Watch Out Wednesday – August 3, 2022

by | Aug 2, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – August 3, 2022

by | Aug 2, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

Plugin: WP OAuth Server

Vulnerability: Bypass Vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress WP OAuth Server plugin to the latest available version (at least 4.0.1).

Plugin: OAuth 2.0 client for SSO

Vulnerability: Bypass Vulnerability
Patched Version: 1.11.4
Recommended Action: Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version (at least 1.11.4).

Plugin: Banner Cycler

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Link Optimizer Lite

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: uContext for Amazon

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: uContext for Clickbank

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Rich Reviews

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: ActiveDEMAND

Vulnerability: Broken Authentication
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP Hotel Booking

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: MaxButtons

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 9.3
Recommended Action: Update the WordPress MaxButtons plugin to the latest available version (at least 9.3).

Plugin: Download Manager

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.2.49
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).

Plugin: Download Manager

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.49
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).

Plugin: My Calendar

Vulnerability: Open Redirection
Patched Version: 3.3.17
Recommended Action: Update the WordPress My Calendar plugin to the latest available version (at least 3.3.17).

Plugin: Affiliate For WooCommerce

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 4.8.0
Recommended Action: Update the WordPress Affiliate For WooCommerce plugin to the latest available version (at least 4.8.0).

Plugin: Affiliate For WooCommerce

Vulnerability: Other Vulnerability Type
Patched Version: 4.8.0
Recommended Action: Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version (at least 4.8.0).

Plugin: Enable SVG, WebP & ICO Upload

Vulnerability: Arbitrary File Upload
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Enable SVG, WebP & ICO Upload

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: LinkWorth Plugin

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.3.4
Recommended Action: Update the WordPress LinkWorth plugin plugin to the latest available version (at least 3.3.4).

Plugin: WP Sticky Button – Click to Chat

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress WP Sticky Button – Click to Chat plugin to the latest available version (at least 1.4.1).

Plugin: Social Slider Feed

Vulnerability: Other Vulnerability Type
Patched Version: 2.0.5
Recommended Action: Update the WordPress Social Slider Feed plugin to the latest available version (at least 2.0.5).

Plugin: Social Slider Feed

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.5
Recommended Action: Update the WordPress Social Slider Feed plugin to the latest available version (at least 2.0.5).

Plugin: MailerLite – Signup forms

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.5.8
Recommended Action: Update the WordPress MailerLite – Signup forms plugin to the latest available version (at least 1.5.8).

Plugin: Lana Downloads Manager

Vulnerability: Arbitrary File Download
Patched Version: 1.8.0
Recommended Action: Update the WordPress Lana Downloads Manager plugin to the latest available version (at least 1.8.0).

Plugin: Student Result or Employee Database

Vulnerability: Other Vulnerability Type
Patched Version: 1.8.0
Recommended Action: Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.8.0).

Plugin: Student Result or Employee Database

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.7.5
Recommended Action: Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.7.5).

Plugin: Simple SEO

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.92
Recommended Action: Update the WordPress Simple SEO plugin to the latest available version (at least 1.7.92).

Plugin: ЮKassa для WooCommerce

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.3.1
Recommended Action: Update the WordPress ЮKassa для WooCommerce plugin to the latest available version (at least 2.3.1).

Plugin: ЮKassa для WooCommerce

Vulnerability: Other Vulnerability Type
Patched Version: 2.3.1
Recommended Action: Update the WordPress ЮKassa для WooCommerce plugin to the latest available version (at least 2.3.1).

Plugin: WordPress Team

Vulnerability: Other Vulnerability Type
Patched Version: 4.1.2
Recommended Action: Update the WordPress Team plugin to the latest available version (at least 4.1.2).

Plugin: Floating Div

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: GS Testimonial Slider

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: BxSlider WP

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *