Watch Out Wednesday – August 10, 2022

by | Aug 9, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – August 10, 2022

by | Aug 9, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

Plugin: WPIDE – File Manager & Code Editor

Vulnerability: Other Vulnerability Type
Patched Version: 3.0
Recommended Action: Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).

Plugin: amCharts: Charts and Maps

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress amCharts: Charts and Maps plugin to the latest available version (at least 1.4.1).

Plugin: Contest Gallery

Vulnerability: SQL Injection
Patched Version: 17.0.5
Recommended Action: Update the WordPress Contest Gallery plugin to the latest available version (at least 17.0.5).

Plugin: Export All URLs

Vulnerability: Other Vulnerability Type
Patched Version: 4.4
Recommended Action: Update the WordPress Export All URLs plugin to the latest available version (at least 4.4).

Plugin: Leaflet Maps Marker

Vulnerability: SQL Injection
Patched Version: 3.12.5
Recommended Action: Update the WordPress Leaflet Maps Marker plugin to the latest available version (at least 3.12.5).

Plugin: Stop Spam Comments

Vulnerability: Bypass Vulnerability
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Simply Schedule Appointments

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.5.7.7
Recommended Action: Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.5.7.7).

Plugin: Simply Schedule Appointments

Vulnerability: Other Vulnerability Type
Patched Version: 1.5.7.7
Recommended Action: Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.5.7.7).

Plugin: WP Hide Security Enhancer

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8
Recommended Action: Update the WordPress WP Hide Security Enhancer plugin to the latest available version (at least 1.8).

Plugin: Ecwid Shopping Cart

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 6.10.24
Recommended Action: Update the WordPress Ecwid Shopping Cart plugin to the latest available version (at least 6.10.24).

Plugin: Sensei LMS

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 4.5.2
Recommended Action: Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.2).

Plugin: Duplicator

Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.
Vulnerability: Other Vulnerability Type
Patched Version: 1.4.7
Recommended Action: Update the WordPress Duplicator plugin to the latest available version (at least 1.4.7).

Plugin: Sensei LMS

Vulnerability: Sensitive Data Exposure
Patched Version: 4.5.0
Recommended Action: Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.0).

Plugin: Gutenberg

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: MailChimp For WooCommerce

Vulnerability: Server Side Request Forgery (SSRF)
Patched Version: 2.7.2
Recommended Action: Update the WordPress MailChimp For WooCommerce plugin to the latest available version (at least 2.7.2).

Plugin: MailChimp For WooCommerce

Vulnerability: Server Side Request Forgery (SSRF)
Patched Version: 2.7.1
Recommended Action: Update the WordPress MailChimp For WooCommerce plugin to the latest available version (at least 2.7.1).

Plugin: WPIDE – File Manager & Code Editor

Vulnerability: Local File Inclusion
Patched Version: 3.0
Recommended Action: Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).

Plugin: WooCommerce PDF Invoices & Packing Slips

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version (at least 3.0.1).

Plugin: Anti-Malware Security and Brute-Force Firewall

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.21.83
Recommended Action: Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version (at least 4.21.83).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *