Watch Out Wednesday – June 29, 2022

This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jun 29, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – June 29, 2022
This Week's Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

by | Jun 29, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Code Snippets, iQ Block Country, User Meta and more!

 

Plugin: WordPress Popular Posts

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress WordPress Popular Posts plugin to the latest available version (at least 6.0.0).

Plugin: SP Project & Document Manager

Vulnerability: Sensitive Data Exposure
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Exports and Reports

Vulnerability: CSV Injection
Patched Version: 0.9.2
Recommended Action: Update the WordPress Exports and Reports plugin to the latest available version (at least 0.9.2).

Plugin: WP Maintenance

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.8
Recommended Action: Update the WordPress WP Maintenance plugin to the latest available version (at least 6.0.8).

Plugin: Custom Product Tabs for WooCommerce

Vulnerability: Broken Authentication
Patched Version: 1.7.9
Recommended Action: Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest available version (at least 1.7.9).

Plugin: WP Meta SEO

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.4.9
Recommended Action: Update the WordPress WP Meta SEO plugin to the latest available version (at least 4.4.9).

Plugin: Simple Page Transition

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: W-DALIL

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Request a Quote

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Request a Quote

Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Contact Form 7 Captcha

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.1.2
Recommended Action: Update the WordPress Contact Form 7 Captcha plugin to the latest available version (at least 0.1.2).

Plugin: Advanced Database Cleaner

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.1
Recommended Action: Update the WordPress Advanced Database Cleaner plugin to the latest available version (at least 3.1.1).

Plugin: miniOrange’s Google Authenticator

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.5.75
Recommended Action: Update the WordPress miniOrange’s Google Authenticator plugin to the latest available version (at least 5.5.75).

Plugin: OAuth Single Sign On – SSO (OAuth Client)

Vulnerability: Bypass Vulnerability
Patched Version: 6.22.6
Recommended Action: Update the WordPress OAuth Single Sign On – SSO (OAuth Client) plugin to the latest available version (at least 6.22.6).

Plugin: Jquery Validation For Contact Form 7

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.3
Recommended Action: Update the WordPress Jquery Validation For Contact Form 7 plugin to the latest available version (at least 5.3).

Plugin: Discount Rules for WooCommerce

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.4.2
Recommended Action: Update the WordPress Discount Rules for WooCommerce plugin to the latest available version (at least 2.4.2).

Plugin: Stripe Payments

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.64
Recommended Action: Update the WordPress Stripe Payments plugin to the latest available version (at least 2.0.64).

Plugin: Insights from Google PageSpeed

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.0.7
Recommended Action: Update the WordPress Insights from Google PageSpeed plugin to the latest available version (at least 4.0.7).

Plugin: Simple Post Notes

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.6
Recommended Action: Update the WordPress Simple Post Notes plugin to the latest available version (at least 1.7.6).

Plugin: Page Generator

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.6.6
Recommended Action: Update the WordPress Page Generator plugin to the latest available version (at least 1.6.6).

Plugin: Download Manager

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.44
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.44).

Plugin: Download Manager

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.44
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.44).

Plugin: Download Manager

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Download Monitor

Vulnerability: Arbitrary File Download
Patched Version: 4.5.91
Recommended Action: Update the WordPress Download Monitor plugin to the latest available version (at least 4.5.91).

Plugin: Page Generator

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.6.5
Recommended Action: Update the WordPress Page Generator plugin to the latest available version (at least 1.6.5).

Plugin: Loading Page with Loading Screen

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.83
Recommended Action: Update the WordPress Loading Page with Loading Screen plugin to the latest available version (at least 1.0.83).

Plugin: Data Tables Generator by Supsystic

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.10.20
Recommended Action: Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version (at least 1.10.20).

Plugin: Free Live Chat Support

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: DX Share Selection

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.5
Recommended Action: Update the WordPress DX Share Selection plugin to the latest available version (at least 1.5).

Plugin: 404s

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.5.1
Recommended Action: Update the WordPress 404s plugin to the latest available version (at least 3.5.1).

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *