Watch Out Wednesday – July 26, 2023

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Mail Log, JupiterX Core, Oxygen Builderand more!

Plugin: what3words Address Field

Vulnerability: Authenticated (Administrator+) Sensitive Information Exposure vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress what3words Address Field plugin to the latest available version (at least 4.0.1).

Plugin: Convert Pro

Vulnerability: Broken Access Control vulnerability
Patched Version: 1.7.6
Recommended Action: Update the WordPress Convert Pro plugin to the latest available version (at least 1.7.6).

Plugin: Schema Pro

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.7.8
Recommended Action: Update the WordPress Schema Pro plugin to the latest available version (at least 2.7.8).

Plugin: JupiterX Core

Vulnerability: Unauth. Arbitrary File Download vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WpStream – Live Streaming, Video on Demand, Pay Per View

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 4.5.5
Recommended Action: Update the WordPress WpStream – Live Streaming, Video on Demand, Pay Per View plugin to the latest available version (at least 4.5.5).

Plugin: Integration for WooCommerce and Zoho CRM

Vulnerability: Open Redirection vulnerability
Patched Version: 1.3.7
Recommended Action: Update the WordPress Integration for WooCommerce and Zoho CRM plugin to the latest available version (at least 1.3.7).

Plugin: Integration for WooCommerce and QuickBooks

Vulnerability: Open Redirection vulnerability
Patched Version: 1.2.4
Recommended Action: Update the WordPress Integration for WooCommerce and QuickBooks plugin to the latest available version (at least 1.2.4).

Plugin: Post Connector

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Media Library Categories

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.0.1
Recommended Action: Update the WordPress Media Library Categories plugin to the latest available version (at least 2.0.1).

Plugin: Gestion-Pymes

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Oxygen Builder

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.6.2
Recommended Action: Update the WordPress Oxygen Builder plugin to the latest available version (at least 4.6.2).

Plugin: Client Portal : SuiteDash Direct Login

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Post Affiliate Pro

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.

Plugin: Audio Player with Playlist Ultimate

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Photo Engine

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 6.2.6
Recommended Action: Update the WordPress Photo Engine plugin to the latest available version (at least 6.2.6).

Plugin: Social Share Icons & Social Share Buttons

Vulnerability: Broken Access Control
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WRC Pricing Tables

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Pinpoint Booking System

Vulnerability: Parameter Tampering
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Onepage Builder – Easiest Landing Page Builder For WordPress

Vulnerability: SQL Injection
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Elastic Email Sender

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Exifography

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version available.

Plugin: Language

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: eaSYNC

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Subscribe to Category

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP-FlyBox

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Disabler

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of June 27, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Essential Addons for Elementor

Vulnerability: Unauthenticated MailChimp API Key Disclosure vulnerability
Patched Version: 5.8.2
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.8.2).

Plugin: Post List With Featured Image

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: GTmetrix for WordPress

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP-CopyProtect [Protect your blog posts]

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Art Decoration Shortcode

Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: wpShopGermany IT-RECHT KANZLEI

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress wpShopGermany IT-RECHT KANZLEI plugin to the latest available version (at least 1.8).

Plugin: Smarty for WordPress

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP Emoji One

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Gallery Bank

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Bank plugin to the latest available version.

Plugin: 404 to 301

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 404 to 301 plugin to the latest available version.

Plugin: Caldera Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Caldera Forms plugin to the latest available version.

Plugin: Image Photo Gallery Final Tiles Grid

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version.

Plugin: Easy Watermark

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Watermark plugin to the latest available version.

Plugin: Event Tickets

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Event Tickets plugin to the latest available version.

Plugin: Elementor Addon Elements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Elementor Addon Elements plugin to the latest available version.

Plugin: Chamber Dashboard Business Directory

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Chamber Dashboard Business Directory plugin to the latest available version.

Plugin: Gutenberg Block Editor Toolkit

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.17
Recommended Action: Update the WordPress Gutenberg Block Editor Toolkit plugin to the latest available version (at least 1.17).

Plugin: AnyComment

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress AnyComment plugin to the latest available version.

Plugin: Contact Form 7 Skins

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form 7 Skins plugin to the latest available version.

Plugin: Better Notifications for WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Better Notifications for WP plugin to the latest available version.

Plugin: MasterStudy LMS

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress MasterStudy LMS plugin to the latest available version.

Plugin: Hide Admin Bar Based on User Roles

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Hide Admin Bar Based on User Roles plugin to the latest available version.

Plugin: Easy Responsive Pricing Tables

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: CO2ok: carbon offsetting for e-commerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CO2ok: carbon offsetting for e-commerce plugin to the latest available version.

Plugin: Convoworks WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Convoworks WP plugin to the latest available version.

Plugin: CF7 Constant Contact Fields Mapping

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Multicollab – Google Doc-Style Editorial Commenting for WordPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress plugin to the latest available version.

Plugin: Divi Contact Form 7

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Contact Form 7 plugin to the latest available version.

Plugin: WordPress Easy Call Now Button by elixirs.io

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Blocksy Companion

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocksy Companion plugin to the latest available version.

Plugin: DiviTorque – Divi Theme, Divi Builder and Extra Theme

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme plugin to the latest available version.

Plugin: AnyWhere Elementor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.8
Recommended Action: Update the WordPress AnyWhere Elementor plugin to the latest available version (at least 1.2.8).

Plugin: Advanced WC Analytics – Google Analytics Dashboard for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced WC Analytics – Google Analytics Dashboard for WooCommerce plugin to the latest available version.

Plugin: bbResolutions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Activity Log For MainWP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Activity Log For MainWP plugin to the latest available version.

Plugin: Display WP Admin Pages in the Frontend – WP Frontend Admin

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest available version.

Plugin: EthereumICO

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EthereumICO plugin to the latest available version.

Plugin: Extend Filter Products By Price Widget

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Expandable Paywall

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Expandable Paywall plugin to the latest available version.

Plugin: Joli FAQ SEO – WordPress FAQ Plugin

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Joli FAQ SEO – WordPress FAQ Plugin plugin to the latest available version.

Plugin: Map Plugin alternative to Google Maps using MapQuest, with directions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Map Plugin alternative to Google Maps using MapQuest, with directions plugin to the latest available version.

Plugin: FormsCRM

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress FormsCRM plugin to the latest available version.

Plugin: Go Fetch Jobs (for WP Job Manager)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WordPress Team Members – GS Plugins

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version.

Plugin: Image Carousel For Divi

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Image Carousel For Divi plugin to the latest available version.

Plugin: Import Holded for WooCommerce or Easy Digital Downloads

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Import Holded for WooCommerce or Easy Digital Downloads plugin to the latest available version.

Plugin: Market Exporter

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Market Exporter plugin to the latest available version.

Plugin: WordPress Gallery Plugin – Limb Image Gallery

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Gallery Plugin – Limb Image Gallery plugin to the latest available version.

Plugin: Menu Item Scheduler

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Mobile App Editor – WordPress to Android App Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mobile App Editor – WordPress to Android App Builder plugin to the latest available version.

Plugin: Gift Message for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gift Message for WooCommerce plugin to the latest available version.

Plugin: Checkbox

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Checkbox plugin to the latest available version.

Plugin: DancePress (TRWA)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Greenshift – animation and page builder blocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version.

Plugin: eRoom – Zoom Meetings & Webinar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress eRoom – Zoom Meetings & Webinar plugin to the latest available version.

Plugin: Cost Calculator Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Cost Calculator Builder plugin to the latest available version.

Plugin: Frontend Admin – Add and edit posts, pages, users and more all from the frontend

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Frontend Admin – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.

Plugin: ACF Frontend – Add and edit posts, pages, users and more all from the frontend

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF Frontend – Add and edit posts, pages, users and more all from the frontend plugin to the latest available version.

Plugin: Custom Welcome Guide

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Custom Welcome Guide plugin to the latest available version.

Plugin: Files Download Delay

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Files Download Delay plugin to the latest available version.

Plugin: CAPTCHA 4WP

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CAPTCHA 4WP plugin to the latest available version.

Plugin: Contact Form By Mega Forms – Drag and Drop Form Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version.

Plugin: WordPress Form Builder Plugin – Gutenberg Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Form Builder Plugin – Gutenberg Forms plugin to the latest available version.

