Watch Out Wednesday – September 13, 2023

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Form Maker by 10Web, iFolders, Backup Migration and more!

by | Sep 13, 2023 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – September 13, 2023
This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Form Maker by 10Web, iFolders, Backup Migration and more!

by | Sep 13, 2023 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Form Maker by 10Web, iFolders, Backup Migration and more!

Plugin: Staff / Employee Business Directory for Active Directory

Vulnerability: Improper escaping of LDAP entries vulnerability
Patched Version: 1.2.3
Recommended Action: Update the WordPress Staff / Employee Business Directory for Active Directory plugin to the latest available version (at least 1.2.3).

Plugin: Simple Download Counter

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.6.1
Recommended Action: Update the WordPress Simple Download Counter plugin to the latest available version (at least 1.6.1).

Plugin: My Account Page Editor for Woocommerce

Vulnerability: Subscriber+ Arbitrary File Upload vulnerability
Patched Version: 1.3.2
Recommended Action: Update the WordPress My Account Page Editor for Woocommerce plugin to the latest available version (at least 1.3.2).

Plugin: Form Maker by 10Web

Vulnerability: Unauthenticated Arbitrary File Upload Vulnerability
Patched Version: 1.15.20
Recommended Action: Update the WordPress Form Maker by 10Web plugin to the latest available version (at least 1.15.20).

Plugin: Email Newsletter

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 7.9.0
Recommended Action: Update the WordPress Email Newsletter plugin to the latest available version (at least 7.9.0).

Plugin: rtMedia for WordPress, BuddyPress and bbPress

Vulnerability: Broken Access Control vulnerability
Patched Version: 4.6.15
Recommended Action: Update the WordPress rtMedia for WordPress, BuddyPress and bbPress plugin to the latest available version (at least 4.6.15).

Plugin: Laposta Signup Basic

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.4.2
Recommended Action: Update the WordPress Laposta Signup Basic plugin to the latest available version (at least 1.4.2).

Plugin: iFolders

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.5.1
Recommended Action: Update the WordPress iFolders plugin to the latest available version (at least 1.5.1).

Plugin: User Submitted Posts

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 20230902
Recommended Action: Update the WordPress User Submitted Posts plugin to the latest available version (at least 20230902).

Plugin: Cookie Notice & Consent

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.6.1
Recommended Action: Update the WordPress Cookie Notice & Consent plugin to the latest available version (at least 1.6.1).

Plugin: Flatsome

Vulnerability: Unauthenticated PHP Object Injection vulnerability
Patched Version: 3.17.6
Recommended Action: Update the WordPress Flatsome theme to the latest available version (at least 3.17.6).

Plugin: Media Library Assistant

Vulnerability: Unauthenticated Local/Remote File Inclusion and Code Execution vulnerability
Patched Version: 3.10
Recommended Action: Update the WordPress Media Library Assistant plugin to the latest available version (at least 3.10).

Plugin: WordPress Social Login

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Locatoraid Store Locator

Vulnerability: Reflected XSS vulnerability
Patched Version: 3.9.24
Recommended Action: Update the WordPress Locatoraid Store Locator plugin to the latest available version (at least 3.9.24).

Plugin: Activity Log

Vulnerability: IP Spoofing vulnerability
Patched Version: 2.8.8
Recommended Action: Update the WordPress Activity Log plugin to the latest available version (at least 2.8.8).

Plugin: FileOrganizer

Vulnerability: Admin+ Arbitrary File Access vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Laposta Signup Embed

Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.1.1
Recommended Action: Update the WordPress Laposta Signup Embed plugin to the latest available version (at least 1.1.1).

Plugin: Backup Migration

Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 1.5.1
Recommended Action: Update the WordPress iFolders plugin to the latest available version (at least 1.5.1).

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *