This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: BadgeOS
Vulnerability: SQL Injection
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Scroll To Top
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress Scroll To Top plugin to the latest available version (at least 1.4.1).
Plugin: WP Hotel Booking
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of 22. august, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Float to Top Button
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: All-in-One WP Migration
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.63
Recommended Action: Update the WordPress All-in-One WP Migration plugin to the latest available version (at least 7.63).
Plugin: WordPress Ping Optimizer
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.35.1.3.0
Recommended Action: Update the WordPress WordPress Ping Optimizer plugin to the latest available version (at least 2.35.1.3.0).
Plugin: User Online
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.88.1
Recommended Action: Update the WordPress User Online plugin to the latest available version (at least 2.88.1).
Plugin: Ajax Load More
Vulnerability: Directory Traversal
Patched Version: 5.5.4
Recommended Action: Update the WordPress Ajax Load More plugin to the latest available version (at least 5.5.4).
Plugin: WP Taxonomy Import
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 5, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Video Gallery
Vulnerability: Broken Authentication
Patched Version: 1.3.5
Recommended Action: Update the WordPress Video Gallery plugin to the latest available version (at least 1.3.5).
Plugin: WP Server Health Stats
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.0
Recommended Action: Update the WordPress WP Server Health Stats plugin to the latest available version (at least 1.7.0).
Plugin: Search Exclude
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.7
Recommended Action: Update the WordPress Search Exclude plugin to the latest available version (at least 1.2.7).
Plugin: BP Better Messages
Vulnerability: Denial of Service Attack
Patched Version: 1.9.10.58
Recommended Action: Update the WordPress BP Better Messages plugin to the latest available version (at least 1.9.10.58).
Plugin: All-in-One Video Gallery
Vulnerability: Arbitrary File Download
Patched Version: 2.6.1
Recommended Action: Update the WordPress All-in-One Video Gallery plugin to the latest available version (at least 2.6.1).
Plugin: Download Manager
Vulnerability: Deserialization of untrusted data
Patched Version: 3.2.50
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.50).
Plugin: WPvivid Backup and Migration
Vulnerability: Deserialization of untrusted data
Patched Version: 0.9.75
Recommended Action: Update the WordPress WPvivid Backup and Migration plugin to the latest available version (at least 0.9.75).
Plugin: Titan Anti-spam & Security
Vulnerability: Bypass Vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress Titan Anti-spam & Security plugin to the latest available version (at least 7.3.1).
Plugin: Mobile Events Manager
Vulnerability: CSV Injection
Patched Version: 1.4.8
Recommended Action: Update the WordPress Mobile Events Manager plugin to the latest available version (at least 1.4.8).
Plugin: WP STAGING – Backup Duplicator & Migration
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.18
Recommended Action: Update the WordPress WP STAGING – Backup Duplicator & Migration plugin to the latest available version (at least 2.9.18).
Plugin: Autoptimize
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.1
Recommended Action: Update the WordPress Autoptimize plugin to the latest available version (at least 3.1.1).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments