Watch Out Wednesday – July 20, 2022

This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jul 20, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – July 20, 2022
This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jul 20, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

 

Plugin: E Unlocked – Student Result

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Easy Student Results

Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Easy Student Results

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Elementor Contact Form DB

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 18, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: User Online

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.88.0
Recommended Action: Update the WordPress User Online plugin to the latest available version (at least 2.88.0).

Plugin: Homepage Product Organizer for WooCommerce

Vulnerability: SQL Injection
Patched Version: N/A
Recommended Action: No patched version is available. We were unable to contact the vendor.

Plugin: Testimonials

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No way to contact the vendor.

Plugin: Feed Them Social

Vulnerability: Other Vulnerability Type
Patched Version: 2.9.8.6
Recommended Action: Update the WordPress Feed Them Social plugin to the latest available version (at least 2.9.8.6).

Plugin: mTouch Quiz

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: YaySMTP

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.1
Recommended Action: Update the WordPress YaySMTP plugin to the latest available version (at least 2.2.1).

Plugin: Thinkific Uploader

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Website File Changes Monitor

Vulnerability: SQL Injection
Patched Version: 1.8.3
Recommended Action: Update the WordPress Website File Changes Monitor plugin to the latest available version (at least 1.8.3).

Plugin: WP OAuth2 Server

Vulnerability: Bypass Vulnerability
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 23, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Dating

Vulnerability: SQL Injection
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Inspiro

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.2.3
Recommended Action: Update the WordPress Inspiro premium theme to the latest available version (at least 7.2.3).

Plugin: Easy Username Updater

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.0.5
Recommended Action: Update the WordPress Easy Username Updater plugin to the latest available version (at least 1.0.5).

Plugin: WP DS Blog Map

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Google Maps Anywhere

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: DW Promobar

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Better Tag Cloud

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Name Directory

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.25.5
Recommended Action: Update the WordPress Name Directory plugin to the latest available version (at least 1.25.5).

Plugin: Polldaddy Polls & Ratings

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.8
Recommended Action: Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version (at least 3.0.8).

Plugin: Directorist

Vulnerability: Arbitrary File Upload
Patched Version: 7.2.3
Recommended Action: Update the WordPress Directorist plugin to the latest available version (at least 7.2.3).

Plugin: Rough Chart

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Auto More Tag

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: YaySMTP

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.2
Recommended Action: Update the WordPress YaySMTP plugin to the latest available version (at least 2.2.2).

Plugin: WordPress Comments Fields

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1
Recommended Action: Update the WordPress WordPress Comments Fields plugin to the latest available version (at least 4.1).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *