This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WordPress Core, Gutenberg, Contact Form and more!
Plugin: Advanced Custom Fields
Vulnerability: Other Vulnerability Type
Patched Version: 6.0.3
Recommended Action: Update the WordPress Advanced Custom Fields plugin to the latest available version (at least 6.0.3).
Plugin: Gutenberg
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 14.3.1
Recommended Action: Update the WordPress Gutenberg plugin to the latest available version (at least 14.3.1).
CMS: WordPress
Vulnerability: Cross Site Scripting (XSS)
Vulnerability: SQL Injection
Vulnerability: Sensitive Data Exposure
Vulnerability: Cross Site Request Forgery (CSRF)
Vulnerability: Open Redirection
Patched Version: 6.0.3
Recommended Action: Update WordPress to the latest available version (at least 6.0.3).
Plugin: eCommerce Product Catalog
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.72
Recommended Action: Update the WordPress eCommerce Product Catalog plugin to the latest available version (at least 3.0.72).
Plugin: Contact Form Plugin
Vulnerability: CSV Injection
Patched Version: 4.3.13
Recommended Action: Update the WordPress Contact Form Plugin plugin to the latest available version (at least 4.3.13).
Plugin: Easy Digital Downloads
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.0
Recommended Action: Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0).
Plugin: Complianz Premium
Vulnerability: SQL Injection
Patched Version: 6.3.6
Recommended Action: Update the WordPress Complianz Premium plugin to the latest available version (at least 6.3.6).
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: SQL Injection
Patched Version: 6.3.4
Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.3.4).
Plugin: WooCommerce Dropshipping
Vulnerability: SQL Injection
Patched Version: 4.4
Recommended Action: Update the WordPress WooCommerce Dropshipping plugin to the latest available version (at least 4.4).
Plugin: Role Based Pricing for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 1.6.3
Recommended Action: Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version (at least 1.6.3).
Plugin: Role Based Pricing for WooCommerce
Vulnerability: Arbitrary File Upload
Patched Version: 1.6.2
Recommended Action: Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version (at least 1.6.2).
Plugin: Shortcodes Ultimate
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 5.12.1
Recommended Action: Update the WordPress Shortcodes Ultimate plugin to the latest available version (at least 5.12.1).
Plugin: Rock Convert
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.0
Recommended Action: Update the WordPress Rock Convert plugin to the latest available version (at least 3.0.0).
Plugin: Page View Count
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.5.6
Recommended Action: Update the WordPress Page View Count plugin to the latest available version (at least 2.5.6).
Plugin: JReviews
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.
Plugin: Highlight Focus
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Account Manager for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Accessibility
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: AB Press Optimizer
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: 3com – Asesor de Cookies para normativa española
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Optinly
Vulnerability: Cross Site Request Forgery (CSRF)
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: 5 Anker Connect
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: ALD – AliExpress Dropshipping and Fulfillment for WooCommerce
Vulnerability: Sensitive Data Exposure
Patched Version: 1.1.1
Recommended Action: Update the WordPress ALD – AliExpress Dropshipping and Fulfillment for WooCommerce plugin to the latest available version (at least 1.1.1).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments