Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: BA Book Everything
Vulnerability: Cross-Site Scripting and Cross-Frame Scripting
Patched Version: 1.3.25
Recommended Action: Update to version 1.3.25, or a newer patched version
Plugin: WordPress + Microsoft Office 365 / Azure AD | LOGIN
Vulnerability: Authentication Bypass
Patched Version: 11.7
Recommended Action: Update to version 11.7, or a newer patched version
Plugin: Elementor Website Builder Pro
Vulnerability: Authenticated Remote Code Execution in Dynamic OOO Widget
Patched Version: 3.0.6
Recommended Action: Update to version 3.0.6, or a newer patched version
Plugin: LearnPress – WordPress LMS Plugin
Vulnerability: SQL Injection
Patched Version: 3.2.7.3
Recommended Action: Update to version 3.2.7.3, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