Plugin: Multiple Page Generator Plugin – MPG

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.0.0
Recommended Action: Update the WordPress Multiple Page Generator Plugin – MPG plugin to the latest available version (at least 3.0.0).

Plugin: 360 Javascript Viewer

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 360 Javascript Viewer plugin to the latest available version.

Plugin: EmbedPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress EmbedPress plugin to the latest available version.

Plugin: Product Feed Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Feed Manager plugin to the latest available version.

Plugin: 2MB Autocode

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress 2MB Autocode plugin to the latest available version.

Plugin: ACF-VC Integrator

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ACF-VC Integrator plugin to the latest available version.

Plugin:  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT

Vulnerability: WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin <= 2.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT plugin to the latest available version.

Plugin: WooCommerce Attribute Stock – Share Stock Between Products (Lite Version)

Vulnerability: WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin <= 1.2.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Attribute Stock – Share Stock Between Products (Lite Version) plugin to the latest available version.

Plugin: WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner plugin to the latest available version.

Plugin: Blocks Product Editor for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Blocks Product Editor for WooCommerce plugin to the latest available version.

Plugin: BlogPost – BlogPost Widgets – Amazing Blog Layouts

Vulnerability: WordPress BlogPost – BlogPost Widgets – Amazing Blog Layouts plugin <= 1.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form

Vulnerability: WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin <= 1.3.4 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form plugin to the latest available version.

Plugin: BuddyForms Anonymous Author

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Anonymous Author plugin to the latest available version.

Plugin: BuddyForms Attach Post with Group

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Attach Post with Group plugin to the latest available version.

Plugin: BuddyForms Hierarchical Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Hierarchical Posts plugin to the latest available version.

Plugin: Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss plugin to the latest available version.

Plugin: Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss plugin to the latest available version.

Plugin: BuddyForms Posts 2 Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Posts 2 Posts plugin to the latest available version.

Plugin: BuddyForms Remote

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Remote plugin to the latest available version.

Plugin: BuddyForms Moderation ( Former: Review Logic )

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Moderation ( Former: Review Logic ) plugin to the latest available version.

Plugin: BuddyForms Ultimate Member

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Ultimate Member plugin to the latest available version.

Plugin: BuddyForms Form Elements for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyForms Form Elements for WooCommerce plugin to the latest available version.

Plugin: Message Filter for Contact Form 7

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Message Filter for Contact Form 7 plugin to the latest available version.

Plugin: CF7 ReCaptcha Mine

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress CF7 ReCaptcha Mine plugin to the latest available version.

Plugin: Simple Freemius Shop

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Freemius Shop plugin to the latest available version.

Plugin: WordPress Image Compression and Optimizer Plugin – CheetahO

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Image Compression and Optimizer Plugin – CheetahO plugin to the latest available version.

Plugin: Coming Soon Master

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Master plugin to the latest available version.

Plugin: Content Blocks Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Content Blocks Builder plugin to the latest available version.

Plugin: TempTool [Show Current Template Info]

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.1.10
Recommended Action: Update the WordPress TempTool [Show Current Template Info] plugin to the latest available version (at least 1.1.10).

Plugin: DeMomentSomTres Gravity Forms Improvements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).

Plugin: DeMomentSomTres Gravity Forms Improvements

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 201805021810
Recommended Action: Update the WordPress DeMomentSomTres Gravity Forms Improvements plugin to the latest available version (at least 201805021810).

Plugin: DeMomentSomTres Immediate Send

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: DeMomentSomTres Subscribe

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres Subscribe plugin to the latest available version.

Plugin: DeMomentSomTres WordPress Export Posts With Images

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DeMomentSomTres WordPress Export Posts With Images plugin to the latest available version.

Plugin: DEV.LAND

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DEV.LAND plugin to the latest available version.

Plugin: DokoBuilder : DIY Product Bundle for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress DokoBuilder : DIY Product Bundle for WooCommerce plugin to the latest available version.

Plugin: Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor

Vulnerability: WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin <= 2.0.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor plugin to the latest available version.

Plugin: Embed Video Thumbnail

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Embed Video Thumbnail plugin to the latest available version.

Plugin: Enjoy Social Feed plugin for WordPress website

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Enjoy Social Feed plugin for WordPress website plugin to the latest available version.

Plugin: External Media Upload

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress External Media Upload plugin to the latest available version.

Plugin:  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Vulnerability: WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.3.35 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version.

Plugin: Fast Custom Social Share by CodeBard

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Fast Custom Social Share by CodeBard plugin to the latest available version.

Plugin: Contact form builder for Gutenberg – Formello

Vulnerability: WordPress Contact form builder for Gutenberg – Formello plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Contact form builder for Gutenberg – Formello plugin to the latest available version.

Plugin: GraphComment Comment system

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress GraphComment Comment system plugin to the latest available version.

Plugin: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Vulnerability: WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin <= 1.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin to the latest available version.

Plugin: Information for help

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Information for help plugin to the latest available version.

Plugin: Google Maps Plugin by Intergeo

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Google Maps Plugin by Intergeo plugin to the latest available version.

Plugin: WPGutenBlog Demo Import

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPGutenBlog Demo Import plugin to the latest available version.

Plugin: Ultimate LinkedIn Integration

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Ultimate LinkedIn Integration plugin to the latest available version.

Plugin: WP Logger

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin:  Bulk Landing Page Creator for WordPress – LPagery

Vulnerability: WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin <= 1.2.5 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Bulk Landing Page Creator for WordPress – LPagery plugin to the latest available version.

Plugin: Menukaart – Restaurant Menu & Online Ordering with WooCommerce

Vulnerability: WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin <= 1.3 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Menukaart – Restaurant Menu & Online Ordering with WooCommerce plugin to the latest available version.

Plugin: Meta Tag Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Meta Tag Manager plugin to the latest available version.

Plugin: NextGEN Gallery

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress NextGEN Gallery plugin to the latest available version.

Plugin: WP to Twitter

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP to Twitter plugin to the latest available version.

Plugin: Pods

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pods plugin to the latest available version.

Plugin: The Events Calendar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress The Events Calendar plugin to the latest available version.

Plugin: Stop User Enumeration

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop User Enumeration plugin to the latest available version.

Plugin: Popup Maker

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.10.0
Recommended Action: Update the WordPress Popup Maker plugin to the latest available version (at least 1.10.0).

Plugin: Salon booking system

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 8.4.9
Recommended Action: Update the WordPress Salon booking system plugin to the latest available version (at least 8.4.9).

Plugin: Share This Image

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Share This Image plugin to the latest available version.

Plugin: WP Google Review Slider

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Google Review Slider plugin to the latest available version.

Plugin: WP Activity Log

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Activity Log plugin to the latest available version.

Plugin: TI WooCommerce Wishlist

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version.

Plugin: Asset CleanUp: Page Speed Booster

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version.

Plugin: WP Travel

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Travel plugin to the latest available version.

Plugin: Notification

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Notification plugin to the latest available version.

Plugin: Redirect 404 Error Page to Homepage or Custom Page with Logs

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs plugin to the latest available version.

Plugin: Client Invoicing by Sprout Invoices

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Client Invoicing by Sprout Invoices plugin to the latest available version.

Plugin: PowerPack Lite for Beaver Builder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).

Plugin: WP Review Slider

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Review Slider plugin to the latest available version.

Plugin: Server Info

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: New User Approve

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress New User Approve plugin to the latest available version.

Plugin: Order Redirects for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Order Redirects for WooCommerce plugin to the latest available version.

Plugin: Post to Google My Business (Google Business Profile)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Post to Google My Business (Google Business Profile) plugin to the latest available version.

Plugin: SV Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Forms plugin to the latest available version.

Plugin: SV Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Posts plugin to the latest available version.

Plugin: SV Media Library

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Media Library plugin to the latest available version.

Plugin: SV Proven Expert

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Proven Expert plugin to the latest available version.

Plugin: SV Tracking Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Tracking Manager plugin to the latest available version.

Plugin: HuCommerce | Magyar WooCommerce kieg鳺?ek

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin to the latest available version.

Plugin: WordPress Tag Cloud Plugin – Tag Groups

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version.

Plugin: Ultra Elementor Addons

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode) plugin to the latest available version.

Plugin: Gallery Blocks with Lightbox

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Gallery Blocks with Lightbox plugin to the latest available version.

Plugin: Page Builder for Gutenberg – StarterBlocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Spotlight Social Media Feeds

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spotlight Social Media Feeds plugin to the latest available version.

Plugin: WordPress Auto SEO Plugin – Upfiv SEO Wizard

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WooCommerce Tiered Price Table

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Tiered Price Table plugin to the latest available version.

Plugin: RSS Control

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress RSS Control plugin to the latest available version.

Plugin: Protect Uploads with Login – Protect Your Uploads

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Required Taxonomies – Categories and Tags Mandatory

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Required Taxonomies – Categories and Tags Mandatory plugin to the latest available version.

Plugin: Search Field for Gravity Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Field for Gravity Forms plugin to the latest available version.

Plugin: WooCommerce Country Catalogs – Product Country Restrictions

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Country Catalogs – Product Country Restrictions plugin to the latest available version.

Plugin: SV Columns Manager

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV Columns Manager plugin to the latest available version.

Plugin: Bing Custom Search for WordPress

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Bing Custom Search for WordPress plugin to the latest available version.

Plugin: WooBuddy

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooBuddy plugin to the latest available version.

Plugin: WP SPID Italia

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP SPID Italia plugin to the latest available version.

Plugin: WP Tools Divi Blog Carousel

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version.

Plugin: WordPress WooCommerce Sync for Google Sheet

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms plugin to the latest available version.

Plugin: SV100 Companion

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress SV100 Companion plugin to the latest available version.

Plugin: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content plugin to the latest available version.

Plugin: Stripe Express

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stripe Express plugin to the latest available version.

Plugin: WP Scrive by Webbstart

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Scrive by Webbstart plugin to the latest available version.

Plugin: Spanish Market Enhancements for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spanish Market Enhancements for WooCommerce plugin to the latest available version.

Plugin: Pay For Post with WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Pay For Post with WooCommerce plugin to the latest available version.

Plugin: Popups

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Popups plugin to the latest available version.

Plugin: WP Mail Log

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Mail Log plugin to the latest available version.

Plugin: WP VR

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP VR plugin to the latest available version.

Plugin: Simple Author Box

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Author Box plugin to the latest available version.

Plugin: Remove Duplicate Posts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove Duplicate Posts plugin to the latest available version.

Plugin: Quiz Cat

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Quiz Cat plugin to the latest available version.

Plugin: Shipping for Nova Poshta

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Shipping for Nova Poshta plugin to the latest available version.

Plugin: Order Picking For WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress Order Picking For WooCommerce plugin to the latest available version (at least 1.0.2).

Plugin: Easy Photography Portfolio

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Easy Photography Portfolio plugin to the latest available version.

Plugin: Preloader Plus – WordPress Loading Screen Plugin

Vulnerability: WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.0.2 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Preloader Plus – WordPress Loading Screen Plugin plugin to the latest available version.

Plugin: Product Filter Widget for Elementor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Product Filter Widget for Elementor plugin to the latest available version.

Plugin: PublishPress Planner: Organize and Schedule Your WordPress Content

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress PublishPress Planner: Organize and Schedule Your WordPress Content plugin to the latest available version.

Plugin: Remove WP Update Nags

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Remove WP Update Nags plugin to the latest available version.

Plugin: Role Based Bulk Quantity Pricing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Search Console

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Search Console plugin to the latest available version.

Plugin: Seo Optimized Images

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Seo Optimized Images plugin to the latest available version.

Plugin: ShortcodeHub – MultiPurpose Shortcode Builder

Vulnerability: WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin <= 1.3.0 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress ShortcodeHub – MultiPurpose Shortcode Builder plugin to the latest available version.

Plugin:  Simple blueprint installer

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress  Simple blueprint installer plugin to the latest available version.

Plugin: Simple Tour Guide

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Simple Tour Guide plugin to the latest available version.

Plugin: WP News and Scrolling Widgets

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP News and Scrolling Widgets plugin to the latest available version.

Plugin: Spice Blocks

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Spice Blocks plugin to the latest available version.

Plugin: Stellar Places

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stellar Places plugin to the latest available version.

Plugin: Stop WP Emails Going to Spam

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Stop WP Emails Going to Spam plugin to the latest available version.

