This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Duplicate Post, JetElements For Elementor and more!
Plugin: Advanced Custom Fields
Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: 6.1.8
Recommended Action: Update the WordPress Advanced Custom Fields plugin to the latest available version (at least 6.1.8).
Plugin: Duplicate Post
Vulnerability: Cross-Site Request Forgery via AJAX action vulnerability
Patched Version: 1.4.2
Recommended Action: Update the WordPress Duplicate Post plugin to the latest available version (at least 1.4.2).
Plugin: Simple Blog Card
Vulnerability: Sensitive Information Exposure vulnerability
Patched Version: 1.32
Recommended Action: Update the WordPress Simple Blog Card plugin to the latest available version (at least 1.32).
Plugin: WP Ultimate CSV Importer
Vulnerability: Authenticated Arbitrary Usermeta Update to Privilege Escalation vulnerability
Vulnerability: Sensitive Information Exposure via Directory Listing vulnerability
Vulnerability: Authenticated PHP file upload to RCE vulnerability
Vulnerability: Authenticated Remote Code Execution vulnerability
Patched Version: 7.9.9
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 7.9.9).
Plugin: Simple Share Follow Button
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.04
Recommended Action: Update the WordPress Simple Share Follow Button plugin to the latest available version (at least 1.04).
Plugin: Simple Ticker
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.06
Recommended Action: Update the WordPress Simple Ticker plugin to the latest available version (at least 3.06).
Plugin: JetElements For Elementor
Vulnerability: Authenticated Remote Code Execution (RCE) vulnerability
Patched Version: 2.6.11
Recommended Action: Update the WordPress JetElements For Elementor plugin to the latest available version (at least 2.6.11).
Plugin: PostX – Gutenberg Blocks for Post Grid
Vulnerability: WordPress PostX – Gutenberg Post Grid Blocks plugin <= 3.0.5 - Reflected Cross-Site Scripting vulnerability Patched Version: 3.0.6 Recommended Action: Update the WordPress PostX – Gutenberg Blocks for Post Grid plugin to the latest available version (at least 3.0.6).
Plugin: WP Front User Submit / Front Editor
Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Upload Media By URL
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.0.8
Recommended Action: Update the WordPress Upload Media By URL plugin to the latest available version (at least 1.0.8).
Plugin: Bus Ticket Booking with Seat Reservation
Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 5.2.4
Recommended Action: Update the WordPress Bus Ticket Booking with Seat Reservation plugin to the latest available version (at least 5.2.4).
Plugin: Stripe Payment Gateway for WooCommerce
Vulnerability: Authentication Bypass vulnerability
Patched Version: 3.7.8
Recommended Action: Update the WordPress Stripe Payment Gateway for WooCommerce plugin to the latest available version (at least 3.7.8).
Plugin: WordPress Job Board and Recruitment Plugin – JobWP
Vulnerability: Arbitrary File Upload vulnerability
Patched Version: 2.1
Recommended Action: Update the WordPress WordPress Job Board and Recruitment Plugin – JobWP plugin to the latest available version (at least 2.1).
0 Comments