Watch Out Wednesday – November 9, 2022

by FocusWP | Nov 8, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday

Watch Out Wednesday – November 9, 2022

by FocusWP | Nov 8, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including LoginPress, reCAPTCHA, Video Thumbnails and more!

Plugin: Cyklodev WP Notify

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: WP User Merger

Vulnerability: SQL Injection
Patched Version: 1.5.3
Recommended Action: Update the WordPress WP User Merger plugin to the latest available version (at least 1.5.3).

Plugin: WPSmartContracts

Vulnerability: SQL Injection
Patched Version: 1.3.12
Recommended Action: Update the WordPress WPSmartContracts plugin to the latest available version (at least 1.3.12).

Plugin: Awesome Support

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 6.1.2
Recommended Action: Update the WordPress Awesome Support plugin to the latest available version (at least 6.1.2).

Plugin: Checkout Field Editor (Checkout Manager) for WooCommerce

Vulnerability: PHP Object Injection
Patched Version: 1.8.0
Recommended Action: Update the WordPress Checkout Field Editor (Checkout Manager) for WooCommerce plugin to the latest available version (at least 1.8.0).

Plugin: HTML Forms

Vulnerability: SQL Injection
Patched Version: 1.3.25
Recommended Action: Update the WordPress HTML Forms plugin to the latest available version (at least 1.3.25).

Plugin: LoginPress

Vulnerability: Other Vulnerability Type
Patched Version: 1.6.3
Recommended Action: Update the WordPress LoginPress plugin to the latest available version (at least 1.6.3).

Plugin: Testimonial Slider

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Find and Replace All

Vulnerability: Cross Site Request Forgery (CSRF)
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3
Recommended Action: Update the WordPress Find and Replace All plugin to the latest available version (at least 1.3).

Plugin: Image Hover Effects Css3

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Export customers list csv for WooCommerce

Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: reCAPTCHA

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Fancier Author Box by ThematoSoup

Plugin: Google Forms

Plugin: Analytics for WP

Plugin: Beautiful Cookie Consent Banner

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.1
Recommended Action: Update the WordPress Beautiful Cookie Consent Banner plugin to the latest available version (at least 2.9.1).

Plugin: 4ECPS Web Forms

Plugin: Salat Times

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.2
Recommended Action: Update the WordPress Salat Times plugin to the latest available version (at least 3.2.2).

Plugin: Jeeng Push Notifications

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.4
Recommended Action: Update the WordPress Jeeng Push Notifications plugin to the latest available version (at least 2.0.4).

Plugin: Video Thumbnails

Plugin: Font Awesome 4 Menus

Plugin: Download Plugin

Vulnerability: Other Vulnerability Type
Patched Version: 2.0.0
Recommended Action: Update the WordPress Download Plugin plugin to the latest available version (at least 2.0.0).

Plugin: AM-HiLi