Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.6.4
Recommended Action: Update to version 1.6.4, or a newer patched version
Plugin: WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.5.16
Recommended Action: Update to version 1.5.16, or a newer patched version
Plugin: Simple:Press Forum
Vulnerability: Arbitrary File Upload
Patched Version: 6.6.1
Recommended Action: Update to version 6.6.1, or a newer patched version
Plugin: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
Vulnerability: Improper Access Controls
Patched Version: 2.0.29
Recommended Action: Update to version 2.0.29, or a newer patched version
Plugin: Ocean Extra
Vulnerability: Cross-Site Request Forgery Bypass
Patched Version: 1.6.6
Recommended Action: Update to version 1.6.6, or a newer patched version
Plugin: Slider by 10Web – Responsive Image Slider
Vulnerability: SQL Injection
Patched Version: 1.2.36
Recommended Action: Update to version 1.2.36, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
