Watch Out Wednesday – November 23, 2022

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including All In One WP Security & Firewall, Betheme, ProfileGridl and more!

Plugin: YITH WooCommerce Gift Cards Premium

Vulnerability: Arbitrary File Upload
Patched Version: 3.20.0
Recommended Action: Update the WordPress YITH WooCommerce Gift Cards Premium plugin to the latest available version (at least 3.20.0).

Plugin: All In One WP Security & Firewall

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.1.1
Recommended Action: Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 5.1.1).

Plugin: Responsive Lightbox2

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.4
Recommended Action: Update the WordPress Responsive Lightbox2 plugin to the latest available version (at least 1.0.4).

Plugin: WP Stripe Checkout

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.21
Recommended Action: Update the WordPress WP Stripe Checkout plugin to the latest available version (at least 1.2.2.21).

Plugin: Videojs HTML5 Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.9
Recommended Action: Update the WordPress Videojs HTML5 Player plugin to the latest available version (at least 1.1.9).

Plugin: Flowplayer Video Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.5
Recommended Action: Update the WordPress Flowplayer Video Player plugin to the latest available version (at least 1.0.5).

Plugin: Checkout for PayPal

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.14
Recommended Action: Update the WordPress Checkout for PayPal plugin to the latest available version (at least 1.0.14).

Plugin: Easy Video Player

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.2.3
Recommended Action: Update the WordPress Easy Video Player plugin to the latest available version (at least 1.2.2.3).

Plugin: SMSA Shipping for WooCommerce

Vulnerability: Arbitrary File Download
Patched Version: 1.0.5
Recommended Action: Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version (at least 1.0.5).

Theme: Betheme

Vulnerability: PHP Object Injection
Vulnerability: Other Vulnerability Type
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Update the WordPress Betheme theme to the latest available version (at least 26.6).

Plugin: Car Dealer

Vulnerability: Other Vulnerability Type
Patched Version: 3.05
Recommended Action: Update the WordPress Car Dealer plugin to the latest available version (at least 3.05).

Plugin: Anti Hacker

Vulnerability: Other Vulnerability Type
Patched Version: 4.20
Recommended Action: Update the WordPress Anti Hacker plugin to the latest available version (at least 4.20).

Plugin: WP memory

Vulnerability: Other Vulnerability Type
Patched Version: 2.46
Recommended Action: Update the WordPress WP memory plugin to the latest available version (at least 2.46).

Plugin: StopBadBots

Vulnerability: Other Vulnerability Type
Patched Version: 7.24
Recommended Action: Update the WordPress StopBadBots plugin to the latest available version (at least 7.24).

Plugin: WP Tools

Vulnerability: Other Vulnerability Type
Patched Version: 3.43
Recommended Action: Update the WordPress WP Tools plugin to the latest available version (at least 3.43).

Plugin: Plugin for Google Reviews

Vulnerability: Other Vulnerability Type
Patched Version: 2.2.3
Recommended Action: Update the WordPress Plugin for Google Reviews plugin to the latest available version (at least 2.2.3).

Plugin: iFeature Slider

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the author.

Plugin: WooSwipe WooCommerce Gallery

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: ULTIMATE TABLES

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: ProfileGrid

Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Anthologize

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.8.1
Recommended Action: Update the WordPress Anthologize plugin to the latest available version (at least 0.8.1).

Plugin: Ezoic

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.8.9
Recommended Action: Update the WordPress Ezoic plugin to the latest available version (at least 2.8.9).

Plugin: wpForo Forum

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1.0
Recommended Action: Update the WordPress wpForo Forum plugin to the latest available version (at least 2.1.0).

Plugin: Chameleon

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.4
Recommended Action: Update the WordPress Chameleon plugin to the latest available version (at least 1.4.4).

Plugin: News Announcement Scroll

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 9.0.0
Recommended Action: Update the WordPress News Announcement Scroll plugin to the latest available version (at least 9.0.0).

Plugin: Crowdsignal Dashboard – Polls, Surveys & more

Vulnerability: Privilege Escalation
Patched Version: 3.0.10
Recommended Action: Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version (at least 3.0.10).

Plugin: DPD Baltic Shipping

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.11
Recommended Action: Update the WordPress DPD Baltic Shipping plugin to the latest available version (at least 1.2.11).

Plugin: BeCustom

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.0.5.3
Recommended Action: Update the WordPress BeCustom plugin to the latest available version (at least 1.0.5.3).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

About the Author

FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Posts

See our site in 3D!

Subscribe to our newsletter and we’ll send you a pair of FocusWP 3D glasses!

Join our free, private Facebook group to network with like minded business owners and pick up tons of useful tips and resources.

Get Focused

Jump on our email list to get weekly tips for getting the most out of your FocusWP team, including task inspo, sample ticket briefs, pricing suggestions, and even email swipe files to help you effortlessly sell to your clients.

We will also occasionally share cool tools we are obsessed with, educational resources, and useful tips to help you run a profitable digital business. 

We'll do our best to send emails at times convenient for you.
This field is for validation purposes and should be left unchanged.