Watch Out Wednesday – July 26, 2023

by | Jul 25, 2023 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – July 26, 2023

by | Jul 25, 2023 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Mail Log, JupiterX Core, Oxygen Builderand more!

Plugin: what3words Address Field

Vulnerability: Authenticated (Administrator+) Sensitive Information Exposure vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress what3words Address Field plugin to the latest available version (at least 4.0.1).

Plugin: Convert Pro

Vulnerability: Broken Access Control vulnerability
Patched Version: 1.7.6
Recommended Action: Update the WordPress Convert Pro plugin to the latest available version (at least 1.7.6).

Plugin: Schema Pro

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.7.8
Recommended Action: Update the WordPress Schema Pro plugin to the latest available version (at least 2.7.8).

Plugin: JupiterX Core

Vulnerability: Unauth. Arbitrary File Download vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WpStream – Live Streaming, Video on Demand, Pay Per View

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 4.5.5
Recommended Action: Update the WordPress WpStream – Live Streaming, Video on Demand, Pay Per View plugin to the latest available version (at least 4.5.5).

Plugin: Integration for WooCommerce and Zoho CRM

Vulnerability: Open Redirection vulnerability
Patched Version: 1.3.7
Recommended Action: Update the WordPress Integration for WooCommerce and Zoho CRM plugin to the latest available version (at least 1.3.7).

Plugin: Integration for WooCommerce and QuickBooks

Vulnerability: Open Redirection vulnerability
Patched Version: 1.2.4
Recommended Action: Update the WordPress Integration for WooCommerce and QuickBooks plugin to the latest available version (at least 1.2.4).

Plugin: Post Connector

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Media Library Categories

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.0.1
Recommended Action: Update the WordPress Media Library Categories plugin to the latest available version (at least 2.0.1).

Plugin: Gestion-Pymes

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Oxygen Builder

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.6.2
Recommended Action: Update the WordPress Oxygen Builder plugin to the latest available version (at least 4.6.2).

Plugin: Client Portal : SuiteDash Direct Login

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Post Affiliate Pro

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.

Plugin: Audio Player with Playlist Ultimate

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Photo Engine

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 6.2.6
Recommended Action: Update the WordPress Photo Engine plugin to the latest available version (at least 6.2.6).

Plugin: Social Share Icons & Social Share Buttons

Vulnerability: Broken Access Control
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WRC Pricing Tables

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Pinpoint Booking System

Vulnerability: Parameter Tampering
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Onepage Builder – Easiest Landing Page Builder For WordPress

Vulnerability: SQL Injection
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Elastic Email Sender

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Exifography

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.

Plugin: Language

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: eaSYNC

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Subscribe to Category

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP-FlyBox

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Disabler

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Essential Addons for Elementor

Vulnerability: Unauthenticated MailChimp API Key Disclosure vulnerability
Patched Version: 5.8.2
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.8.2).

Plugin: Post List With Featured Image

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: GTmetrix for WordPress

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP-CopyProtect [Protect your blog posts]

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Art Decoration Shortcode

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: wpShopGermany IT-RECHT KANZLEI

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress wpShopGermany IT-RECHT KANZLEI plugin to the latest available version (at least 1.8).

Plugin: Smarty for WordPress

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP Emoji One

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Gallery Bank

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Bank plugin to the latest available version.

Plugin: 404 to 301

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 404 to 301 plugin to the latest available version.

Plugin: Caldera Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Caldera Forms plugin to the latest available version.

Plugin: Image Photo Gallery Final Tiles Grid

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version.

Plugin: Easy Watermark

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Watermark plugin to the latest available version.

Plugin: Event Tickets

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Event Tickets plugin to the latest available version.

Plugin: Elementor Addon Elements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Elementor Addon Elements plugin to the latest available version.

Plugin: Chamber Dashboard Business Directory

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Chamber Dashboard Business Directory plugin to the latest available version.

Plugin: Gutenberg Block Editor Toolkit

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.17
Recommended Action: Update the WordPress Gutenberg Block Editor Toolkit plugin to the latest available version (at least 1.17).

Plugin: AnyComment

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress AnyComment plugin to the latest available version.

Plugin: Contact Form 7 Skins

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form 7 Skins plugin to the latest available version.

Plugin: Better Notifications for WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Better Notifications for WP plugin to the latest available version.

Plugin: MasterStudy LMS

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress MasterStudy LMS plugin to the latest available version.

Plugin: Hide Admin Bar Based on User Roles

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Hide Admin Bar Based on User Roles plugin to the latest available version.

Plugin: Easy Responsive Pricing Tables

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: CO2ok: carbon offsetting for e-commerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CO2ok: carbon offsetting for e-commerce plugin to the latest available version.

Plugin: Convoworks WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Convoworks WP plugin to the latest available version.

Plugin: CF7 Constant Contact Fields Mapping

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Multicollab – Google Doc-Style Editorial Commenting for WordPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress plugin to the latest available version.

Plugin: Divi Contact Form 7

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Contact Form 7 plugin to the latest available version.

Plugin: WordPress Easy Call Now Button by elixirs.io

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Blocksy Companion

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocksy Companion plugin to the latest available version.

Plugin: DiviTorque – Divi Theme, Divi Builder and Extra Theme

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version.

Plugin: AnyWhere Elementor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.8
Recommended Action: Update the WordPress AnyWhere Elementor plugin to the latest available version (at least 1.2.8).

Plugin: Advanced WC Analytics – Google Analytics Dashboard for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin to the latest available version.

Plugin: bbResolutions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Activity Log For MainWP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Activity Log For MainWP plugin to the latest available version.

Plugin: Display WP Admin Pages in the Frontend – WP Frontend Admin

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest available version.

Plugin: EthereumICO

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EthereumICO plugin to the latest available version.

Plugin: Extend Filter Products By Price Widget

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Expandable Paywall

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Expandable Paywall plugin to the latest available version.

Plugin: Joli FAQ SEO – WordPress FAQ Plugin

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Joli FAQ SEO – WordPress FAQ Plugin plugin to the latest available version.

Plugin: Map Plugin alternative to Google Maps using MapQuest, with directions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugin to the latest available version.

Plugin: FormsCRM

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress FormsCRM plugin to the latest available version.

Plugin: Go Fetch Jobs (for WP Job Manager)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WordPress Team Members – GS Plugins

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version.

Plugin: Image Carousel For Divi

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Carousel For Divi plugin to the latest available version.

Plugin: Import Holded for WooCommerce or Easy Digital Downloads

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available version.

Plugin: Market Exporter

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Market Exporter plugin to the latest available version.

Plugin: WordPress Gallery Plugin – Limb Image Gallery

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Gallery Plugin – Limb Image Gallery plugin to the latest available version.

Plugin: Menu Item Scheduler

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Mobile App Editor – WordPress to Android App Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mobile App Editor – WordPress to Android App Builder plugin to the latest available version.

Plugin: Gift Message for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gift Message for WooCommerce plugin to the latest available version.

Plugin: Checkbox

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Checkbox plugin to the latest available version.

Plugin: DancePress (TRWA)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Greenshift – animation and page builder blocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version.

Plugin: eRoom – Zoom Meetings & Webinar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress eRoom – Zoom Meetings & Webinar plugin to the latest available version.

Plugin: Cost Calculator Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Cost Calculator Builder plugin to the latest available version.

Plugin: Frontend Admin – Add and edit posts, pages, users and more all from the frontend

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Frontend Admin – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.

Plugin: ACF Frontend – Add and edit posts, pages, users and more all from the frontend

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF Frontend – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.

Plugin: Custom Welcome Guide

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Custom Welcome Guide plugin to the latest available version.

Plugin: Files Download Delay

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Files Download Delay plugin to the latest available version.

Plugin: CAPTCHA 4WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CAPTCHA 4WP plugin to the latest available version.

Plugin: Contact Form By Mega Forms – Drag and Drop Form Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version.

Plugin: WordPress Form Builder Plugin – Gutenberg Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Form Builder Plugin – Gutenberg Forms plugin to the latest available version.

Plugin: Multiple Page Generator Plugin – MPG

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.0.0
Recommended Action: Update the WordPress Multiple Page Generator Plugin – MPG plugin to the latest available version (at least 3.0.0).

Plugin: 360 Javascript Viewer

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 360 Javascript Viewer plugin to the latest available version.

Plugin: EmbedPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EmbedPress plugin to the latest available version.

Plugin: Product Feed Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Feed Manager plugin to the latest available version.

Plugin: 2MB Autocode

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 2MB Autocode plugin to the latest available version.

Plugin: ACF-VC Integrator

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF-VC Integrator plugin to the latest available version.

Plugin:  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT

Vulnerability: WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin <= 2.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin to the latest available version.

Plugin: WooCommerce Attribute Stock – Share Stock Between Products (Lite Version)

Vulnerability: WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin <= 1.2.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin to the latest available version.

Plugin: WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner plugin to the latest available version.

Plugin: Blocks Product Editor for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocks Product Editor for WooCommerce plugin to the latest available version.

Plugin: BlogPost – BlogPost Widgets – Amazing Blog Layouts

Vulnerability: WordPress BlogPost – BlogPost Widgets – Amazing Blog Layouts plugin <= 1.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form

Vulnerability: WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin <= 1.3.4 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin to the latest available version.

Plugin: BuddyForms Anonymous Author

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Anonymous Author plugin to the latest available version.

Plugin: BuddyForms Attach Post with Group

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Attach Post with Group plugin to the latest available version.

Plugin: BuddyForms Hierarchical Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Hierarchical Posts plugin to the latest available version.

Plugin: Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss plugin to the latest available version.

Plugin: Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss plugin to the latest available version.

Plugin: BuddyForms Posts 2 Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Posts 2 Posts plugin to the latest available version.

Plugin: BuddyForms Remote

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Remote plugin to the latest available version.

Plugin: BuddyForms Moderation ( Former: Review Logic )

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Moderation ( Former: Review Logic ) plugin to the latest available version.

Plugin: BuddyForms Ultimate Member

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Ultimate Member plugin to the latest available version.

Plugin: BuddyForms Form Elements for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Form Elements for WooCommerce plugin to the latest available version.

Plugin: Message Filter for Contact Form 7

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Message Filter for Contact Form 7 plugin to the latest available version.

Plugin: CF7 ReCaptcha Mine

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CF7 ReCaptcha Mine plugin to the latest available version.

Plugin: Simple Freemius Shop

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Freemius Shop plugin to the latest available version.

Plugin: WordPress Image Compression and Optimizer Plugin – CheetahO

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Image Compression and Optimizer Plugin – CheetahO plugin to the latest available version.

Plugin: Coming Soon Master

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Master plugin to the latest available version.

Plugin: Content Blocks Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Content Blocks Builder plugin to the latest available version.

Plugin: TempTool [Show Current Template Info]

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.1.10
Recommended Action: Update the WordPress TempTool [Show Current Template Info] plugin to the latest available version (at least 1.1.10).

Plugin: DeMomentSomTres Gravity Forms Improvements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).

Plugin: DeMomentSomTres Gravity Forms Improvements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).

Plugin: DeMomentSomTres Immediate Send

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: DeMomentSomTres Subscribe

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres Subscribe plugin to the latest available version.

Plugin: DeMomentSomTres WordPress Export Posts With Images

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres WordPress Export Posts With Images plugin to the latest available version.

Plugin: DEV.LAND

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DEV.LAND plugin to the latest available version.

Plugin: DokoBuilder : DIY Product Bundle for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DokoBuilder : DIY Product Bundle for WooCommerce plugin to the latest available version.

Plugin: Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor

Vulnerability: WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin <= 2.0.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin to the latest available version.

Plugin: Embed Video Thumbnail

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Video Thumbnail plugin to the latest available version.

Plugin: Enjoy Social Feed plugin for WordPress website

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Enjoy Social Feed plugin for WordPress website plugin to the latest available version.

Plugin: External Media Upload

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress External Media Upload plugin to the latest available version.

Plugin:  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Vulnerability: WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.3.35 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version.

Plugin: Fast Custom Social Share by CodeBard

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Fast Custom Social Share by CodeBard plugin to the latest available version.

Plugin: Contact form builder for Gutenberg – Formello

Vulnerability: WordPress Contact form builder for Gutenberg – Formello plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact form builder for Gutenberg – Formello plugin to the latest available version.

Plugin: GraphComment Comment system

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress GraphComment Comment system plugin to the latest available version.

Plugin: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Vulnerability: WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 1.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin to the latest available version.

Plugin: Information for help

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Information for help plugin to the latest available version.

Plugin: Google Maps Plugin by Intergeo

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Google Maps Plugin by Intergeo plugin to the latest available version.

Plugin: WPGutenBlog Demo Import

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPGutenBlog Demo Import plugin to the latest available version.

Plugin: Ultimate LinkedIn Integration

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Ultimate LinkedIn Integration plugin to the latest available version.

Plugin: WP Logger

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin:  Bulk Landing Page Creator for WordPress – LPagery

Vulnerability: WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin <= 1.2.5 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin to the latest available version.

Plugin: Menukaart – Restaurant Menu & Online Ordering with WooCommerce

Vulnerability: WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin <= 1.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin to the latest available version.

Plugin: Meta Tag Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Meta Tag Manager plugin to the latest available version.

Plugin: NextGEN Gallery

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress NextGEN Gallery plugin to the latest available version.

Plugin: WP to Twitter

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP to Twitter plugin to the latest available version.

Plugin: Pods

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pods plugin to the latest available version.

Plugin: The Events Calendar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress The Events Calendar plugin to the latest available version.

Plugin: Stop User Enumeration

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop User Enumeration plugin to the latest available version.

Plugin: Popup Maker

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.10.0
Recommended Action: Update the WordPress Popup Maker plugin to the latest available version (at least 1.10.0).

Plugin: Salon booking system

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 8.4.9
Recommended Action: Update the WordPress Salon booking system plugin to the latest available version (at least 8.4.9).

Plugin: Share This Image

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Share This Image plugin to the latest available version.

Plugin: WP Google Review Slider

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Google Review Slider plugin to the latest available version.

Plugin: WP Activity Log

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Activity Log plugin to the latest available version.

Plugin: TI WooCommerce Wishlist

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version.

Plugin: Asset CleanUp: Page Speed Booster

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version.

Plugin: WP Travel

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Travel plugin to the latest available version.

Plugin: Notification

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Notification plugin to the latest available version.

Plugin: Redirect 404 Error Page to Homepage or Custom Page with Logs

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs plugin to the latest available version.

Plugin: Client Invoicing by Sprout Invoices

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Client Invoicing by Sprout Invoices plugin to the latest available version.

Plugin: PowerPack Lite for Beaver Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).

Plugin: WP Review Slider

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Review Slider plugin to the latest available version.

Plugin: Server Info

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: New User Approve

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress New User Approve plugin to the latest available version.

Plugin: Order Redirects for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Order Redirects for WooCommerce plugin to the latest available version.

Plugin: Post to Google My Business (Google Business Profile)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Post to Google My Business (Google Business Profile) plugin to the latest available version.

Plugin: SV Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Forms plugin to the latest available version.

Plugin: SV Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Posts plugin to the latest available version.

Plugin: SV Media Library

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Media Library plugin to the latest available version.

Plugin: SV Proven Expert

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Proven Expert plugin to the latest available version.

Plugin: SV Tracking Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Tracking Manager plugin to the latest available version.

Plugin: HuCommerce | Magyar WooCommerce kieg鳺?ek

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin to the latest available version.

Plugin: WordPress Tag Cloud Plugin – Tag Groups

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version.

Plugin: Ultra Elementor Addons

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode) plugin to the latest available version.

Plugin: Gallery Blocks with Lightbox

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Blocks with Lightbox plugin to the latest available version.

Plugin: Page Builder for Gutenberg – StarterBlocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Spotlight Social Media Feeds

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spotlight Social Media Feeds plugin to the latest available version.

Plugin: WordPress Auto SEO Plugin – Upfiv SEO Wizard

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WooCommerce Tiered Price Table

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Tiered Price Table plugin to the latest available version.

Plugin: RSS Control

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress RSS Control plugin to the latest available version.

Plugin: Protect Uploads with Login – Protect Your Uploads

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Required Taxonomies – Categories and Tags Mandatory

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Required Taxonomies – Categories and Tags Mandatory plugin to the latest available version.

Plugin: Search Field for Gravity Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Field for Gravity Forms plugin to the latest available version.

Plugin: WooCommerce Country Catalogs – Product Country Restrictions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Country Catalogs – Product Country Restrictions plugin to the latest available version.

Plugin: SV Columns Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Columns Manager plugin to the latest available version.

Plugin: Bing Custom Search for WordPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Bing Custom Search for WordPress plugin to the latest available version.

Plugin: WooBuddy

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooBuddy plugin to the latest available version.

Plugin: WP SPID Italia

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP SPID Italia plugin to the latest available version.

Plugin: WP Tools Divi Blog Carousel

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version.

Plugin: WordPress WooCommerce Sync for Google Sheet

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms plugin to the latest available version.

Plugin: SV100 Companion

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV100 Companion plugin to the latest available version.

Plugin: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin to the latest available version.

Plugin: Stripe Express

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stripe Express plugin to the latest available version.

Plugin: WP Scrive by Webbstart

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Scrive by Webbstart plugin to the latest available version.

Plugin: Spanish Market Enhancements for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spanish Market Enhancements for WooCommerce plugin to the latest available version.

Plugin: Pay For Post with WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pay For Post with WooCommerce plugin to the latest available version.

Plugin: Popups

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Popups plugin to the latest available version.

Plugin: WP Mail Log

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Mail Log plugin to the latest available version.

Plugin: WP VR

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP VR plugin to the latest available version.

Plugin: Simple Author Box

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Author Box plugin to the latest available version.

Plugin: Remove Duplicate Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove Duplicate Posts plugin to the latest available version.

Plugin: Quiz Cat

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Quiz Cat plugin to the latest available version.

Plugin: Shipping for Nova Poshta

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Shipping for Nova Poshta plugin to the latest available version.

Plugin: Order Picking For WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress Order Picking For WooCommerce plugin to the latest available version (at least 1.0.2).

Plugin: Easy Photography Portfolio

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Photography Portfolio plugin to the latest available version.

Plugin: Preloader Plus – WordPress Loading Screen Plugin

Vulnerability: WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Preloader Plus – WordPress Loading Screen Plugin plugin to the latest available version.

Plugin: Product Filter Widget for Elementor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Filter Widget for Elementor plugin to the latest available version.

Plugin: PublishPress Planner: Organize and Schedule Your WordPress Content

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress PublishPress Planner: Organize and Schedule Your WordPress Content plugin to the latest available version.

Plugin: Remove WP Update Nags

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove WP Update Nags plugin to the latest available version.

Plugin: Role Based Bulk Quantity Pricing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Search Console

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Console plugin to the latest available version.

Plugin: Seo Optimized Images

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Seo Optimized Images plugin to the latest available version.

Plugin: ShortcodeHub – MultiPurpose Shortcode Builder

Vulnerability: WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin to the latest available version.

Plugin:  Simple blueprint installer

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Simple blueprint installer plugin to the latest available version.

Plugin: Simple Tour Guide

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Tour Guide plugin to the latest available version.

Plugin: WP News and Scrolling Widgets

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP News and Scrolling Widgets plugin to the latest available version.

Plugin: Spice Blocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spice Blocks plugin to the latest available version.

Plugin: Stellar Places

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stellar Places plugin to the latest available version.

Plugin: Stop WP Emails Going to Spam

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop WP Emails Going to Spam plugin to the latest available version.

Plugin: Subaccounts for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Subaccounts for WooCommerce plugin to the latest available version.

Plugin: Terms & Conditions Per Product

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Terms & Conditions Per Product plugin to the latest available version.

Plugin: Ultimate Custom ScrollBar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Ultimate Custom ScrollBar plugin to the latest available version (at least 1.2).

Plugin: Variable Inspector

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Variable Inspector plugin to the latest available version.

Plugin: Video Analytics for Cloudflare Stream

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Video Analytics for Cloudflare Stream plugin to the latest available version.

Plugin: BuddyPress Groups Integration for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyPress Groups Integration for WooCommerce plugin to the latest available version.

Plugin: Divi Testimonial Plus

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Testimonial Plus plugin to the latest available version.

Plugin: Weglot Translate – Translate your WordPress website and go multilingual

Vulnerability: WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin <= 1.9 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin to the latest available version.

Plugin: WPEventPartners Demo Import

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEventPartners Demo Import plugin to the latest available version.

Plugin: WZ Followed Posts – Display what visitors are reading

Vulnerability: WordPress WZ Followed Posts – Display what visitors are reading plugin <= 2.0.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WZ Followed Posts – Display what visitors are reading plugin to the latest available version.

Plugin: WN Flipbox Pro

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 2.1
Recommended Action: Update the WordPress WN Flipbox Pro plugin to the latest available version (at least 2.1).

Plugin: Woocommerce Delivery Date Premium

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WooCommerce Google Ads Dynamic Remarketing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Google Ads Dynamic Remarketing plugin to the latest available version.

Plugin: Live Sales Notification for Woocommerce – Woomotiv

Vulnerability: WordPress Live Sales Notification for Woocommerce – Woomotiv plugin <= 3.3.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Live Sales Notification for Woocommerce – Woomotiv plugin to the latest available version.

Plugin: Divi Carousel Lite

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Carousel Lite plugin to the latest available version.

Plugin: WP Cloud Server

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Cloud Server plugin to the latest available version.

Plugin: Coming Soon Pages for WordPress – Coming Soon Booster

Vulnerability: WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin <= 1.0.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin to the latest available version.

Plugin: Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp plugin to the latest available version.

Plugin: Mail Bank – #1 Mail SMTP Plugin for WordPress

Vulnerability: WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 3.0.12 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin to the latest available version.

Plugin: WP Native Articles – Instant Articles Plugin for WordPress

Vulnerability: WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin <= 1.1.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin to the latest available version.

Plugin: WP Signals

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Signals plugin to the latest available version.

Plugin: WP Table Pixie

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Table Pixie plugin to the latest available version.

Plugin: WPCasa Mail Alert

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPCasa Mail Alert plugin to the latest available version.

Plugin: Brand

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Cuisine Palace

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Elasta

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.9 of the theme.

Plugin: Amela

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.14 of the theme.

Plugin: Speculor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Moose

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Meridia

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 2.2.8 of the theme.

Plugin: Purosa

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.3 of the theme.

Plugin: Villar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Bani

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: NicheBase

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.3 of the theme.

Plugin: Arendelle

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.13 of the theme.

Plugin: Hasium

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Nokke

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.4 of the theme.

Plugin: Elation

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Unakit

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *