Watch Out Wednesday – December 20, 2023

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including AMP for WP, WP Google Maps, SendPress Newsletters and more!

by | Dec 20, 2023 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – December 20, 2023
This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including AMP for WP, WP Google Maps, SendPress Newsletters and more!

by | Dec 20, 2023 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including AMP for WP, WP Google Maps, SendPress Newsletters and more!

Plugin: WP Google Maps

Vulnerability: Unauthenticated Stored XSS vulnerability
Patched Version: 9.0.28
Recommended Action: Update the WordPress WP Google Maps plugin to the latest available version (at least 9.0.28).

Plugin: AMP for WP

Vulnerability: Authenticated Stored Cross-Site Scripting (XSS) Via Shortcode vulnerability
Patched Version: 1.0.92.1
Recommended Action: Update the WordPress Accelerated Mobile Pages plugin to the latest available version (at least 1.0.92.1).

Plugin: MW WP Form

Vulnerability: Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion vulnerability
Patched Version: 5.0.4
Recommended Action: Update the WordPress MW WP Form plugin to the latest available version (at least 5.0.4).

Plugin: Slick Social Share Buttons

Vulnerability: Authenticated Arbitrary Option Update vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: GG Woo Feed for WooCommerce

Vulnerability: Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Backuply – Backup, Restore, Migrate and Clone

Vulnerability: Authenticated Plugin Settings Change vulnerability
Patched Version: 1.2.2
Recommended Action: Update the WordPress Backuply – Backup, Restore, Migrate and Clone plugin to the latest available version (at least 1.2.2).

Plugin: SpeedyCache

Vulnerability: Subscriber+ Plugin Settings Change vulnerability
Patched Version: 1.1.4
Recommended Action: Update the WordPress SpeedyCache plugin to the latest available version (at least 1.1.4).

Plugin: Post Grid

Vulnerability: Authenticated Cross-Site Scripting vulnerability
Patched Version: 2.2.65
Recommended Action: Update the WordPress Post Grid plugin to the latest available version (at least 2.2.65).

Plugin: e2pdf

Vulnerability: Authenticated (Administrator+) Arbitrary File Upload vulnerability
Patched Version: 1.20.26
Recommended Action: Update the WordPress E2Pdf plugin to the latest available version (at least 1.20.26).

Plugin: Essential Real Estate

Vulnerability: Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Patched Version: 4.4.0
Recommended Action: Update the WordPress Essential Real Estate plugin to the latest available version (at least 4.4.0).

Plugin: Featured Image from URL

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text vulnerability
Patched Version: 4.5.4
Recommended Action: Update the WordPress Featured Image from URL plugin to the latest available version (at least 4.5.4).

Plugin: Enable Media Replace

Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 4.1.5
Recommended Action: Update the WordPress Enable Media Replace plugin to the latest available version (at least 4.1.5).

Plugin: Google Language Translator

Vulnerability: Broken Access Control vulnerability
Patched Version: 6.0.20
Recommended Action: Update the WordPress Google Language Translator plugin to the latest available version (at least 6.0.20).

Plugin: Greenshift – animation and page builder blocks

Vulnerability: Authenticated (Administrator+) Arbitrary File Upload vulnerability
Patched Version: 7.6.3
Recommended Action: Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version (at least 7.6.3).

Plugin: Advanced iFrame

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2023.9
Recommended Action: Update the WordPress Advanced iFrame plugin to the latest available version (at least 2023.9).

Plugin: SendPress Newsletters

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.23.11.6
Recommended Action: Update the WordPress SendPress Newsletters plugin to the latest available version (at least 1.23.11.6).

Plugin: Spice Post Slider

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.1
Recommended Action: Update the WordPress Spice Post Slider plugin to the latest available version (at least 2.1).

Plugin: Interact: Embed A Quiz On Your Site

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.1
Recommended Action: Update the WordPress Interact: Embed A Quiz On Your Site plugin to the latest available version (at least 3.1).

Plugin: Sponsors

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *