Watch Out Wednesday – January 4, 2023

by | Jan 3, 2023 | WoW Archive

FocusWP - White Label WordPress Maintenance for Digital Agencies
FocusWP - White Label WordPress Maintenance for Digital Agencies
Watch Out Wednesday – January 4, 2023

by | Jan 3, 2023 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Store Locator, GeoDirectory, User Verification, and more!

Plugin: Store Locator WordPress

Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress Store Locator WordPress plugin to the latest available version (at least 1.4.9).
Recommended Action: Update the WordPress Store Locator WordPress plugin to the latest available version (at least 1.4.9).

Plugin: GS Logo Slider – Ticker, Grid, List, Table & Filter Views

Vulnerability: Contributor+ Stored XSS in Shortcode vulnerability
Patched Version: Update the WordPress GS Logo Slider – Ticker, Grid, List, Table & Filter Views plugin to the latest available version (at least 3.3.8).
Recommended Action: Update the WordPress GS Logo Slider – Ticker, Grid, List, Table & Filter Views plugin to the latest available version (at least 3.3.8).

Plugin: GeoDirectory

Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress GeoDirectory plugin to the latest available version (at least 2.2.22).
Recommended Action: Update the WordPress GeoDirectory plugin to the latest available version (at least 2.2.22).

Plugin: Passster – Password Protection

Vulnerability: Password Protection plugin < 3.5.5.9 Protection Bypass & Arbitrary Post Access vulnerability
Vulnerability: Password Protection plugin < 3.5.5.8 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Passster – Password Protection plugin to the latest available version (at least 3.5.5.8).
Recommended Action: Update the WordPress Passster – Password Protection plugin to the latest available version (at least 3.5.5.8).

Plugin: WP Google My Business Auto Publish

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WP Google My Business Auto Publish plugin to the latest available version (at least 3.4).
Recommended Action: Update the WordPress WP Google My Business Auto Publish plugin to the latest available version (at least 3.4).

Plugin: Content Control

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Content Control plugin to the latest available version (at least 1.1.10).
Recommended Action: Update the WordPress Content Control plugin to the latest available version (at least 1.1.10).

Plugin: 10Web Map Builder for Google Maps

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress 10Web Map Builder for Google Maps plugin to the latest available version (at least 1.0.72).
Recommended Action: Update the WordPress 10Web Map Builder for Google Maps plugin to the latest available version (at least 1.0.72).

Plugin: Genesis Columns Advanced

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Genesis Columns Advanced plugin to the latest available version (at least 2.0.4).
Recommended Action: Update the WordPress Genesis Columns Advanced plugin to the latest available version (at least 2.0.4).

Plugin: Top 10

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Top 10 plugin to the latest available version (at least 3.2.3).
Recommended Action: Update the WordPress Top 10 plugin to the latest available version (at least 3.2.3).

Plugin: WPZOOM Portfolio

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WPZOOM Portfolio plugin to the latest available version (at least 1.2.2).
Recommended Action: Update the WordPress WPZOOM Portfolio plugin to the latest available version (at least 1.2.2).

Plugin: Word Balloon

Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress Word Balloon plugin to the latest available version (at least 4.19.3).
Recommended Action: Update the WordPress Word Balloon plugin to the latest available version (at least 4.19.3).

Plugin: Product Slider for WooCommerce

Vulnerability: Contributor+ Stored XSS in Shortcode vulnerability
Patched Version: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.6.4).
Recommended Action: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.6.4).

Plugin: Optimize images ALT Text (alt tag) & names for SEO using AI

Vulnerability: Settings Update via CSRF vulnerability
Patched Version: Update the WordPress Optimize images ALT Text (alt tag) & names for SEO using AI plugin to the latest available version (at least 2.0.8).
Recommended Action: Update the WordPress Optimize images ALT Text (alt tag) & names for SEO using AI plugin to the latest available version (at least 2.0.8).

Plugin: User Verification

Vulnerability: Authentication Bypass vulnerability
Patched Version: Update the WordPress User Verification plugin to the latest available version (at least 1.0.94).
Recommended Action: Update the WordPress User Verification plugin to the latest available version (at least 1.0.94).

Plugin: WP Popups

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WP Popups plugin to the latest available version (at least 2.1.4.8).
Recommended Action: Update the WordPress WP Popups plugin to the latest available version (at least 2.1.4.8).

Plugin: Structured Content

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Structured Content plugin to the latest available version (at least 1.5.1).
Recommended Action: Update the WordPress Structured Content plugin to the latest available version (at least 1.5.1).

Plugin: Print-O-Matic

Vulnerability: OMatic plugin < 2.1.8 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Print-O-Matic plugin to the latest available version (at least 2.1.8).
Recommended Action: Update the WordPress Print-O-Matic plugin to the latest available version (at least 2.1.8).

Plugin: OneClick Chat to Order

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress OneClick Chat to Order plugin to the latest available version (at least 1.0.4.2).
Recommended Action: Update the WordPress OneClick Chat to Order plugin to the latest available version (at least 1.0.4.2).

Plugin: ShiftNav – Responsive Mobile Menu

Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress ShiftNav – Responsive Mobile Menu plugin to the latest available version (at least 1.7.2).
Recommended Action: Update the WordPress ShiftNav – Responsive Mobile Menu plugin to the latest available version (at least 1.7.2).

Plugin: Collapse-O-Matic

Vulnerability: OMatic plugin < 1.8.3 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Collapse-O-Matic plugin to the latest available version (at least 1.8.3).
Recommended Action: Update the WordPress Collapse-O-Matic plugin to the latest available version (at least 1.8.3).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *