WP Security Roundup: December 6, 2023

This  WP Security Roundup shows the latest WordPress vulnerabilities including PageLayer, Responsive Lightbox, SchedulePress and more!

 

Plugin: Coming soon and Maintenance mode

Vulnerability: IP Filtering Bypass vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Seraphinite Accelerator

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 2.20.29
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.29).

Plugin: PowerPack Pro for Elementor

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 2.9.24
Recommended Action: Update the WordPress PowerPack Pro for Elementor plugin to the latest available version (at least 2.9.24).

Plugin: DoFollow Case by Case

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 3.5.0
Recommended Action: Update the WordPress DoFollow Case by Case plugin to the latest available version (at least 3.5.0).

Plugin: PageLayer

Vulnerability: Broken Access Control vulnerability
Patched Version: 1.7.8
Recommended Action: Update the WordPress PageLayer plugin to the latest available version (at least 1.7.8).

Plugin: Nested Pages

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Importify (Dropshipping WooCommerce)

Vulnerability: Sensitive Data Exposure vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Social Pug

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Enhanced Text Widget

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Contact Form 7

Vulnerability: Authenticated (Editor+) Arbitrary File Upload vulnerability
Patched Version: 5.8.4
Recommended Action: Update the WordPress Add-on SweetAlert Contact Form 7 plugin to the latest available version (at least 5.8.4).

Plugin: Backup Migration

Vulnerability: Unauthenticated Arbitrary File Download to Sensitive Information Exposure vulnerability
Patched Version: 1.3.7
Recommended Action: Update the WordPress Backup Migration plugin to the latest available version (at least 1.3.7).

Plugin: CF7 Google Sheets Connector

Vulnerability: Sensitive Data Exposure via Debug Log vulnerability
Patched Version: 5.0.6
Recommended Action: Update the WordPress CF7 Google Sheets Connector plugin to the latest available version (at least 5.0.6).

Plugin: Debug Log Manager

Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 2.2.2
Recommended Action: Update the WordPress Debug Log Manager plugin to the latest available version (at least 2.2.2).

Plugin: Chartify

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.9.7
Recommended Action: Update the WordPress Chartify plugin to the latest available version (at least 1.9.7).

Plugin: GDPR Cookie Consent by Supsystic

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Site Offline

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Social Share Buttons & Analytics Plugin โ€“ GetSocial.io

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Track Geolocation Of Users Using Contact Form 7

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Adifier (Premium Theme)

Vulnerability: WordPress Adifier โ€“ Classified Ads WordPress Theme theme <= 3.9.3 โ€“ Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Machic Core

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Doofinder for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Parallax Slider Block

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: NextScripts

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 4.4.3
Recommended Action: Update the WordPress NextScripts plugin to the latest available version (at least 4.4.3).

Plugin: List all posts by Authors, nested Categories and Title

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Event Manager

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Automatic Youtube Video Posts Plugin

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Event post

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: HDW Player Plugin (Video Player & Video Gallery)

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: which template file

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Pocket URLs

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: Incomplete patch.

Plugin: KP Fastest Tawk.to Chat

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Responsive Lightbox

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.4.6
Recommended Action: Update the WordPress Responsive Lightbox plugin to the latest available version (at least 2.4.6).

Plugin: 10to8 Online Appointment Booking System

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: BrainCert โ€“ HTML5 Virtual Classroom

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Innovs HR

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Forms by CaptainForm

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Ads by datafeedr.com

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: BP Better Messages

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.4.1
Recommended Action: Update the WordPress BP Better Messages plugin to the latest available version (at least 2.4.1).

Plugin: Database for CF7

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: MSync

Vulnerability: SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Client Dash

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Ocean Extra

Vulnerability: CSRF Leading to Arbitrary Plugin Activation vulnerability
Patched Version: 2.2.3
Recommended Action: Update the WordPress Ocean Extra plugin to the latest available version (at least 2.2.3).

Plugin: Email Address Encoder

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.23
Recommended Action: Update the WordPress Email Address Encoder plugin to the latest available version (at least 1.0.23).

Plugin: teachPress

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 9.0.6
Recommended Action: Update the WordPress teachPress plugin to the latest available version (at least 9.0.6).

Plugin: BSK Forms Blacklist

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Patched Version: 3.7
Recommended Action: Update the WordPress BSK Forms Blacklist plugin to the latest available version (at least 3.7).

Plugin: Export WP Page to Static HTML/CSS

Vulnerability: Missing Authorization via Multiple AJAX Actions vulnerability
Patched Version: 2.2.0
Recommended Action: Update the WordPress Export WP Page to Static HTML/CSS plugin to the latest available version (at least 2.2.0).

Plugin: SchedulePress

Vulnerability: Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications vulnerability
Patched Version: 5.0.5
Recommended Action: Update the WordPress SchedulePress plugin to the latest available version (at least 5.0.5).

Plugin: WCMultiShipping

Vulnerability: Incorrect Authorization vulnerability
Patched Version: 2.3.8
Recommended Action: Update the WordPress WCMultiShipping plugin to the latest available version (at least 2.3.8).

Plugin: SiteOrigin Widgets Bundle

Vulnerability: Authenticated (Admin+) Local File Inclusion vulnerability
Patched Version: 1.51.0
Recommended Action: Update the WordPress SiteOrigin Widgets Bundle plugin to the latest available version (at least 1.51.0).

Scroll to Top
Wordpress Maintenance Checklist

WordPress Maintenance Checklist

Get your FREE checklist for everything you need to maintain your WordPress Site.

  • This field is for validation purposes and should be left unchanged.