Watch Out Wednesday – September 21, 2022

by | Sep 20, 2022 | WoW Archive

woman with surprised expression looking through binoculars, captioned watch out wednesday
woman with surprised expression looking through binoculars, captioned watch out wednesday
Watch Out Wednesday – September 21, 2022

by | Sep 20, 2022 | WoW Archive

This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Sucuri Security, Simple File List and more!

Plugin: Simple File List

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.4.13
Recommended Action: Update the WordPress Simple File List plugin to the latest available version (at least 4.4.13).

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.4.12
Recommended Action: Update the WordPress Simple File List plugin to the latest available version (at least 4.4.12).

Plugin: Memberpress Downloads

Vulnerability: Arbitrary File Upload
Patched Version: N/A
Recommended Action: No patched version available.

Plugin: Download Monitor

Vulnerability: Arbitrary File Download
Patched Version: 4.5.98
Recommended Action: Update the WordPress Download Monitor plugin to the latest available version (at least 4.5.98).

Plugin: Top Bar

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.4
Recommended Action: Update the WordPress Top Bar plugin to the latest available version (at least 3.0.4).

Plugin: Social Rocket

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.3
Recommended Action: Update the WordPress Social Rocket plugin to the latest available version (at least 1.3.3).

Plugin: Contact Form by WPForms

Vulnerability: Directory Traversal
Patched Version: 1.7.5.5
Recommended Action: Update the WordPress Contact Form by WPForms plugin to the latest available version (at least 1.7.5.5).

Plugin: reSmush.it

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.4.6
Recommended Action: Update the WordPress reSmush.it plugin to the latest available version (at least 0.4.6).

Plugin: Booster Plus for WooCommerce

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 5.6.1
Recommended Action: Update the WordPress Booster Plus for WooCommerce plugin to the latest available version (at least 5.6.1).

Plugin: Booster for WooCommerce

Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 5.6.3
Recommended Action: Update the WordPress Booster for WooCommerce plugin to the latest available version (at least 5.6.3).

Plugin: SearchWP Live Ajax Search

Vulnerability: Local File Inclusion
Patched Version: 1.6.3
Recommended Action: Update the WordPress SearchWP Live Ajax Search plugin to the latest available version (at least 1.6.3).

Plugin: CPO Shortcodes

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Taskbuilder

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.8
Recommended Action: Update the WordPress Taskbuilder plugin to the latest available version (at least 1.0.8).

Plugin: Awesome Filterable Portfolio

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Awesome Filterable Portfolio

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: GS Testimonial Slider

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.9.7
Recommended Action: Update the WordPress GS Testimonial Slider plugin to the latest available version (at least 1.9.7).

Plugin: Awesome Support

Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.8
Recommended Action: Update the WordPress Awesome Support plugin to the latest available version (at least 6.0.8).

Plugin: Rate my Post – WP Rating System

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.3.5
Recommended Action: Update the WordPress Rate my Post – WP Rating System plugin to the latest available version (at least 3.3.5).

Plugin: Advanced Dynamic Pricing for WooCommerce

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.1.4
Recommended Action: Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest available version (at least 4.1.4).

Plugin: Sucuri Security

Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.8.34
Recommended Action: Update the WordPress Sucuri Security plugin to the latest available version (at least 1.8.34).

Plugin: Notice Board

Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.

Plugin: Disable User Login

Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version available.

***
Check out the WoW Archive for past Watch Out Wednesday posts.

Meet the Author: FocusWP
FocusWP provides educational and informational resources to help you improve your business and serve your clients. Go get 'em, Boss!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *