This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: Visualizer
Vulnerability: Other Vulnerability Type
Patched Version: 3.7.10
Recommended Action: Update the WordPress Visualizer plugin to the latest available version (at least 3.7.10).
Plugin: FreeMind WP Browser
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: AnyMind Widget
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP Visitor Statistics (Real Time Traffic)
Vulnerability: SQL Injection
Patched Version: 5.8
Recommended Action: Update the WordPress WP Visitor Statistics plugin to the latest available version (at least 5.8).
Plugin: Ivory Search
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.4.7
Recommended Action: Update the WordPress Ivory Search plugin to the latest available version (at least 5.4.7).
Plugin: WP Video Lightbox
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.9.6
Recommended Action: Update the WordPress WP Video Lightbox plugin to the latest available version (at least 1.9.6).
Plugin: Shareaholic
Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Unyson
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.27
Recommended Action: Update the WordPress to the latest available version (at least 2.7.27).
Plugin: NextScripts
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.3.26
Recommended Action: Update the WordPress NextScripts plugin to the latest available version (at least 4.3.26).
Plugin: Popup Anything
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.7
Recommended Action: Update the WordPress Popup Anything plugin to the latest available version (at least 2.1.7).
Plugin: Name Directory
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.25.4
Recommended Action: Update the WordPress Name Directory plugin to the latest available version (at least 1.25.4).
Plugin: Booster for WooCommerce
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.6.0
Recommended Action: Update the WordPress Booster for WooCommerce plugin to the latest available version (at least 5.6.0).
Plugin: Allow svg files
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of July 1, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Header Footer Code Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.24
Recommended Action: Update the WordPress Header Footer Code Manager plugin to the latest available version (at least 1.1.24).
Plugin: Name Directory
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.25.3
Recommended Action: Update the WordPress Name Directory plugin to the latest available version (at least 1.25.3).
Plugin: Import any XML or CSV File to WordPress
Vulnerability: Other Vulnerability Type
Patched Version: 3.6.8
Recommended Action: Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.6.8).
Plugin: Image Slider Widget
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Gallery for Social Photo
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Download Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.47
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.47).
Plugin: WP Video Lightbox
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.9.5
Recommended Action: Update the WordPress WP Video Lightbox plugin to the latest available version (at least 1.9.5).
Plugin: Popup Builder
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.1.12
Recommended Action: Update the WordPress Popup Builder plugin to the latest available version (at least 4.1.12).
Plugin: Accordions
Vulnerability: Other Vulnerability Type
Patched Version: 2.0.3
Recommended Action: Update the WordPress Accordions plugin to the latest available version (at least 2.0.3).
Plugin: Shortcode Addons
Vulnerability: Settings Change
Patched Version: 3.0.3
Recommended Action: Update the WordPress Shortcode Addons plugin to the latest available version (at least 3.0.3).
Plugin: WordPress Popular Posts
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress WordPress Popular Posts plugin to the latest available version (at least 6.0.0).
Plugin: SP Project & Document Manager
Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Exports and Reports
Vulnerability: CSV Injection
Patched Version: 0.9.2
Recommended Action: Update the WordPress Exports and Reports plugin to the latest available version (at least 0.9.2).
0 Comments