Watch Out Wednesday – November 1, 2023

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including LiteSpeed Cache, The Plus Addons for Elementor Pro, Slick Popup and more!

Plugin: Finale Lite

Vulnerability: Arbitrary Content Deletion vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WooODT Lite

Vulnerability: Arbitrary Site Option Update vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: The Plus Addons for Elementor Pro

Vulnerability: Unauthenticated Local File Inclusion vulnerability
Patched Version: 5.2.9
Recommended Action: Update the WordPress The Plus Addons for Elementor Pro plugin to the latest available version (at least 5.2.9).

Plugin: Linker

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Slick Popup

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.7.15
Recommended Action: Update the WordPress Slick Popup plugin to the latest available version (at least 1.7.15).

Plugin: ImageLinks Interactive Image Builder

Vulnerability: SQL Injection vulnerability
Patched Version: 1.6.0
Recommended Action: Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version (at least 1.6.0).

Plugin: WooCommerce – Store Exporter

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.2.1
Recommended Action: Update the WordPress WooCommerce – Store Exporter plugin to the latest available version (at least 2.7.2.1).

Plugin: Grid Plus

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: GD Security Headers

Vulnerability: Auth. SQL Injection (SQLi) vulnerability
Patched Version: 1.7.1
Recommended Action: Update the WordPress GD Security Headers plugin to the latest available version (at least 1.7.1).

Plugin: Shortcode Menu

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: FareHarbor for WordPress

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.6.8
Recommended Action: Update the WordPress FareHarbor for WordPress plugin to the latest available version (at least 3.6.8).

Plugin: Jquery news ticker

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.1
Recommended Action: Update the WordPress Jquery news ticker plugin to the latest available version (at least 3.1).

Plugin: Superb slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 13.2
Recommended Action: Update the WordPress Superb slideshow gallery plugin to the latest available version (at least 13.2).

Plugin: Wp photo text slider 50

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.1
Recommended Action: Update the WordPress Wp photo text slider 50 plugin to the latest available version (at least 8.1).

Plugin: WP fade in text news

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress WP fade in text news plugin to the latest available version (at least 12.1).

Plugin: Popup with fancybox

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.6
Recommended Action: Update the WordPress Popup with fancybox plugin to the latest available version (at least 3.6).

Plugin: Vertical Marquee Plugin

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 7.2
Recommended Action: Update the WordPress Vertical Marquee Plugin plugin to the latest available version (at least 7.2).

Plugin: Wp anything slider

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.2
Recommended Action: Update the WordPress Wp anything slider plugin to the latest available version (at least 9.2).

Plugin: Information Reel

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 10.1
Recommended Action: Update the WordPress Information Reel plugin to the latest available version (at least 10.1).

Plugin: Left right image slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Left right image slideshow gallery plugin to the latest available version (at least 12.1).

Plugin: Image horizontal reel scroll slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.1
Recommended Action: Update the WordPress Image vertical reel scroll slideshow plugin to the latest available version (at least 9.1).

Plugin: Jquery accordion slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.2
Recommended Action: Update the WordPress Jquery accordion slideshow plugin to the latest available version (at least 8.2).

Plugin: Up down image slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Up down image slideshow gallery plugin to the latest available version (at least 12.1).

Plugin: wp image slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress wp image slideshow plugin to the latest available version (at least 12.1).

Plugin: Message ticker

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.3
Recommended Action: Update the WordPress Message ticker plugin to the latest available version (at least 9.3).

Plugin: Ads by datafeedr.com

Vulnerability: Unauthenticated Limited Remote Code Execution vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Advanced Booking Calendar

Vulnerability: Authenticated SQL Injection vulnerability
Patched Version: 3.2.12
Recommended Action: Update the WordPress Advanced Booking Calendar plugin to the latest available version (at least 3.2.12).

Plugin: Live updates from Excel

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: idbbee

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: iframe forms

Vulnerability: Authenticated Stored Cross-Site Scripting via iframe Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8).

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8).

Plugin: Image Regenerate & Select Crop

Vulnerability: Sensitive Data Exposure via Log File vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress Image Regenerate & Select Crop plugin to the latest available version (at least 7.3.1).

Plugin: Bellows Accordion Menu

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.4.3
Recommended Action: Update the WordPress Bellows Accordion Menu plugin to the latest available version (at least 1.4.3).

Plugin: PHP to Page

Vulnerability: Authenticated Local File Inclusion to Remote Code Execution via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Simple Shortcodes

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Simple Galleries

Vulnerability: Authenticated PHP Object Injection vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Google Maps made Simple

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Related Products for WooCommerce

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Grid Plus

Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Weather Atlas Widget

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Seraphinite Accelerator

Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 2.20.32
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.32).

Plugin: Accordion

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.7
Recommended Action: Update the WordPress Accordion plugin to the latest available version (at least 2.7).

Plugin: Giveaways and Contests by RafflePress

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.12.2
Recommended Action: Update the WordPress Giveaways and Contests by RafflePress plugin to the latest available version (at least 1.12.2).

Plugin: Buzzsprout Podcasting

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8.5
Recommended Action: Update the WordPress Buzzsprout Podcasting plugin to the latest available version (at least 1.8.5).

Plugin: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Vulnerability: Unauthenticated Arbitrary Option Deletion vulnerability
Patched Version: 2.24.18
Recommended Action: Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.24.18).

Plugin: Assistant – Every Day Productivity Apps

Vulnerability: Auth. Server-Side Request Forgery (SSRF) vulnerability
Patched Version: 1.4.4
Recommended Action: Update the WordPress Assistant plugin to the latest available version (at least 1.4.4).

Plugin: Bonus for Woo

Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 5.8.3
Recommended Action: Update the WordPress Bonus for Woo plugin to the latest available version (at least 5.8.3).

Plugin: PubyDoc

Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Magic Embeds

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Seraphinite Accelerator

Vulnerability: Reflected Cross-Site Scripting vulnerability
Vulnerability: Open Redirect vulnerability
Patched Version: 2.20.29
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.29).

Plugin: Article analytics

Vulnerability: Unauthenticated SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Post Popup

Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to User, Term, and Post Meta Deletion vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to Privilege Escalation vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).

Plugin: TK Google Fonts GDPR Compliant

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.2.12
Recommended Action: Update the WordPress TK Google Fonts GDPR Compliant plugin to the latest available version (at least 2.2.12).

Plugin: 404 Solution

Vulnerability: Authenticated (Administrator+) SQL Injection via orderby vulnerability
Patched Version: 2.34.0
Recommended Action: Update the WordPress 404 Solution plugin to the latest available version (at least 2.34.0).

Plugin: Fathom Analytics

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Patched Version: 3.1.0
Recommended Action: Update the WordPress Fathom Analytics plugin to the latest available version (at least 3.1.0).

Plugin: WP EXtra

Vulnerability: Missing Authorization to Arbitrary Email Sending vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).

Plugin: VK Blocks

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Block vulnerability
Patched Version: 1.64.0.0
Recommended Action: Update the WordPress VK Blocks plugin to the latest available version (at least 1.64.0.0).

Plugin: ICS Calendar

Vulnerability: SSRF and Arbitrary File Read vulnerability
Patched Version: 10.12.0.4
Recommended Action: Update the WordPress ICS Calendar plugin to the latest available version (at least 10.12.0.4).

Plugin: Reusable Text Blocks

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: NinjaTeam Live Chat (Messenger API)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: BSK PDF Manager

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress BSK PDF Manager plugin to the latest available version (at least 3.4.2).

Plugin: Advanced Menu Widget

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Form Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Pre-Orders for WooCommerce

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.14
Recommended Action: Update the WordPress Pre-Orders for WooCommerce plugin to the latest available version (at least 1.2.14).

Plugin: WP Font Awesome

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Delete Me

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Delete Me

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: MomentoPress for Momento360

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress MomentoPress for Momento360 plugin to the latest available version (at least 1.0.2).

Plugin: Very Simple Google Maps

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.9.1
Recommended Action: Update the WordPress Very Simple Google Maps plugin to the latest available version (at least 2.9.1).

Plugin: LiteSpeed Cache

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 5.7
Recommended Action: Update the WordPress LiteSpeed Cache plugin to the latest available version (at least 5.7).

Plugin: Current Menu Item for Custom Post Types

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.6
Recommended Action: Update the WordPress Current Menu Item for Custom Post Types plugin to the latest available version (at least 1.6).

Plugin: Alter

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: EasyRecipe

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Auto Limit Posts Reloaded

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Feather Login Page

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.1.4
Recommended Action: Update the WordPress Feather Login Page plugin to the latest available version (at least 1.1.4).

Plugin: Auto Excerpt everywhere

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Original texts Yandex WebMaster

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Knowledgebase

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 8, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Thumbnail carousel slider

Vulnerability: Cross-Site Request Forgery to Mass Slider Deletion vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail carousel slider plugin to the latest available version (at least 1.0.1).

Plugin: Thumbnail Slider With Lightbox

Vulnerability: Cross-Site Request Forgery to Arbitrary File Upload vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail Slider With Lightbox plugin to the latest available version (at least 1.0.1).

Plugin: Neon text

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Neon text plugin to the latest available version (at least 1.2).

Plugin: News & Blog Designer Pack – WordPress Blog Plugin

Vulnerability: Unauthenticated Remote Code Execution via Local File Inclusion vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version (at least 3.4.2).

Plugin: Animated Counters

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress Animated Counters plugin to the latest available version (at least 1.8).

Plugin: Deeper Comments

Vulnerability: Authenticated Settings Change Vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WordPress CTA

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Download CloudNet360

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: SAHU TikTok Pixel for E-Commerce

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Export WP Page to Static HTML/CSS

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Medialist

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.4.0
Recommended Action: Update the WordPress Medialist plugin to the latest available version (at least 1.4.0).

Plugin: kk Star Ratings

Vulnerability: Broken Access Control vulnerability
Patched Version: 5.4.6
Recommended Action: Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6).

Plugin: WCP OpenWeather

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Generate Dummy Posts

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Custom Header Images

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: YITH WooCommerce Product Add-Ons

Vulnerability: Broken Access Control vulnerability
Patched Version: 4.2.1
Recommended Action: Update the WordPress YITH WooCommerce Product Add-Ons plugin to the latest available version (at least 4.2.1).

Plugin: Custom My Account for Woocommerce

Vulnerability: CSRF to XSS vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Glossary

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: My Shortcodes

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Product Recommendation Quiz for eCommerce

Vulnerability: Broken Access Control vulnerability
Patched Version: 2.2.0
Recommended Action: Update the WordPress Product Recommendation Quiz for eCommerce plugin to the latest available version (at least 2.2.0).

Plugin: Admin and Site Enhancements (ASE)

Vulnerability: Password Protected View Bypass Vulnerability vulnerability
Patched Version: 5.8.0
Recommended Action: Update the WordPress Admin and Site Enhancements (ASE) plugin to the latest available version (at least 5.8.0).

Plugin: Remove Add to Cart WooCommerce

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Word Count

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Simple HTML Sitemap

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Simple User Listing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Ni WooCommerce Sales Report

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: FLOWFACT WP Connector

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Autolinks Manager

Vulnerability: Multiple Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.10.05
Recommended Action: Update the WordPress Autolinks Manager plugin to the latest available version (at least 1.10.05).

Plugin: Parcel Pro

Vulnerability: Open Redirection vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Groundhogg

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.11.11
Recommended Action: Update the WordPress Groundhogg plugin to the latest available version (at least 2.7.11.11).

Plugin: WP EXtra

Vulnerability: Remote Code Execution (RCE) vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).

Plugin: WPPizza

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.18.3
Recommended Action: Update the WordPress WPPizza plugin to the latest available version (at least 3.18.3).

Plugin: User Avatar

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: DeepL Pro API translation

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Spider Facebook

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Category SEO Meta Tags

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: VK Filter Search

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.3.2
Recommended Action: Update the WordPress VK Filter Search plugin to the latest available version (at least 2.3.2).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

About the Author

FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Posts

See our site in 3D!

Subscribe to our newsletter and we’ll send you a pair of FocusWP 3D glasses!

Join our free, private Facebook group to network with like minded business owners and pick up tons of useful tips and resources.

Get Focused

Jump on our email list to get weekly tips for getting the most out of your FocusWP team, including task inspo, sample ticket briefs, pricing suggestions, and even email swipe files to help you effortlessly sell to your clients.

We will also occasionally share cool tools we are obsessed with, educational resources, and useful tips to help you run a profitable digital business. 

We'll do our best to send emails at times convenient for you.
This field is for validation purposes and should be left unchanged.