This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including All In One WP Security & Firewall, Betheme, ProfileGridl and more!
Plugin: YITH WooCommerce Gift Cards Premium
Vulnerability: Arbitrary File Upload
Patched Version: 3.20.0
Recommended Action: Update the WordPress YITH WooCommerce Gift Cards Premium plugin to the latest available version (at least 3.20.0).
Plugin: All In One WP Security & Firewall
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.1.1
Recommended Action: Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 5.1.1).
Plugin: Responsive Lightbox2
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.4
Recommended Action: Update the WordPress Responsive Lightbox2 plugin to the latest available version (at least 1.0.4).
Plugin: WP Stripe Checkout
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.21
Recommended Action: Update the WordPress WP Stripe Checkout plugin to the latest available version (at least 1.2.2.21).
Plugin: Videojs HTML5 Player
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.9
Recommended Action: Update the WordPress Videojs HTML5 Player plugin to the latest available version (at least 1.1.9).
Plugin: Flowplayer Video Player
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.5
Recommended Action: Update the WordPress Flowplayer Video Player plugin to the latest available version (at least 1.0.5).
Plugin: Checkout for PayPal
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.14
Recommended Action: Update the WordPress Checkout for PayPal plugin to the latest available version (at least 1.0.14).
Plugin: Easy Video Player
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.3
Recommended Action: Update the WordPress Easy Video Player plugin to the latest available version (at least 1.2.2.3).
Plugin: SMSA Shipping for WooCommerce
Vulnerability: Arbitrary File Download
Patched Version: 1.0.5
Recommended Action: Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version (at least 1.0.5).
Theme: Betheme
Vulnerability: PHP Object Injection
Vulnerability: Other Vulnerability Type
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Update the WordPress Betheme theme to the latest available version (at least 26.6).
Plugin: Car Dealer
Vulnerability: Other Vulnerability Type
Patched Version: 3.05
Recommended Action: Update the WordPress Car Dealer plugin to the latest available version (at least 3.05).
Plugin: Anti Hacker
Vulnerability: Other Vulnerability Type
Patched Version: 4.20
Recommended Action: Update the WordPress Anti Hacker plugin to the latest available version (at least 4.20).
Plugin: WP memory
Vulnerability: Other Vulnerability Type
Patched Version: 2.46
Recommended Action: Update the WordPress WP memory plugin to the latest available version (at least 2.46).
Plugin: StopBadBots
Vulnerability: Other Vulnerability Type
Patched Version: 7.24
Recommended Action: Update the WordPress StopBadBots plugin to the latest available version (at least 7.24).
Plugin: WP Tools
Vulnerability: Other Vulnerability Type
Patched Version: 3.43
Recommended Action: Update the WordPress WP Tools plugin to the latest available version (at least 3.43).
Plugin: Plugin for Google Reviews
Vulnerability: Other Vulnerability Type
Patched Version: 2.2.3
Recommended Action: Update the WordPress Plugin for Google Reviews plugin to the latest available version (at least 2.2.3).
Plugin: iFeature Slider
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the author.
Plugin: WooSwipe WooCommerce Gallery
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: ULTIMATE TABLES
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: ProfileGrid
Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Anthologize
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.8.1
Recommended Action: Update the WordPress Anthologize plugin to the latest available version (at least 0.8.1).
Plugin: Ezoic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.8.9
Recommended Action: Update the WordPress Ezoic plugin to the latest available version (at least 2.8.9).
Plugin: wpForo Forum
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1.0
Recommended Action: Update the WordPress wpForo Forum plugin to the latest available version (at least 2.1.0).
Plugin: Chameleon
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.4
Recommended Action: Update the WordPress Chameleon plugin to the latest available version (at least 1.4.4).
Plugin: News Announcement Scroll
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 9.0.0
Recommended Action: Update the WordPress News Announcement Scroll plugin to the latest available version (at least 9.0.0).
Plugin: Crowdsignal Dashboard – Polls, Surveys & more
Vulnerability: Privilege Escalation
Patched Version: 3.0.10
Recommended Action: Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version (at least 3.0.10).
Plugin: DPD Baltic Shipping
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.11
Recommended Action: Update the WordPress DPD Baltic Shipping plugin to the latest available version (at least 1.2.11).
Plugin: BeCustom
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.0.5.3
Recommended Action: Update the WordPress BeCustom plugin to the latest available version (at least 1.0.5.3).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments