This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Sucuri Security, Simple File List and more!
Plugin: Simple File List
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.4.13
Recommended Action: Update the WordPress Simple File List plugin to the latest available version (at least 4.4.13).
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.4.12
Recommended Action: Update the WordPress Simple File List plugin to the latest available version (at least 4.4.12).
Plugin: Memberpress Downloads
Vulnerability: Arbitrary File Upload
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Download Monitor
Vulnerability: Arbitrary File Download
Patched Version: 4.5.98
Recommended Action: Update the WordPress Download Monitor plugin to the latest available version (at least 4.5.98).
Plugin: Top Bar
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.4
Recommended Action: Update the WordPress Top Bar plugin to the latest available version (at least 3.0.4).
Plugin: Social Rocket
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.3
Recommended Action: Update the WordPress Social Rocket plugin to the latest available version (at least 1.3.3).
Plugin: Contact Form by WPForms
Vulnerability: Directory Traversal
Patched Version: 1.7.5.5
Recommended Action: Update the WordPress Contact Form by WPForms plugin to the latest available version (at least 1.7.5.5).
Plugin: reSmush.it
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.4.6
Recommended Action: Update the WordPress reSmush.it plugin to the latest available version (at least 0.4.6).
Plugin: Booster Plus for WooCommerce
Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 5.6.1
Recommended Action: Update the WordPress Booster Plus for WooCommerce plugin to the latest available version (at least 5.6.1).
Plugin: Booster for WooCommerce
Vulnerability: Insecure Direct Object References (IDOR)
Patched Version: 5.6.3
Recommended Action: Update the WordPress Booster for WooCommerce plugin to the latest available version (at least 5.6.3).
Plugin: SearchWP Live Ajax Search
Vulnerability: Local File Inclusion
Patched Version: 1.6.3
Recommended Action: Update the WordPress SearchWP Live Ajax Search plugin to the latest available version (at least 1.6.3).
Plugin: CPO Shortcodes
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Taskbuilder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.8
Recommended Action: Update the WordPress Taskbuilder plugin to the latest available version (at least 1.0.8).
Plugin: Awesome Filterable Portfolio
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Awesome Filterable Portfolio
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: GS Testimonial Slider
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.9.7
Recommended Action: Update the WordPress GS Testimonial Slider plugin to the latest available version (at least 1.9.7).
Plugin: Awesome Support
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.8
Recommended Action: Update the WordPress Awesome Support plugin to the latest available version (at least 6.0.8).
Plugin: Rate my Post – WP Rating System
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.3.5
Recommended Action: Update the WordPress Rate my Post – WP Rating System plugin to the latest available version (at least 3.3.5).
Plugin: Advanced Dynamic Pricing for WooCommerce
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.1.4
Recommended Action: Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest available version (at least 4.1.4).
Plugin: Sucuri Security
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.8.34
Recommended Action: Update the WordPress Sucuri Security plugin to the latest available version (at least 1.8.34).
Plugin: Notice Board
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.
Plugin: Disable User Login
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: No patched version available.
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments