This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Form Maker by 10Web, iFolders, Backup Migration and more!
Plugin: Staff / Employee Business Directory for Active Directory
Vulnerability: Improper escaping of LDAP entries vulnerability
Patched Version: 1.2.3
Recommended Action: Update the WordPress Staff / Employee Business Directory for Active Directory plugin to the latest available version (at least 1.2.3).
Plugin: Simple Download Counter
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.6.1
Recommended Action: Update the WordPress Simple Download Counter plugin to the latest available version (at least 1.6.1).
Plugin: My Account Page Editor for Woocommerce
Vulnerability: Subscriber+ Arbitrary File Upload vulnerability
Patched Version: 1.3.2
Recommended Action: Update the WordPress My Account Page Editor for Woocommerce plugin to the latest available version (at least 1.3.2).
Plugin: Form Maker by 10Web
Vulnerability: Unauthenticated Arbitrary File Upload Vulnerability
Patched Version: 1.15.20
Recommended Action: Update the WordPress Form Maker by 10Web plugin to the latest available version (at least 1.15.20).
Plugin: Email Newsletter
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 7.9.0
Recommended Action: Update the WordPress Email Newsletter plugin to the latest available version (at least 7.9.0).
Plugin: rtMedia for WordPress, BuddyPress and bbPress
Vulnerability: Broken Access Control vulnerability
Patched Version: 4.6.15
Recommended Action: Update the WordPress rtMedia for WordPress, BuddyPress and bbPress plugin to the latest available version (at least 4.6.15).
Plugin: Laposta Signup Basic
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.4.2
Recommended Action: Update the WordPress Laposta Signup Basic plugin to the latest available version (at least 1.4.2).
Plugin: iFolders
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.5.1
Recommended Action: Update the WordPress iFolders plugin to the latest available version (at least 1.5.1).
Plugin: User Submitted Posts
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 20230902
Recommended Action: Update the WordPress User Submitted Posts plugin to the latest available version (at least 20230902).
Plugin: Cookie Notice & Consent
Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.6.1
Recommended Action: Update the WordPress Cookie Notice & Consent plugin to the latest available version (at least 1.6.1).
Plugin: Flatsome
Vulnerability: Unauthenticated PHP Object Injection vulnerability
Patched Version: 3.17.6
Recommended Action: Update the WordPress Flatsome theme to the latest available version (at least 3.17.6).
Plugin: Media Library Assistant
Vulnerability: Unauthenticated Local/Remote File Inclusion and Code Execution vulnerability
Patched Version: 3.10
Recommended Action: Update the WordPress Media Library Assistant plugin to the latest available version (at least 3.10).
Plugin: WordPress Social Login
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Locatoraid Store Locator
Vulnerability: Reflected XSS vulnerability
Patched Version: 3.9.24
Recommended Action: Update the WordPress Locatoraid Store Locator plugin to the latest available version (at least 3.9.24).
Plugin: Activity Log
Vulnerability: IP Spoofing vulnerability
Patched Version: 2.8.8
Recommended Action: Update the WordPress Activity Log plugin to the latest available version (at least 2.8.8).
Plugin: FileOrganizer
Vulnerability: Admin+ Arbitrary File Access vulnerability
Patched Version: None
Recommended Action: No patched version available.
Plugin: Laposta Signup Embed
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.1.1
Recommended Action: Update the WordPress Laposta Signup Embed plugin to the latest available version (at least 1.1.1).
Plugin: Backup Migration
Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.5.1
Recommended Action: Update the WordPress iFolders plugin to the latest available version (at least 1.5.1).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments