Watch Out Wednesday – November 23, 2022

woman with surprised expression looking through binoculars, captioned watch out wednesday

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including All In One WP Security & Firewall, Betheme, ProfileGridl and more!

Plugin: YITH WooCommerce Gift Cards Premium

Vulnerability: Arbitrary File Upload
Patched Version: 3.20.0
Recommended Action: Update the WordPress YITH WooCommerce Gift Cards Premium plugin to the latest available version (at least 3.20.0).

Plugin: All In One WP Security & Firewall

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.1.1
Recommended Action: Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 5.1.1).

Plugin: Responsive Lightbox2

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.4
Recommended Action: Update the WordPress Responsive Lightbox2 plugin to the latest available version (at least 1.0.4).

Plugin: WP Stripe Checkout

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.21
Recommended Action: Update the WordPress WP Stripe Checkout plugin to the latest available version (at least 1.2.2.21).

Plugin: Videojs HTML5 Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.9
Recommended Action: Update the WordPress Videojs HTML5 Player plugin to the latest available version (at least 1.1.9).

Plugin: Flowplayer Video Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.5
Recommended Action: Update the WordPress Flowplayer Video Player plugin to the latest available version (at least 1.0.5).

Plugin: Checkout for PayPal

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.14
Recommended Action: Update the WordPress Checkout for PayPal plugin to the latest available version (at least 1.0.14).

Plugin: Easy Video Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.3
Recommended Action: Update the WordPress Easy Video Player plugin to the latest available version (at least 1.2.2.3).

Plugin: SMSA Shipping for WooCommerce

Vulnerability: Arbitrary File Download
Patched Version: 1.0.5
Recommended Action: Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version (at least 1.0.5).

Theme: Betheme

Vulnerability: PHP Object Injection
Vulnerability: Other Vulnerability Type
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Update the WordPress Betheme theme to the latest available version (at least 26.6).

Plugin: Car Dealer

Vulnerability: Other Vulnerability Type
Patched Version: 3.05
Recommended Action: Update the WordPress Car Dealer plugin to the latest available version (at least 3.05).

Plugin: Anti Hacker

Vulnerability: Other Vulnerability Type
Patched Version: 4.20
Recommended Action: Update the WordPress Anti Hacker plugin to the latest available version (at least 4.20).

Plugin: WP memory

Vulnerability: Other Vulnerability Type
Patched Version: 2.46
Recommended Action: Update the WordPress WP memory plugin to the latest available version (at least 2.46).

Plugin: StopBadBots

Vulnerability: Other Vulnerability Type
Patched Version: 7.24
Recommended Action: Update the WordPress StopBadBots plugin to the latest available version (at least 7.24).

Plugin: WP Tools

Vulnerability: Other Vulnerability Type
Patched Version: 3.43
Recommended Action: Update the WordPress WP Tools plugin to the latest available version (at least 3.43).

Plugin: Plugin for Google Reviews

Vulnerability: Other Vulnerability Type
Patched Version: 2.2.3
Recommended Action: Update the WordPress Plugin for Google Reviews plugin to the latest available version (at least 2.2.3).

Plugin: iFeature Slider

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the author.

Plugin: WooSwipe WooCommerce Gallery

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: ULTIMATE TABLES

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: ProfileGrid

Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Anthologize

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.8.1
Recommended Action: Update the WordPress Anthologize plugin to the latest available version (at least 0.8.1).

Plugin: Ezoic

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.8.9
Recommended Action: Update the WordPress Ezoic plugin to the latest available version (at least 2.8.9).

Plugin: wpForo Forum

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1.0
Recommended Action: Update the WordPress wpForo Forum plugin to the latest available version (at least 2.1.0).

Plugin: Chameleon

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.4
Recommended Action: Update the WordPress Chameleon plugin to the latest available version (at least 1.4.4).

Plugin: News Announcement Scroll

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 9.0.0
Recommended Action: Update the WordPress News Announcement Scroll plugin to the latest available version (at least 9.0.0).

Plugin: Crowdsignal Dashboard – Polls, Surveys & more

Vulnerability: Privilege Escalation
Patched Version: 3.0.10
Recommended Action: Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version (at least 3.0.10).

Plugin: DPD Baltic Shipping

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.11
Recommended Action: Update the WordPress DPD Baltic Shipping plugin to the latest available version (at least 1.2.11).

Plugin: BeCustom

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.0.5.3
Recommended Action: Update the WordPress BeCustom plugin to the latest available version (at least 1.0.5.3).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

About the Author

FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment Cancel reply

Scaling Your Remote Business with Eric Dingler and Stephanie Hudson

by Focus On Copy | Mar 8, 2024

Scaling your remote business may seem daunting, but it can absolutely be done. The pathway to success is paved with strategic delegation, effective communication, and leveraging the right resources. In episode 8 of the Digital Nomad Entrepreneur podcast, Eric Dingler...

How to comply with 2024 Google and Yahoo email sender requirements

by Stephanie Hudson | Jan 30, 2024

Google and Yahoo have dropped the hammer on email senders, which will quite likely impact the email marketing done by you and your clients. To me, this is a bit like a helmet law; it seems crazy that a motorcycle rider needs a LAW to make them wear a helmet when...

Understanding and Optimizing Your XML Sitemap to Boost SEO

by Stephanie Hudson | Jan 23, 2024

In a crowded sea of websites competing for attention, an XML Sitemap can be a beacon for search engines to find and understand your content. You probably create a sitemap for your clients when you build a new website, but are you getting the most out of this easily...

See our site in 3D!

Subscribe to our newsletter and we’ll send you a pair of FocusWP 3D glasses!

Get your glasses

Join our free, private Facebook group to network with like minded business owners and pick up tons of useful tips and resources.

Join Now

Get Focused

Jump on our email list to get weekly tips for getting the most out of your FocusWP team, including task inspo, sample ticket briefs, pricing suggestions, and even email swipe files to help you effortlessly sell to your clients.

We will also occasionally share cool tools we are obsessed with, educational resources, and useful tips to help you run a profitable digital business.

First Name*

Last Name*

Email Address*

Time Zone*

We'll do our best to send emails at times convenient for you.

Phone

This field is for validation purposes and should be left unchanged.

52362