This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: Broken Link Checker
Vulnerability: Deserialization of untrusted data
Patched Version: 1.11.17
Recommended Action: Update the WordPress Broken Link Checker plugin to the latest available version (at least 1.11.17).
Plugin: Affiliates Manager
Vulnerability: CSV Injection
Patched Version: 2.9.14
Recommended Action: Update the WordPress Affiliates Manager plugin to the latest available version (at least 2.9.14).
Plugin: Affiliates Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.14
Recommended Action: Update the WordPress Affiliates Manager plugin to the latest available version (at least 2.9.14).
Plugin: Affiliates Manager
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.9.14
Recommended Action: Update the WordPress Affiliates Manager plugin to the latest available version (at least 2.9.14).
Plugin: Affiliates Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.14
Recommended Action: Update the WordPress Affiliates Manager plugin to the latest available version (at least 2.9.14).
Plugin: WP Database Backup
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.9
Recommended Action: Update the WordPress WP Database Backup plugin to the latest available version (at least 5.9).
Plugin: WC Marketplace
Vulnerability: Local File Inclusion
Patched Version: 3.8.12
Recommended Action: Update the WordPress WC Marketplace plugin to the latest available version (at least 3.8.12).
Plugin: WC Marketplace
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.18.2
Recommended Action: Update the WordPress WC Marketplace plugin to the latest available version (at least 3.18.2).
Plugin: WC Marketplace
Vulnerability: Broken Authentication
Patched Version: 3.8.12
Recommended Action: Update the WordPress WC Marketplace plugin to the latest available version (at least 3.8.12).
Plugin: Visual Portfolio, Photo Gallery & Post Grid
Vulnerability: Arbitrary File Download
Patched Version: 2.19.0
Recommended Action: Update the WordPress Visual Portfolio, Photo Gallery & Post Grid plugin to the latest available version (at least 2.19.0).
Plugin: Visual Portfolio, Photo Gallery & Post Grid
Vulnerability: Other Vulnerability Type
Patched Version: 2.18.0
Recommended Action: Update the WordPress Visual Portfolio, Photo Gallery & Post Grid plugin to the latest available version (at least 1.18.0).
Plugin: Fast Flow
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.12
Recommended Action: Update the WordPress Fast Flow plugin to the latest available version (at least 1.2.12).
Plugin: Uploading SVG, WEBP and ICO files
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Uploading SVG, WEBP and ICO files
Vulnerability: Arbitrary File Upload
Patched Version: N/A
Recommended Action: No patched version is available. Ignored by the vendor.
Plugin: Notification Bar for WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: THE Leads Management System: 59sec LITE
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Alpine PhotoTile for Pinterest
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Gallery PhotoBlocks
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Photo Gallery by 10Web
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.1
Recommended Action: Update the WordPress Photo Gallery by 10Web plugin to the latest available version (at least 1.7.1).
Plugin: AS – Create Pinterest Pinboard Pages
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No fix is available.
Plugin: SP Project & Document Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.62
Recommended Action: Update the WordPress SP Project & Document Manager plugin to the latest available version (at least 4.62).
Plugin: Easy Digital Downloads
Vulnerability: PHP Object Injection
Patched Version: 3.0.2
Recommended Action: Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0.2).
Plugin: Best Payments Plugin for WP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.2.1
Recommended Action: Update the WordPress Best Payments Plugin for WP plugin to the latest available version (at least 4.2.1).
Plugin: Best Payments Plugin for WP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.2.1
Recommended Action: Update the WordPress Best Payments Plugin for WP plugin to the latest available version (at least 4.2.1).
Plugin: Directorist
Vulnerability: Other Vulnerability Type
Patched Version: 7.3.1
Recommended Action: Update the WordPress Directorist plugin to the latest available version (at least 7.3.1).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments