This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Store Locator, GeoDirectory, User Verification, and more!
Plugin: Store Locator WordPress
Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress Store Locator WordPress plugin to the latest available version (at least 1.4.9).
Recommended Action: Update the WordPress Store Locator WordPress plugin to the latest available version (at least 1.4.9).
Plugin: GS Logo Slider – Ticker, Grid, List, Table & Filter Views
Vulnerability: Contributor+ Stored XSS in Shortcode vulnerability
Patched Version: Update the WordPress GS Logo Slider – Ticker, Grid, List, Table & Filter Views plugin to the latest available version (at least 3.3.8).
Recommended Action: Update the WordPress GS Logo Slider – Ticker, Grid, List, Table & Filter Views plugin to the latest available version (at least 3.3.8).
Plugin: GeoDirectory
Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress GeoDirectory plugin to the latest available version (at least 2.2.22).
Recommended Action: Update the WordPress GeoDirectory plugin to the latest available version (at least 2.2.22).
Plugin: Passster – Password Protection
Vulnerability: Password Protection plugin < 3.5.5.9 Protection Bypass & Arbitrary Post Access vulnerability
Vulnerability: Password Protection plugin < 3.5.5.8 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Passster – Password Protection plugin to the latest available version (at least 3.5.5.8).
Recommended Action: Update the WordPress Passster – Password Protection plugin to the latest available version (at least 3.5.5.8).
Plugin: WP Google My Business Auto Publish
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WP Google My Business Auto Publish plugin to the latest available version (at least 3.4).
Recommended Action: Update the WordPress WP Google My Business Auto Publish plugin to the latest available version (at least 3.4).
Plugin: Content Control
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Content Control plugin to the latest available version (at least 1.1.10).
Recommended Action: Update the WordPress Content Control plugin to the latest available version (at least 1.1.10).
Plugin: 10Web Map Builder for Google Maps
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress 10Web Map Builder for Google Maps plugin to the latest available version (at least 1.0.72).
Recommended Action: Update the WordPress 10Web Map Builder for Google Maps plugin to the latest available version (at least 1.0.72).
Plugin: Genesis Columns Advanced
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Genesis Columns Advanced plugin to the latest available version (at least 2.0.4).
Recommended Action: Update the WordPress Genesis Columns Advanced plugin to the latest available version (at least 2.0.4).
Plugin: Top 10
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Top 10 plugin to the latest available version (at least 3.2.3).
Recommended Action: Update the WordPress Top 10 plugin to the latest available version (at least 3.2.3).
Plugin: WPZOOM Portfolio
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WPZOOM Portfolio plugin to the latest available version (at least 1.2.2).
Recommended Action: Update the WordPress WPZOOM Portfolio plugin to the latest available version (at least 1.2.2).
Plugin: Word Balloon
Vulnerability: Contributor+ Stored XSS via Shortcode vulnerability
Patched Version: Update the WordPress Word Balloon plugin to the latest available version (at least 4.19.3).
Recommended Action: Update the WordPress Word Balloon plugin to the latest available version (at least 4.19.3).
Plugin: Product Slider for WooCommerce
Vulnerability: Contributor+ Stored XSS in Shortcode vulnerability
Patched Version: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.6.4).
Recommended Action: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.6.4).
Plugin: Optimize images ALT Text (alt tag) & names for SEO using AI
Vulnerability: Settings Update via CSRF vulnerability
Patched Version: Update the WordPress Optimize images ALT Text (alt tag) & names for SEO using AI plugin to the latest available version (at least 2.0.8).
Recommended Action: Update the WordPress Optimize images ALT Text (alt tag) & names for SEO using AI plugin to the latest available version (at least 2.0.8).
Plugin: User Verification
Vulnerability: Authentication Bypass vulnerability
Patched Version: Update the WordPress User Verification plugin to the latest available version (at least 1.0.94).
Recommended Action: Update the WordPress User Verification plugin to the latest available version (at least 1.0.94).
Plugin: WP Popups
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress WP Popups plugin to the latest available version (at least 2.1.4.8).
Recommended Action: Update the WordPress WP Popups plugin to the latest available version (at least 2.1.4.8).
Plugin: Structured Content
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Structured Content plugin to the latest available version (at least 1.5.1).
Recommended Action: Update the WordPress Structured Content plugin to the latest available version (at least 1.5.1).
Plugin: Print-O-Matic
Vulnerability: OMatic plugin < 2.1.8 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Print-O-Matic plugin to the latest available version (at least 2.1.8).
Recommended Action: Update the WordPress Print-O-Matic plugin to the latest available version (at least 2.1.8).
Plugin: OneClick Chat to Order
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress OneClick Chat to Order plugin to the latest available version (at least 1.0.4.2).
Recommended Action: Update the WordPress OneClick Chat to Order plugin to the latest available version (at least 1.0.4.2).
Plugin: ShiftNav – Responsive Mobile Menu
Vulnerability: Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress ShiftNav – Responsive Mobile Menu plugin to the latest available version (at least 1.7.2).
Recommended Action: Update the WordPress ShiftNav – Responsive Mobile Menu plugin to the latest available version (at least 1.7.2).
Plugin: Collapse-O-Matic
Vulnerability: OMatic plugin < 1.8.3 Contributor+ Stored XSS vulnerability
Patched Version: Update the WordPress Collapse-O-Matic plugin to the latest available version (at least 1.8.3).
Recommended Action: Update the WordPress Collapse-O-Matic plugin to the latest available version (at least 1.8.3).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments