This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including GiveWP, Popup Maker, UpdraftPlus, and more!
Plugin: Webmention
Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 4.0.9
Recommended Action: Update the WordPress Webmention plugin to the latest available version (at least 4.0.9).
Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS) via render_dropdown vulnerability
Vulnerability: Server Side Request Forgery (SSRF) vulnerability
Vulnerability: CSV Injection vulnerability
Vulnerability: Arbitrary Content Deletion vulnerability
Vulnerability: Contributor+ Cross Site Scripting (XSS) vulnerability
Vulnerability: Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability
Patched Version: 2.25.2
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.25.2).
Plugin: External Links
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 2.58
Recommended Action: Update the WordPress External Links plugin to the latest available version (at least 2.58).
Plugin: Popup Maker
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.18.1
Recommended Action: Update the WordPress Popup Maker plugin to the latest available version (at least 1.18.1).
Plugin: 301 Redirects
Vulnerability: WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.72 - Cross-Site Request Forgery vulnerability Patched Version: 2.73 Recommended Action: Update the WordPress 301 Redirects plugin to the latest available version (at least 2.73).
Plugin: UpdraftPlus
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.23.1
Recommended Action: Update the WordPress UpdraftPlus Extension plugin to the latest available version (at least 1.23.1).
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: WordPress Complianz – GDPR/CCPA Cookie Consent plugin < 6.4.2 - Contributor+ Stored XSS vulnerability Patched Version: 6.4.2 Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.4.2).
Plugin: W4 Post List
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.4.5
Recommended Action: Update the WordPress W4 Post List plugin to the latest available version (at least 2.4.5).
Plugin: Daily Prayer Time
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Paytium: Mollie payment forms & donations
Vulnerability: Multiple Missing Authorization vulnerability
Patched Version: 4.4
Recommended Action: Update the WordPress Paytium: Mollie payment forms & donations plugin to the latest available version (at least 4.4).
Plugin: CMP – Coming Soon & Maintenance
Vulnerability: Information Exposure vulnerability
Patched Version: 4.1.7
Recommended Action: Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version (at least 4.1.7).
Plugin: Montonio for WooCommerce
Vulnerability: Server Side Request Forgery (SSRF)
Patched Version: 6.0.2
Recommended Action: Update the WordPress Montonio for WooCommerce plugin to the latest available version (at least 6.0.2).
Plugin: HT Easy GA4 ( Google Analytics 4 )
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.0.7
Recommended Action: Update the WordPress HT Easy GA4 ( Google Analytics 4 ) plugin to the latest available version (at least 1.0.7).
Plugin: Clone
Vulnerability: Broken Access Control vulnerability
Patched Version: 2.3.8
Recommended Action: Update the WordPress Clone plugin to the latest available version (at least 2.3.8).
Plugin: CformsII
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 15.0.5
Recommended Action: Update the WordPress CformsII plugin to the latest available version (at least 15.0.5).
Plugin: Side Menu Lite
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 4.0.1
Recommended Action: Update the WordPress Side Menu Lite plugin to the latest available version (at least 4.0.1).
Plugin: Affiliate Super Assistent
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.5.2
Recommended Action: Update the WordPress Affiliate Super Assistent plugin to the latest available version (at least 1.5.2).
Plugin: Popup box
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 3.4.5
Recommended Action: Update the WordPress Popup box plugin to the latest available version (at least 3.4.5).
Plugin: WooCommerce Checkout Field Manager
Vulnerability: Unauthenticated Arbitrary File Upload vulnerability
Patched Version: 18.0
Recommended Action: Update the WordPress WooCommerce Checkout Field Manager plugin to the latest available version (at least 18.0).
Plugin: Postmatic
Vulnerability: Subscriber+ PHP Object Injection vulnerability
Patched Version: 2.2.10
Recommended Action: Update the WordPress Postmatic plugin to the latest available version (at least 2.2.10).
0 Comments