version
Plugin: Advanced Video Player with Analytics
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AwesomePress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Team Member – Multi Language Supported Team Plugin
Vulnerability: Authenticated (Editor+) Local File Inclusion
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Matix Popup Builder
Vulnerability: Unauthenticated Arbitrary Options Update
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Hebrew Dates
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 2.3.0
Recommended Action: Update to version 2.3.0, or a newer patched version
Plugin: Royal Elementor Addons and Templates
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget
Patched Version: 1.7.1002
Recommended Action: Update to version 1.7.1002, or a newer patched version
Plugin: BU Slideshow
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Quform – WordPress Form Builder
Vulnerability: WordPress Form Builder <= 2.20.0
Patched Version: 2.21.0
Recommended Action: Update to version 2.21.0, or a newer patched version
Plugin: Posts Filter
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Media Library Assistant
Vulnerability: Authenticated (Administrator+) Remote Code Execution
Patched Version: 3.20
Recommended Action: Update to version 3.20, or a newer patched version
Plugin: Custom URL Shortener
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: drop in image slideshow gallery
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Leopard – WordPress Offload Media
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Patched Version: 3.1.2
Recommended Action: Update to version 3.1.2, or a newer patched version
Plugin: AA Audio Player
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: KBucket: Your Curated Content in WordPress
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.6.0
Recommended Action: Update to version 1.6.0, or a newer patched version
Plugin: Blrt WP Embed
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Content Slider Block
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: 3.1.6
Recommended Action: Update to version 3.1.6, or a newer patched version
Plugin: Simple Social Share Block
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WM Zoom
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Social Share, Social Login and Social Comments Plugin – Super Socializer
Vulnerability: Authentication Bypass
Patched Version: 7.14
Recommended Action: Update to version 7.14, or a newer patched version
Plugin: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vulnerability: Unauthenticated Privilege Escalation via Password Recovery
Patched Version: 6.0.2.7
Recommended Action: Update to version 6.0.2.7, or a newer patched version
Plugin: WP Virtual Room Configurator
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Multi-day Booking Calendar
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Reftagger Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Lead capture, gated content & newsletter opt-ins
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 7.5.880
Recommended Action: Update to version 7.5.880, or a newer patched version
Plugin: Simpul Events by Esotech
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: BeBetter Social Icons
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: I Plant A Tree
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Popup Image
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Elementary Addons
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Kognetiks Chatbot for WordPress
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Assistant Update
Patched Version: 2.1.8
Recommended Action: Update to version 2.1.8, or a newer patched version
Plugin: WordPress Business Plugin
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: CE21 Suite
Vulnerability: Missing Authorization to Unauthenticated Plugin Settings Change
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pdf Embedder Fay
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: FOX – Currency Switcher Professional for WooCommerce
Vulnerability: Unauthenticated Arbitrary Shortcode Execution
Patched Version: 1.4.2.3
Recommended Action: Update to version 1.4.2.3, or a newer patched version
Plugin: Magic Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Provide Forex Signals
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SH Slideshow
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bitcoin Payments
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WP Pocket URLs
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.4
Recommended Action: Update to version 1.0.4, or a newer patched version
Plugin: Combo WP Rewrite Slugs
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Settings Change
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: File Select Control For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Banner System
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Anant Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version
Plugin: DataMentor – Best DataTables Plugin for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Logo Slider
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.5.0
Recommended Action: Update to version 4.5.0, or a newer patched version
Plugin: Plugin Name: GMO Social Connection
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Kognetiks Chatbot for WordPress
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.1.8
Recommended Action: Update to version 2.1.8, or a newer patched version
Plugin: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.1.1
Recommended Action: Update to version 2.1.1, or a newer patched version
Plugin: Gmap Point List
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: JS Help Desk – The Ultimate Help Desk & Support Plugin
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 2.8.8
Recommended Action: Update to version 2.8.8, or a newer patched version
Plugin: Knowledge Base
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.2.1
Recommended Action: Update to version 2.2.1, or a newer patched version
Plugin: Jigoshop – Store Exporter
Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Utech Spinning Earth
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Brizy – Page Builder
Vulnerability: Authenticated (Contributor+) Arbitrary File Upload
Patched Version: 2.4.41
Recommended Action: Update to version 2.4.41, or a newer patched version
Plugin: Alley Elementor Widget
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: JobSearch WP Job Board
Vulnerability: Unauthenticated Arbitrary File Upload
Patched Version: 2.6.8
Recommended Action: Update to version 2.6.8, or a newer patched version
Plugin: WooCommerce Support Ticket System
Vulnerability: Unauthenticated Arbitrary File Deletion
Patched Version: 17.8
Recommended Action: Update to version 17.8, or a newer patched version
Plugin: MultiManager WP – Manage All Your WordPress Sites Easily