Plugin: Subaccounts for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Subaccounts for WooCommerce plugin to the latest available version.

Plugin: Terms & Conditions Per Product

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Terms & Conditions Per Product plugin to the latest available version.

Plugin: Ultimate Custom ScrollBar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Ultimate Custom ScrollBar plugin to the latest available version (at least 1.2).

Plugin: Variable Inspector

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Variable Inspector plugin to the latest available version.

Plugin: Video Analytics for Cloudflare Stream

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Video Analytics for Cloudflare Stream plugin to the latest available version.

Plugin: BuddyPress Groups Integration for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress BuddyPress Groups Integration for WooCommerce plugin to the latest available version.

Plugin: Divi Testimonial Plus

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Testimonial Plus plugin to the latest available version.

Plugin: Weglot Translate – Translate your WordPress website and go multilingual

Vulnerability: WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin <= 1.9 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Weglot Translate – Translate your WordPress website and go multilingual plugin to the latest available version.

Plugin: WPEventPartners Demo Import

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPEventPartners Demo Import plugin to the latest available version.

Plugin: WZ Followed Posts – Display what visitors are reading

Vulnerability: WordPress WZ Followed Posts – Display what visitors are reading plugin <= 2.0.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WZ Followed Posts – Display what visitors are reading plugin to the latest available version.

Plugin: WN Flipbox Pro

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 2.1
Recommended Action: Update the WordPress WN Flipbox Pro plugin to the latest available version (at least 2.1).

Plugin: Woocommerce Delivery Date Premium

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WooCommerce Google Ads Dynamic Remarketing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WooCommerce Google Ads Dynamic Remarketing plugin to the latest available version.

Plugin: Live Sales Notification for Woocommerce – Woomotiv

Vulnerability: WordPress Live Sales Notification for Woocommerce – Woomotiv plugin <= 3.3.1 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Live Sales Notification for Woocommerce – Woomotiv plugin to the latest available version.

Plugin: Divi Carousel Lite

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Divi Carousel Lite plugin to the latest available version.

Plugin: WP Cloud Server

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Cloud Server plugin to the latest available version.

Plugin: Coming Soon Pages for WordPress – Coming Soon Booster

Vulnerability: WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin <= 1.0.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Coming Soon Pages for WordPress – Coming Soon Booster plugin to the latest available version.

Plugin: Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp plugin to the latest available version.

Plugin: Mail Bank – #1 Mail SMTP Plugin for WordPress

Vulnerability: WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 3.0.12 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin to the latest available version.

Plugin: WP Native Articles – Instant Articles Plugin for WordPress

Vulnerability: WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin <= 1.1.6 – Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Native Articles – Instant Articles Plugin for WordPress plugin to the latest available version.

Plugin: WP Signals

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Signals plugin to the latest available version.

Plugin: WP Table Pixie

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WP Table Pixie plugin to the latest available version.

Plugin: WPCasa Mail Alert

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update the WordPress WPCasa Mail Alert plugin to the latest available version.

Plugin: Brand

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Cuisine Palace

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Elasta

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.9 of the theme.

Plugin: Amela

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.0.14 of the theme.

Plugin: Speculor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Moose

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Meridia

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 2.2.8 of the theme.

Plugin: Purosa

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.3 of the theme.

Plugin: Villar

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Bani

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: NicheBase

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.3 of the theme.

Plugin: Arendelle

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.1.13 of the theme.

Plugin: Hasium

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Nokke

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Update to at least version 1.2.4 of the theme.

Plugin: Elation

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Unakit

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.

***
Check out the WoW Archive for past Watch Out Wednesday posts.

About the Author

FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Posts

See our site in 3D!

Subscribe to our newsletter and we’ll send you a pair of FocusWP 3D glasses!

Join our free, private Facebook group to network with like minded business owners and pick up tons of useful tips and resources.

Get Focused

Jump on our email list to get weekly tips for getting the most out of your FocusWP team, including task inspo, sample ticket briefs, pricing suggestions, and even email swipe files to help you effortlessly sell to your clients.

We will also occasionally share cool tools we are obsessed with, educational resources, and useful tips to help you run a profitable digital business. 

We'll do our best to send emails at times convenient for you.
This field is for validation purposes and should be left unchanged.