This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Gateway, Wordfence and more!
Plugin: WPGateway
Vulnerability: Privilege Escalation
Patched Version: N/A
Recommended Action: Deactivate and delete. No fix is available.
Plugin: Photospace Gallery
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: PCA Predict
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Read more By Adam
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Add Shortcodes Actions And Filters
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: YDS Support Ticket System
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: RD Station
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: wpForo Forum
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.0.6
Recommended Action: Update the WordPress wpForo Forum plugin to the latest available version (at least 2.0.6).
Plugin: Culture Object
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.1
Recommended Action: Update the WordPress Culture Object plugin to the latest available version (at least 4.1.1).
Plugin: Contact Form By Mega Forms – Drag and Drop Form Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.5
Recommended Action: Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version (at least 1.2.5).
Plugin: Export Post Info
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.0
Recommended Action: Update the WordPress Export Post Info plugin to the latest available version (at least 1.2.0).
Plugin: Frontend File Manager
Vulnerability: Arbitrary File Upload
Patched Version: 21.3
Recommended Action: Update the WordPress Frontend File Manager plugin to the latest available version (at least 21.3).
Plugin: Frontend File Manager
Vulnerability: Other Vulnerability Type
Patched Version: 21.3
Recommended Action: Update the WordPress Frontend File Manager plugin to the latest available version (at least 21.3).
Plugin: Goolytics – Simple Google Analytics
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.2
Recommended Action: Update the WordPress Goolytics – Simple Google Analytics plugin to the latest available version (at least 1.1.2).
Plugin: Donation Thermometer
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.3
Recommended Action: Update the WordPress Donation Thermometer plugin to the latest available version (at least 2.1.3).
Plugin: Wordfence
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.6.1
Recommended Action: Update the WordPress Wordfence plugin to the latest available version (at least 7.6.1).
Plugin: BackupBuddy
Vulnerability: Directory Traversal
Patched Version: 8.7.5.0
Recommended Action: Update the WordPress BackupBuddy plugin to the latest available version (at least 8.7.5.0).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments