WP Security Roundup: December 27, 2023

Thisย  WP Security Roundup shows the latest WordPress vulnerabilities including Amelia, BookingPress, Paid Memberships Pro and more!

ย 

Plugin: Sensei LMS

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 4.18.0
Recommended Action: Update the WordPress Sensei LMS plugin to the latest available version (at least 4.18.0).

ย 

Plugin: Ajax Load More

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 6.2.0
Recommended Action: Update the WordPress Ajax Load More plugin to the latest available version (at least 6.2.0).

ย 

Plugin: Add Any Extension to Pages

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.5
Recommended Action: Update the WordPress Add Any Extension to Pages plugin to the latest available version (at least 1.5).

ย 

Plugin: HUSKY โ€“ Products Filter for WooCommerce (formerly WOOF)

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.3.4.4
Recommended Action: Update the WordPress HUSKY โ€“ Products Filter for WooCommerce (formerly WOOF) plugin to the latest available version (at least 1.3.4.4).

ย 

Plugin: Amelia

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.86
Recommended Action: Update the WordPress Amelia plugin to the latest available version (at least 1.0.86).

ย 

Plugin: WP Crowdfunding

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.1.7
Recommended Action: Update the WordPress WP Crowdfunding plugin to the latest available version (at least 2.1.7).

ย 

Plugin: Anti Hacker

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 4.35
Recommended Action: Update the WordPress Anti Hacker plugin to the latest available version (at least 4.35).

ย 

Plugin: Uncode Core

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Vulnerability: Arbitrary File Deletion vulnerability
Vulnerability: Privilege Escalation vulnerability
Patched Version: 2.8.9
Recommended Action: Update the WordPress Uncode Core plugin to the latest available version (at least 2.8.9).

ย 

Plugin: Automation By Autonami

Vulnerability: SQL Injection vulnerability
Patched Version: 2.7.0
Recommended Action: Update the WordPress Automation By Autonami plugin to the latest available version (at least 2.7.0).

ย 

Plugin: Funnel Builder for WordPress by FunnelKit

Vulnerability: SQL Injection vulnerability
Patched Version: 2.14.4
Recommended Action: Update the WordPress Funnel Builder for WordPress by FunnelKit plugin to the latest available version (at least 2.14.4).

ย 

Plugin: Pre* Party Resource Hints

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available.

ย 

Plugin: Photo Gallery by 10Web

Vulnerability: Authenticated Stored Cross-Site Scripting via Widget vulnerability
Patched Version: 1.8.19
Recommended Action: Update the WordPress Photo Gallery by 10Web plugin to the latest available version (at least 1.8.19).

ย 

Plugin: Squirrly SEO โ€“ Advanced Pack

Vulnerability: WordPress Squirrly SEO โ€“ Advanced Pack plugin <= 2.3.8 โ€“ SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

ย 

Plugin: Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms โ€“ Advanced Form Integration

Vulnerability: SQL Injection vulnerability
Patched Version: 1.76.0
Recommended Action: Update the WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms โ€“ Advanced Form Integration plugin to the latest available version (at least 1.76.0).

ย 

Plugin: BookIt

Vulnerability: SQL Injection vulnerability
Patched Version: 2.4.4
Recommended Action: Update the WordPress BookIt plugin to the latest available version (at least 2.4.4).

ย 

Plugin: Simply Schedule Appointments

Vulnerability: SQL Injection vulnerability
Patched Version: 1.6.6.1
Recommended Action: Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.6.6.1).

ย 

Plugin: e2pdf

Vulnerability: SQL Injection vulnerability
Patched Version: 1.20.24
Recommended Action: Update the WordPress e2pdf plugin to the latest available version (at least 1.20.24).

ย 

Plugin: 404 Solution

Vulnerability: SQL Injection vulnerability
Patched Version: 2.35.0
Recommended Action: Update the WordPress 404 Solution plugin to the latest available version (at least 2.35.0).

ย 

Plugin: Welcart e-Commerce

Vulnerability: SQL Injection vulnerability
Patched Version: 2.9.4
Recommended Action: Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 2.9.4).

ย 

Plugin: RegistrationMagic

Vulnerability: SQL Injection vulnerability
Patched Version: 5.2.4.6
Recommended Action: Update the WordPress RegistrationMagic plugin to the latest available version (at least 5.2.4.6).

ย 

Plugin: GeoDirectory

Vulnerability: SQL Injection vulnerability
Patched Version: 2.3.29
Recommended Action: Update the WordPress GeoDirectory plugin to the latest available version (at least 2.3.29).


Plugin: WP Mail Catcher

Vulnerability: SQL Injection vulnerability
Patched Version: 2.1.4
Recommended Action: Update the WordPress WP Mail Catcher plugin to the latest available version (at least 2.1.4).


Plugin: Clockwork SMS Notfications

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available.

ย 

Plugin: MF Gig Calendar

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available.

ย 

Plugin: BookingPress

Vulnerability: SQL Injection vulnerability
Patched Version: 1.0.73
Recommended Action: Update the WordPress BookingPress plugin to the latest available version (at least 1.0.73).


Plugin: Booking Manager

Vulnerability: SQL Injection vulnerability
Patched Version: 2.1.6
Recommended Action: Update the WordPress Booking Manager plugin to the latest available version (at least 2.1.6).

ย 

Plugin: JS Help Desk โ€“ Best Help Desk & Support Plugin

Vulnerability: Unauthenticated SQL Injection vulnerability
Patched Version: 2.8.2
Recommended Action: Update the WordPress JS Help Desk โ€“ Best Help Desk & Support Plugin plugin to the latest available version (at least 2.8.2).

ย 

Plugin: NEX-Forms โ€“ Ultimate Form Builder

Vulnerability: SQL Injection vulnerability
Patched Version: 8.5.6
Recommended Action: Update the WordPress NEX-Forms โ€“ Ultimate Form Builder plugin to the latest available version (at least 8.5.6).

ย 

Plugin: Login Lockdown

Vulnerability: SQL Injection vulnerability
Patched Version: 2.07
Recommended Action: Update the WordPress Login Lockdown plugin to the latest available version (at least 2.07).

ย 

Plugin: HTML Forms

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

ย 

Plugin: Paid Memberships Pro

Vulnerability: Missing Authorization via API vulnerability
Patched Version: 2.12.6
Recommended Action: Update the WordPress Paid Memberships Pro plugin to the latest available version (at least 2.12.6).

ย 

Plugin: Limit Login Attempts Reloaded

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.25.27
Recommended Action: Update the WordPress Limit Login Attempts Reloaded plugin to the latest available version (at least 2.25.27).

ย 

Plugin: Clone

Vulnerability: Sensitive Information Exposure vulnerability
Patched Version: 2.4.3
Recommended Action: Update the WordPress Clone plugin to the latest available version (at least 2.4.3).

Scroll to Top
Wordpress Maintenance Checklist

WordPress Maintenance Checklist

Get your FREE checklist for everything you need to maintain your WordPress Site.

  • This field is for validation purposes and should be left unchanged.