This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Easy WP SMTP, LearnPress, Ocean Extra and more!
Plugin: WordPress Importer
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Envira Photo Gallery
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.4.7
Recommended Action: Update the WordPress Envira Photo Gallery plugin to the latest available version (at least 1.8.4.7).
Plugin: Easy WP SMTP
Vulnerability: PHP Object Injection
Patched Version: 1.5.0
Recommended Action: Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.5.0).
Plugin: AWP Classifieds
Vulnerability: SQL Injection
Patched Version: 4.3
Recommended Action: Update the WordPress AWP Classifieds plugin to the latest available version (at least 4.3).
Plugin: Newspaper
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 12
Recommended Action: Update the WordPress Newspaper theme to the latest available version (at least 12).
Plugin: WP Total Hacks
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Automatic User Roles Switcher
Vulnerability: Privilege Escalation
Patched Version: 1.1.2
Recommended Action: Update the WordPress Automatic User Roles Switcher plugin to the latest available version (at least 1.1.2).
Plugin: PublishPress Capabilities Pro
Vulnerability: PHP Object Injection
Patched Version: 2.5.2
Recommended Action: Update the WordPress PublishPress Capabilities Pro plugin to the latest available version (at least ).
Plugin: PublishPress Capabilities
Vulnerability: PHP Object Injection
Patched Version: 2.5.2
Recommended Action: Update the WordPress PublishPress Capabilities plugin to the latest available version (at least 2.5.2).
Plugin: Ocean Extra
Vulnerability: PHP Object Injection
Patched Version: 2.0.5
Recommended Action: Update the WordPress Ocean Extra plugin to the latest available version (at least 2.0.5).
Plugin: Smart Slider 3
Vulnerability: PHP Object Injection
Patched Version: 3.5.1.11
Recommended Action: Update the WordPress Smart Slider 3 plugin to the latest available version (at least 3.5.1.11).
Plugin: SeoSamba for WordPress Webmasters
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Official Integration for Billingo
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.4.0
Recommended Action: Update the WordPress Official Integration for Billingo plugin to the latest available version (at least 3.4.0).
Plugin: Post Slider
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Customizer Export/Import
Vulnerability: PHP Object Injection
Patched Version: 0.9.5
Recommended Action: Update the WordPress Customizer Export/Import plugin to the latest available version (at least 0.9.5).
Plugin: WP Word Count
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: LearnPress
Vulnerability: PHP Object Injection
Patched Version: 4.1.7.2
Recommended Action: Update the WordPress LearnPress plugin to the latest available version (at least 4.1.7.2).
Plugin: Sabai Discuss
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.14
Recommended Action: Update the WordPress Sabai Discuss plugin to the latest available version (at least 1.4.14).
Plugin: Create Block Theme
Vulnerability: Arbitrary File Upload
Patched Version: 1.2.2
Recommended Action: Update the WordPress Create Block Theme plugin to the latest available version (at least 1.2.2).
Plugin: WP-Polls
Vulnerability: Other Vulnerability Type
Patched Version: 2.77.0
Recommended Action: Update the WordPress WP-Polls plugin to the latest available version (at least 2.77.0).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments