This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including WP Gateway, Wordfence and more!

Plugin: WPGateway

Vulnerability: Privilege Escalation
Patched Version: N/A
Recommended Action: Deactivate and delete. No fix is available.

Plugin: Photospace Gallery

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: PCA Predict

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 5, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Read more By Adam

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Add Shortcodes Actions And Filters

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: YDS Support Ticket System

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: RD Station

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: wpForo Forum

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.0.6
Recommended Action: Update the WordPress wpForo Forum plugin to the latest available version (at least 2.0.6).

Plugin: Culture Object

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.1
Recommended Action: Update the WordPress Culture Object plugin to the latest available version (at least 4.1.1).

Plugin: Contact Form By Mega Forms – Drag and Drop Form Builder

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.5
Recommended Action: Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version (at least 1.2.5).

Plugin: Export Post Info

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.0
Recommended Action: Update the WordPress Export Post Info plugin to the latest available version (at least 1.2.0).

Plugin: Frontend File Manager

Vulnerability: Arbitrary File Upload
Patched Version: 21.3
Recommended Action: Update the WordPress Frontend File Manager plugin to the latest available version (at least 21.3).

Plugin: Frontend File Manager

Vulnerability: Other Vulnerability Type
Patched Version: 21.3
Recommended Action: Update the WordPress Frontend File Manager plugin to the latest available version (at least 21.3).

Plugin: Goolytics – Simple Google Analytics

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.2
Recommended Action: Update the WordPress Goolytics – Simple Google Analytics plugin to the latest available version (at least 1.1.2).

Plugin: Donation Thermometer

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.3
Recommended Action: Update the WordPress Donation Thermometer plugin to the latest available version (at least 2.1.3).

Plugin: Wordfence

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.6.1
Recommended Action: Update the WordPress Wordfence plugin to the latest available version (at least 7.6.1).

Plugin: BackupBuddy

Vulnerability: Directory Traversal
Patched Version: 8.7.5.0
Recommended Action: Update the WordPress BackupBuddy plugin to the latest available version (at least 8.7.5.0).

***
Check out the WoW Archive for past Watch Out Wednesday posts.