This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: WPIDE – File Manager & Code Editor
Vulnerability: Other Vulnerability Type
Patched Version: 3.0
Recommended Action: Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
Plugin: amCharts: Charts and Maps
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress amCharts: Charts and Maps plugin to the latest available version (at least 1.4.1).
Plugin: Contest Gallery
Vulnerability: SQL Injection
Patched Version: 17.0.5
Recommended Action: Update the WordPress Contest Gallery plugin to the latest available version (at least 17.0.5).
Plugin: Export All URLs
Vulnerability: Other Vulnerability Type
Patched Version: 4.4
Recommended Action: Update the WordPress Export All URLs plugin to the latest available version (at least 4.4).
Plugin: Leaflet Maps Marker
Vulnerability: SQL Injection
Patched Version: 3.12.5
Recommended Action: Update the WordPress Leaflet Maps Marker plugin to the latest available version (at least 3.12.5).
Plugin: Stop Spam Comments
Vulnerability: Bypass Vulnerability
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 3, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Simply Schedule Appointments
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.5.7.7
Recommended Action: Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.5.7.7).
Plugin: Simply Schedule Appointments
Vulnerability: Other Vulnerability Type
Patched Version: 1.5.7.7
Recommended Action: Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.5.7.7).
Plugin: WP Hide Security Enhancer
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8
Recommended Action: Update the WordPress WP Hide Security Enhancer plugin to the latest available version (at least 1.8).
Plugin: Ecwid Shopping Cart
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 6.10.24
Recommended Action: Update the WordPress Ecwid Shopping Cart plugin to the latest available version (at least 6.10.24).
Plugin: Sensei LMS
Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 4.5.2
Recommended Action: Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.2).
Plugin: Duplicator
Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.
Vulnerability: Other Vulnerability Type
Patched Version: 1.4.7
Recommended Action: Update the WordPress Duplicator plugin to the latest available version (at least 1.4.7).
Plugin: Sensei LMS
Vulnerability: Sensitive Data Exposure
Patched Version: 4.5.0
Recommended Action: Update the WordPress Sensei LMS plugin to the latest available version (at least 4.5.0).
Plugin: Gutenberg
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: MailChimp For WooCommerce
Vulnerability: Server Side Request Forgery (SSRF)
Patched Version: 2.7.2
Recommended Action: Update the WordPress MailChimp For WooCommerce plugin to the latest available version (at least 2.7.2).
Plugin: MailChimp For WooCommerce
Vulnerability: Server Side Request Forgery (SSRF)
Patched Version: 2.7.1
Recommended Action: Update the WordPress MailChimp For WooCommerce plugin to the latest available version (at least 2.7.1).
Plugin: WPIDE – File Manager & Code Editor
Vulnerability: Local File Inclusion
Patched Version: 3.0
Recommended Action: Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
Plugin: WooCommerce PDF Invoices & Packing Slips
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version (at least 3.0.1).
Plugin: Anti-Malware Security and Brute-Force Firewall
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.21.83
Recommended Action: Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version (at least 4.21.83).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments