This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: Directorist
Vulnerability: Other Vulnerability Type
Patched Version: 7.3.0
Recommended Action: Update the WordPress Directorist plugin to the latest available version (at least 7.3.0).
Plugin: WP Social Chat
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.5
Recommended Action: Update the WordPress WP Social Chat plugin to the latest available version (at least 6.0.5).
Plugin: Product Slider for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 2.5.7
Recommended Action: Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 2.5.7).
Plugin: WP Coder
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.5.3
Recommended Action: Update the WordPress WP Coder plugin to the latest available version (at least 2.5.3).
Plugin: Automation By Autonami
Vulnerability: Other Vulnerability Type
Patched Version: 2.1.2
Recommended Action: Update the WordPress Automation By Autonami plugin to the latest available version (at least 2.1.2).
Plugin: Rezgo
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.8
Recommended Action: Update the WordPress Rezgo plugin to the latest available version (at least 4.1.8).
Plugin: Feed Them Social
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress Feed Them Social plugin to the latest available version (at least 3.0.1).
Plugin: Feed Them Social
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.1
Recommended Action: Update the WordPress Feed Them Social plugin to the latest available version (at least 3.0.1).
Plugin: Tabs
Vulnerability: Other Vulnerability Type
Patched Version: 3.7.0
Recommended Action: Update the WordPress Tabs plugin to the latest available version (at least 3.7.0).
Plugin: Simple Banner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.12.0
Recommended Action: Update the WordPress Simple Banner plugin to the latest available version (at least 2.12.0).
Plugin: Stockists Manager for Woocommerce
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 12, 2022 and is not available for download. This closure is permanent.
Plugin: Transposh WordPress Translation
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue.
Plugin: Transposh WordPress Translation
Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue.
Plugin: WP-DBManager
Vulnerability: Remote Code Execution (RCE)
Patched Version: 2.80.8
Recommended Action: Update the WordPress WP-DBManager plugin to the latest available version (at least 2.80.8).
Plugin: SearchWP Live Ajax Search
Vulnerability: Other Vulnerability Type
Patched Version: 1.6.2
Recommended Action: Update the WordPress SearchWP Live Ajax Search plugin to the latest available version (at least 1.6.2).
Plugin: Flipbox
Vulnerability: Other Vulnerability Type
Patched Version: 2.6.1
Recommended Action: Update the WordPress Flipbox plugin to the latest available version (at least 2.6.1).
Plugin: Shortcode Addons
Vulnerability: Other Vulnerability Type
Patched Version: 3.2.0
Recommended Action: Update the WordPress Shortcode Addons plugin to the latest available version (at least 3.2.0).
Plugin: VR Calendar
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 5, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Digital Publications by Supsystic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.4
Recommended Action: Update the WordPress Digital Publications by Supsystic plugin to the latest available version (at least 1.7.4).
Plugin: GREYD.SUITE
Vulnerability: Other Vulnerability Type
Patched Version: 1.2.7
Recommended Action: Update the WordPress GREYD.SUITE theme to the latest available version (at least 1.2.7).
Plugin: Duplicate Page and Post
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No fix is available.
Plugin: Team
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark Violation. No fixed version is available.
Plugin: Team
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark Violation. No fixed version is available.
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments