Watch Out Wednesday – August 24, 2022

by | Aug 23, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – August 24, 2022

by | Aug 23, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

Plugin: BadgeOS

Vulnerability: SQL Injection
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Scroll To Top

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress Scroll To Top plugin to the latest available version (at least 1.4.1).

Plugin: WP Hotel Booking

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of 22. august, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Float to Top Button

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: All-in-One WP Migration

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.63
Recommended Action: Update the WordPress All-in-One WP Migration plugin to the latest available version (at least 7.63).

Plugin: WordPress Ping Optimizer

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.35.1.3.0
Recommended Action: Update the WordPress WordPress Ping Optimizer plugin to the latest available version (at least 2.35.1.3.0).

Plugin: User Online

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.88.1
Recommended Action: Update the WordPress User Online plugin to the latest available version (at least 2.88.1).

Plugin: Ajax Load More

Vulnerability: Directory Traversal
Patched Version: 5.5.4
Recommended Action: Update the WordPress Ajax Load More plugin to the latest available version (at least 5.5.4).

Plugin: WP Taxonomy Import

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 5, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Video Gallery

Vulnerability: Broken Authentication
Patched Version: 1.3.5
Recommended Action: Update the WordPress Video Gallery plugin to the latest available version (at least 1.3.5).

Plugin: WP Server Health Stats

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.0
Recommended Action: Update the WordPress WP Server Health Stats plugin to the latest available version (at least 1.7.0).

Plugin: Search Exclude

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.7
Recommended Action: Update the WordPress Search Exclude plugin to the latest available version (at least 1.2.7).

Plugin: BP Better Messages

Vulnerability: Denial of Service Attack
Patched Version: 1.9.10.58
Recommended Action: Update the WordPress BP Better Messages plugin to the latest available version (at least 1.9.10.58).

Plugin: All-in-One Video Gallery

Vulnerability: Arbitrary File Download
Patched Version: 2.6.1
Recommended Action: Update the WordPress All-in-One Video Gallery plugin to the latest available version (at least 2.6.1).

Plugin: Download Manager

Vulnerability: Deserialization of untrusted data
Patched Version: 3.2.50
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.50).

Plugin: WPvivid Backup and Migration

Vulnerability: Deserialization of untrusted data
Patched Version: 0.9.75
Recommended Action: Update the WordPress WPvivid Backup and Migration plugin to the latest available version (at least 0.9.75).

Plugin: Titan Anti-spam & Security

Vulnerability: Bypass Vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress Titan Anti-spam & Security plugin to the latest available version (at least 7.3.1).

Plugin: Mobile Events Manager

Vulnerability: CSV Injection
Patched Version: 1.4.8
Recommended Action: Update the WordPress Mobile Events Manager plugin to the latest available version (at least 1.4.8).

Plugin: WP STAGING – Backup Duplicator & Migration

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.18
Recommended Action: Update the WordPress WP STAGING – Backup Duplicator & Migration plugin to the latest available version (at least 2.9.18).

Plugin: Autoptimize

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.1
Recommended Action: Update the WordPress Autoptimize plugin to the latest available version (at least 3.1.1).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *