Watch Out Wednesday – July 27, 2022

This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jul 26, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – July 27, 2022
This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jul 26, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

Plugin: Directorist

Vulnerability: Other Vulnerability Type
Patched Version: 7.3.0
Recommended Action: Update the WordPress Directorist plugin to the latest available version (at least 7.3.0).

Plugin: WP Social Chat

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.5
Recommended Action: Update the WordPress WP Social Chat plugin to the latest available version (at least 6.0.5).

Plugin: Product Slider for WooCommerce

Vulnerability: Other Vulnerability Type
Patched Version: 2.5.7
Recommended Action: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.5.7).

Plugin: WP Coder

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.5.3
Recommended Action: Update the WordPress WP Coder plugin to the latest available version (at least 2.5.3).

Plugin: Automation By Autonami

Vulnerability: Other Vulnerability Type
Patched Version: 2.1.2
Recommended Action: Update the WordPress Automation By Autonami plugin to the latest available version (at least 2.1.2).

Plugin: Rezgo

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.8
Recommended Action: Update the WordPress Rezgo plugin to the latest available version (at least 4.1.8).

Plugin: Feed Them Social

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress Feed Them Social plugin to the latest available version (at least 3.0.1).

Plugin: Feed Them Social

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress Feed Them Social plugin to the latest available version (at least 3.0.1).

Plugin: Tabs

Vulnerability: Other Vulnerability Type
Patched Version: 3.7.0
Recommended Action: Update the WordPress Tabs plugin to the latest available version (at least 3.7.0).

Plugin: Simple Banner

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.12.0
Recommended Action: Update the WordPress Simple Banner plugin to the latest available version (at least 2.12.0).

Plugin: Stockists Manager for Woocommerce

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 12, 2022 and is not available for download. This closure is permanent.

Plugin: Transposh WordPress Translation

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue.

Plugin: Transposh WordPress Translation

Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue.

Plugin: WP-DBManager

Vulnerability: Remote Code Execution (RCE)
Patched Version: 2.80.8
Recommended Action: Update the WordPress WP-DBManager plugin to the latest available version (at least 2.80.8).

Plugin: SearchWP Live Ajax Search

Vulnerability: Other Vulnerability Type
Patched Version: 1.6.2
Recommended Action: Update the WordPress SearchWP Live Ajax Search plugin to the latest available version (at least 1.6.2).

Plugin: Flipbox

Vulnerability: Other Vulnerability Type
Patched Version: 2.6.1
Recommended Action: Update the WordPress Flipbox plugin to the latest available version (at least 2.6.1).

Plugin: Shortcode Addons

Vulnerability: Other Vulnerability Type
Patched Version: 3.2.0
Recommended Action: Update the WordPress Shortcode Addons plugin to the latest available version (at least 3.2.0).

Plugin: VR Calendar

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 5, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Digital Publications by Supsystic

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.4
Recommended Action: Update the WordPress Digital Publications by Supsystic plugin to the latest available version (at least 1.7.4).

Plugin: GREYD.SUITE

Vulnerability: Other Vulnerability Type
Patched Version: 1.2.7
Recommended Action: Update the WordPress GREYD.SUITE theme to the latest available version (at least 1.2.7).

Plugin: Duplicate Page and Post

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No fix is available.

Plugin: Team

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark Violation. No fixed version is available.

Plugin: Team

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark Violation. No fixed version is available.

 

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *