Watch Out Wednesday – October 19, 2022

by | Oct 18, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – October 19, 2022

by | Oct 18, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WordPress Core, Gutenberg, Contact Form and more!

Plugin: Advanced Custom Fields

Vulnerability: Other Vulnerability Type
Patched Version: 6.0.3
Recommended Action: Update the WordPress Advanced Custom Fields plugin to the latest available version (at least 6.0.3).

Plugin: Gutenberg

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 14.3.1
Recommended Action: Update the WordPress Gutenberg plugin to the latest available version (at least 14.3.1).

CMS: WordPress

Vulnerability: Cross Site Scripting (XSS)
Vulnerability: SQL Injection
Vulnerability: Sensitive Data Exposure
Vulnerability: Cross Site Request Forgery (CSRF)
Vulnerability: Open Redirection
Patched Version: 6.0.3
Recommended Action: Update WordPress to the latest available version (at least 6.0.3).

Plugin: eCommerce Product Catalog

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.72
Recommended Action: Update the WordPress eCommerce Product Catalog plugin to the latest available version (at least 3.0.72).

Plugin: Contact Form Plugin

Vulnerability: CSV Injection
Patched Version: 4.3.13
Recommended Action: Update the WordPress Contact Form Plugin plugin to the latest available version (at least 4.3.13).

Plugin: Easy Digital Downloads

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.0
Recommended Action: Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0).

Plugin: Complianz Premium

Vulnerability: SQL Injection
Patched Version: 6.3.6
Recommended Action: Update the WordPress Complianz Premium plugin to the latest available version (at least 6.3.6).

Plugin: Complianz – GDPR/CCPA Cookie Consent

Vulnerability: SQL Injection
Patched Version: 6.3.4
Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.3.4).

Plugin: WooCommerce Dropshipping

Vulnerability: SQL Injection
Patched Version: 4.4
Recommended Action: Update the WordPress WooCommerce Dropshipping plugin to the latest available version (at least 4.4).

Plugin: Role Based Pricing for WooCommerce

Vulnerability: Other Vulnerability Type
Patched Version: 1.6.3
Recommended Action: Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version (at least 1.6.3).

Plugin: Role Based Pricing for WooCommerce

Vulnerability: Arbitrary File Upload
Patched Version: 1.6.2
Recommended Action: Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version (at least 1.6.2).

Plugin: Shortcodes Ultimate

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.12.1
Recommended Action: Update the WordPress Shortcodes Ultimate plugin to the latest available version (at least 5.12.1).

Plugin: Rock Convert

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.0
Recommended Action: Update the WordPress Rock Convert plugin to the latest available version (at least 3.0.0).

Plugin: Page View Count

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.5.6
Recommended Action: Update the WordPress Page View Count plugin to the latest available version (at least 2.5.6).

Plugin: JReviews

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: Highlight Focus

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Account Manager for WooCommerce

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Accessibility

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: AB Press Optimizer

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: 3com – Asesor de Cookies para normativa española

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Optinly

Vulnerability: Cross Site Request Forgery (CSRF)
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: 5 Anker Connect

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: ALD – AliExpress Dropshipping and Fulfillment for WooCommerce

Vulnerability: Sensitive Data Exposure
Patched Version: 1.1.1
Recommended Action: Update the WordPress ALD – AliExpress Dropshipping and Fulfillment for WooCommerce plugin to the latest available version (at least 1.1.1).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *