This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Social, ProfilePress, and more!
Plugin: WP CSV to Database
Vulnerability: CrossSite Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of December 15, 2022 and is not available for download. This closure is permanent.
Plugin: GS Insever Portfolio
Vulnerability: Auth. Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: WP Social
Vulnerability: Auth. Sensitive Information Disclosure vulnerability
Patched Version: least 2.0
Recommended Action: Update the WordPress Wp Social plugin to the latest available version (at least 2.0).
Plugin: Robo Gallery
Vulnerability: Auth. Broken Access Control vulnerability
Patched Version: 3.2.11
Recommended Action: Update the WordPress Robo Gallery plugin to the latest available version (at least 3.2.11).
Plugin: ProfilePress
Vulnerability: Auth. PHP Object Injection vulnerability
Patched Version: 4.4.0
Recommended Action: Update the WordPress ProfilePress plugin to the latest available version (at least 4.4.0).
Plugin: Sunshine Photo Cart
Vulnerability: Reflected CrossSite Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Table Reloaded
Vulnerability: Auth. Stored CrossSite Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: WP Custom Admin Interface
Vulnerability: Auth. PHP Object Injection vulnerability
Patched Version: 7.29
Recommended Action: Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.29).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments