This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: WP OAuth Server
Vulnerability: Bypass Vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress WP OAuth Server plugin to the latest available version (at least 4.0.1).
Plugin: OAuth 2.0 client for SSO
Vulnerability: Bypass Vulnerability
Patched Version: 1.11.4
Recommended Action: Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version (at least 1.11.4).
Plugin: Banner Cycler
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Link Optimizer Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: uContext for Amazon
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: uContext for Clickbank
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Rich Reviews
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: ActiveDEMAND
Vulnerability: Broken Authentication
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: WP Hotel Booking
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available.
Plugin: MaxButtons
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 9.3
Recommended Action: Update the WordPress MaxButtons plugin to the latest available version (at least 9.3).
Plugin: Download Manager
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.2.49
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).
Plugin: Download Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.49
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).
Plugin: My Calendar
Vulnerability: Open Redirection
Patched Version: 3.3.17
Recommended Action: Update the WordPress My Calendar plugin to the latest available version (at least 3.3.17).
Plugin: Affiliate For WooCommerce
Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 4.8.0
Recommended Action: Update the WordPress Affiliate For WooCommerce plugin to the latest available version (at least 4.8.0).
Plugin: Affiliate For WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 4.8.0
Recommended Action: Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version (at least 4.8.0).
Plugin: Enable SVG, WebP & ICO Upload
Vulnerability: Arbitrary File Upload
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Enable SVG, WebP & ICO Upload
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: LinkWorth Plugin
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.3.4
Recommended Action: Update the WordPress LinkWorth plugin plugin to the latest available version (at least 3.3.4).
Plugin: WP Sticky Button – Click to Chat
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.1
Recommended Action: Update the WordPress WP Sticky Button – Click to Chat plugin to the latest available version (at least 1.4.1).
Plugin: Social Slider Feed
Vulnerability: Other Vulnerability Type
Patched Version: 2.0.5
Recommended Action: Update the WordPress Social Slider Feed plugin to the latest available version (at least 2.0.5).
Plugin: Social Slider Feed
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.5
Recommended Action: Update the WordPress Social Slider Feed plugin to the latest available version (at least 2.0.5).
Plugin: MailerLite – Signup forms
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.5.8
Recommended Action: Update the WordPress MailerLite – Signup forms plugin to the latest available version (at least 1.5.8).
Plugin: Lana Downloads Manager
Vulnerability: Arbitrary File Download
Patched Version: 1.8.0
Recommended Action: Update the WordPress Lana Downloads Manager plugin to the latest available version (at least 1.8.0).
Plugin: Student Result or Employee Database
Vulnerability: Other Vulnerability Type
Patched Version: 1.8.0
Recommended Action: Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.8.0).
Plugin: Student Result or Employee Database
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.7.5
Recommended Action: Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.7.5).
Plugin: Simple SEO
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.92
Recommended Action: Update the WordPress Simple SEO plugin to the latest available version (at least 1.7.92).
Plugin: ЮKassa для WooCommerce
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.3.1
Recommended Action: Update the WordPress ЮKassa для WooCommerce plugin to the latest available version (at least 2.3.1).
Plugin: ЮKassa для WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 2.3.1
Recommended Action: Update the WordPress ЮKassa для WooCommerce plugin to the latest available version (at least 2.3.1).
Plugin: WordPress Team
Vulnerability: Other Vulnerability Type
Patched Version: 4.1.2
Recommended Action: Update the WordPress Team plugin to the latest available version (at least 4.1.2).
Plugin: Floating Div
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: GS Testimonial Slider
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.
Plugin: BxSlider WP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.
0 Comments