Vulnerability: Authentication Bypass via User Impersonation
Patched Version: 1.1.0
Recommended Action: Update to version 1.1.0, or a newer patched version
Plugin: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Vulnerability: Insecure Direct Object Reference to Unauthenticated Authorization Bypass
Patched Version: 2.6.14
Recommended Action: Update to version 2.6.14, or a newer patched version
Plugin: Accordion title for Elementor
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version
Plugin: Lewe Bootstrap Visuals
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Porsline
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Private Google Calendars
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 20240106
Recommended Action: Update to version 20240106, or a newer patched version
Plugin: Responsive Contact Form Builder & Lead Generation Plugin
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bricksable for Bricks Builder
Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 1.6.60
Recommended Action: Update to version 1.6.60, or a newer patched version
Plugin: FormFacade – WordPress plugin for Google Forms
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.3.7
Recommended Action: Update to version 1.3.7, or a newer patched version
Plugin: JetWidgets For Elementor
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: 1.0.19
Recommended Action: Update to version 1.0.19, or a newer patched version
Plugin: Simple Page Specific Sidebars
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Shortcode Collection
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Google Visualization Charts
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Bg Patriarchia BU
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Horsemanager
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: EndomondoWP
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Vulnerability: Unauthenticated Arbitrary Shortcode Execution
Patched Version: 2.13.1
Recommended Action: Update to version 2.13.1, or a newer patched version
Plugin: e-shopsカート2
Vulnerability: Cross-Site Request Forgery to Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Random Featured Post
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Cowidgets – Elementor Addons
Vulnerability: Authenticated (Contributor+) Post Disclosure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: SmartLink Dynamic URLs
Vulnerability: Cross-Site Request Forgery to Stored Cross-Site Scripting
Patched Version: 1.1.1
Recommended Action: Update to version 1.1.1, or a newer patched version
Plugin: EleForms – All In One Form Integration including DB for Elementor
Vulnerability: Missing Authorization
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: DigiPass
Vulnerability: Unauthenticated Arbitrary File Download
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Курс валют UAH
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Kento Ads Rotator
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AMP Img Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Print PDF Generator and Publisher
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.0
Recommended Action: Update to version 1.2.0, or a newer patched version
Plugin: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version
Plugin: Moka Get Posts Shortcode
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WooCommerce Support Ticket System
Vulnerability: Authenticated (Subscriber+) Arbitrary File Deletion
Patched Version: 17.8
Recommended Action: Update to version 17.8, or a newer patched version
Plugin: Sided
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: News Articles
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)
Vulnerability: Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18
Patched Version: 3.15.19
Recommended Action: Update to version 3.15.19, or a newer patched version
Plugin: Cresta Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.1.0
Recommended Action: Update to version 1.1.0, or a newer patched version
Plugin: Kognetiks Chatbot for WordPress
Vulnerability: Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification
Patched Version: 2.1.9
Recommended Action: Update to version 2.1.9, or a newer patched version
Plugin: Aajoda Testimonials
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Event post
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode
Patched Version: 5.9.7
Recommended Action: Update to version 5.9.7, or a newer patched version
Plugin: ThemeShark Templates & Widgets for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Cookie Nonsense for YT
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: AmaDiscount Plugin
Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: WoW Guild Armory Roster
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Contact Form 7 Redirect & Thank You Page
Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.0.7
Recommended Action: Update to version 1.0.7, or a newer patched version
Plugin: Kognetiks Chatbot for WordPress
Vulnerability: Missing Authorization to Authenticated (Subscriber+) Assistant Deletion
Patched Version: 2.1.8
Recommended Action: Update to version 2.1.8, or a newer patched version
Plugin: Bonway Static Block Editor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Blocks Post Grid
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Christian Science Bible Lesson Subjects
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.1
Recommended Action: Update to version 2.1, or a newer patched version
Plugin: Webriti Custom Login
Vulnerability: Cross-Site Request Forgery to Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pull This
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Logo Slider
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 4.5.0
Recommended Action: Update to version 4.5.0, or a newer patched version
Plugin: Marquee Elementor with Posts
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Pie Register Premium
Vulnerability: Missing Authorization
Patched Version: 3.8.3.3
Recommended Action: Update to version 3.8.3.3, or a newer patched version
Plugin: Cowidgets – Elementor Addons
Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Trendy Restaurant Menu – Best Restaurant Plugin for WordPress
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Consensu.io | Conformidade e Consentimento de Cookies para LGPD
Vulnerability: Missing Authorization via update_config_db()
Patched Version: 1.0.4
Recommended Action: Update to version 1.0.4, or a newer patched version
Plugin: Happy Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison
Patched Version: 3.12.6
Recommended Action: Update to version 3.12.6, or a newer patched version
Plugin: APK Downloader
Vulnerability: Cross-Site Request Forgery to Stored Cross Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Definitive Addons for Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Multiple Votes in one page
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
