This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!
Plugin: WordPress Popular Posts
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress WordPress Popular Posts plugin to the latest available version (at least 6.0.0).
Plugin: SP Project & Document Manager
Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Exports and Reports
Vulnerability: CSV Injection
Patched Version: 0.9.2
Recommended Action: Update the WordPress Exports and Reports plugin to the latest available version (at least 0.9.2).
Plugin: WP Maintenance
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.8
Recommended Action: Update the WordPress WP Maintenance plugin to the latest available version (at least 6.0.8).
Plugin: Custom Product Tabs for WooCommerce
Vulnerability: Broken Authentication
Patched Version: 1.7.9
Recommended Action: Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest available version (at least 1.7.9).
Plugin: WP Meta SEO
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.4.9
Recommended Action: Update the WordPress WP Meta SEO plugin to the latest available version (at least 4.4.9).
Plugin: Simple Page Transition
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: W-DALIL
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Request a Quote
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Request a Quote
Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Contact Form 7 Captcha
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.1.2
Recommended Action: Update the WordPress Contact Form 7 Captcha plugin to the latest available version (at least 0.1.2).
Plugin: Advanced Database Cleaner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.1
Recommended Action: Update the WordPress Advanced Database Cleaner plugin to the latest available version (at least 3.1.1).
Plugin: miniOrange’s Google Authenticator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.5.75
Recommended Action: Update the WordPress miniOrange’s Google Authenticator plugin to the latest available version (at least 5.5.75).
Plugin: OAuth Single Sign On – SSO (OAuth Client)
Vulnerability: Bypass Vulnerability
Patched Version: 6.22.6
Recommended Action: Update the WordPress OAuth Single Sign On – SSO (OAuth Client) plugin to the latest available version (at least 6.22.6).
Plugin: Jquery Validation For Contact Form 7
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.3
Recommended Action: Update the WordPress Jquery Validation For Contact Form 7 plugin to the latest available version (at least 5.3).
Plugin: Discount Rules for WooCommerce
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.4.2
Recommended Action: Update the WordPress Discount Rules for WooCommerce plugin to the latest available version (at least 2.4.2).
Plugin: Stripe Payments
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.64
Recommended Action: Update the WordPress Stripe Payments plugin to the latest available version (at least 2.0.64).
Plugin: Insights from Google PageSpeed
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.0.7
Recommended Action: Update the WordPress Insights from Google PageSpeed plugin to the latest available version (at least 4.0.7).
Plugin: Simple Post Notes
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.6
Recommended Action: Update the WordPress Simple Post Notes plugin to the latest available version (at least 1.7.6).
Plugin: Page Generator
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.6.6
Recommended Action: Update the WordPress Page Generator plugin to the latest available version (at least 1.6.6).
Plugin: Download Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.44
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.44).
Plugin: Download Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.44
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.44).
Plugin: Download Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Download Monitor
Vulnerability: Arbitrary File Download
Patched Version: 4.5.91
Recommended Action: Update the WordPress Download Monitor plugin to the latest available version (at least 4.5.91).
Plugin: Page Generator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.6.5
Recommended Action: Update the WordPress Page Generator plugin to the latest available version (at least 1.6.5).
Plugin: Loading Page with Loading Screen
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.83
Recommended Action: Update the WordPress Loading Page with Loading Screen plugin to the latest available version (at least 1.0.83).
Plugin: Data Tables Generator by Supsystic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.10.20
Recommended Action: Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version (at least 1.10.20).
Plugin: Free Live Chat Support
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: DX Share Selection
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.5
Recommended Action: Update the WordPress DX Share Selection plugin to the latest available version (at least 1.5).
Plugin: 404s
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.5.1
Recommended Action: Update the WordPress 404s plugin to the latest available version (at least 3.5.1).
0 Comments