WP Security Roundup: November 1, 2023

This  WP Security Roundup shows the latest WordPress vulnerabilities including LiteSpeed Cache, The Plus Addons for Elementor Pro, Slick Popup and more!

 

Plugin: Finale Lite

Vulnerability: Arbitrary Content Deletion vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WooODT Lite

Vulnerability: Arbitrary Site Option Update vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor. 

Plugin: The Plus Addons for Elementor Pro

Vulnerability: Unauthenticated Local File Inclusion vulnerability
Patched Version: 5.2.9
Recommended Action: Update the WordPress The Plus Addons for Elementor Pro plugin to the latest available version (at least 5.2.9). 

Plugin: Linker

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor. 

Plugin: Slick Popup

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.7.15
Recommended Action: Update the WordPress Slick Popup plugin to the latest available version (at least 1.7.15).

Plugin: ImageLinks Interactive Image Builder

Vulnerability: SQL Injection vulnerability
Patched Version: 1.6.0
Recommended Action: Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version (at least 1.6.0).

Plugin: WooCommerce – Store Exporter

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.2.1
Recommended Action: Update the WordPress WooCommerce – Store Exporter plugin to the latest available version (at least 2.7.2.1).

Plugin: Grid Plus

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: GD Security Headers

Vulnerability: Auth. SQL Injection (SQLi) vulnerability
Patched Version: 1.7.1
Recommended Action: Update the WordPress GD Security Headers plugin to the latest available version (at least 1.7.1). 

Plugin: Shortcode Menu

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: FareHarbor for WordPress

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.6.8
Recommended Action: Update the WordPress FareHarbor for WordPress plugin to the latest available version (at least 3.6.8). 

Plugin: Jquery news ticker

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.1
Recommended Action: Update the WordPress Jquery news ticker plugin to the latest available version (at least 3.1). 

Plugin: Superb slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 13.2
Recommended Action: Update the WordPress Superb slideshow gallery plugin to the latest available version (at least 13.2). 

Plugin: Wp photo text slider 50

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.1
Recommended Action: Update the WordPress Wp photo text slider 50 plugin to the latest available version (at least 8.1). 

Plugin: WP fade in text news

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress WP fade in text news plugin to the latest available version (at least 12.1).

Plugin: Popup with fancybox

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 3.6
Recommended Action: Update the WordPress Popup with fancybox plugin to the latest available version (at least 3.6).

Plugin: Vertical Marquee Plugin

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 7.2
Recommended Action: Update the WordPress Vertical Marquee Plugin plugin to the latest available version (at least 7.2). 

Plugin: Wp anything slider

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.2
Recommended Action: Update the WordPress Wp anything slider plugin to the latest available version (at least 9.2). 

Plugin: Information Reel

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 10.1
Recommended Action: Update the WordPress Information Reel plugin to the latest available version (at least 10.1). 

Plugin: Left right image slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Left right image slideshow gallery plugin to the latest available version (at least 12.1). 

Plugin: Image horizontal reel scroll slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.1
Recommended Action: Update the WordPress Image vertical reel scroll slideshow plugin to the latest available version (at least 9.1).

Plugin: Jquery accordion slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 8.2
Recommended Action: Update the WordPress Jquery accordion slideshow plugin to the latest available version (at least 8.2). 

Plugin: Up down image slideshow gallery

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress Up down image slideshow gallery plugin to the latest available version (at least 12.1).

Plugin: wp image slideshow

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 12.1
Recommended Action: Update the WordPress wp image slideshow plugin to the latest available version (at least 12.1).

Plugin: Message ticker

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: 9.3
Recommended Action: Update the WordPress Message ticker plugin to the latest available version (at least 9.3).

Plugin: Ads by datafeedr.com

Vulnerability: Unauthenticated Limited Remote Code Execution vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Advanced Booking Calendar

Vulnerability: Authenticated SQL Injection vulnerability
Patched Version: 3.2.12
Recommended Action: Update the WordPress Advanced Booking Calendar plugin to the latest available version (at least 3.2.12). 

Plugin: Live updates from Excel

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: idbbee

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: iframe forms

Vulnerability: Authenticated Stored Cross-Site Scripting via iframe Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8). 

Plugin: HTML filter and csv-file search

Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: 2.8
Recommended Action: Update the WordPress HTML filter and csv-file search plugin to the latest available version (at least 2.8).

Plugin: Image Regenerate & Select Crop

Vulnerability: Sensitive Data Exposure via Log File vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress Image Regenerate & Select Crop plugin to the latest available version (at least 7.3.1).

Plugin: Bellows Accordion Menu

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.4.3
Recommended Action: Update the WordPress Bellows Accordion Menu plugin to the latest available version (at least 1.4.3). 

Plugin: PHP to Page

Vulnerability: Authenticated Local File Inclusion to Remote Code Execution via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Simple Shortcodes

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WP Simple Galleries

Vulnerability: Authenticated PHP Object Injection vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Google Maps made Simple

Vulnerability: Authenticated SQL Injection via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Related Products for WooCommerce

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Grid Plus

Vulnerability: Authenticated Local File Inclusion via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Weather Atlas Widget

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Seraphinite Accelerator

Vulnerability: Cross-Site Request Forgery vulnerability
Patched Version: 2.20.32
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.32).

Plugin: Accordion

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.7
Recommended Action: Update the WordPress Accordion plugin to the latest available version (at least 2.7).

Plugin: Giveaways and Contests by RafflePress

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.12.2
Recommended Action: Update the WordPress Giveaways and Contests by RafflePress plugin to the latest available version (at least 1.12.2). 

Plugin: Buzzsprout Podcasting

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8.5
Recommended Action: Update the WordPress Buzzsprout Podcasting plugin to the latest available version (at least 1.8.5).

Plugin: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Vulnerability: Unauthenticated Arbitrary Option Deletion vulnerability
Patched Version: 2.24.18
Recommended Action: Update the WordPress 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin to the latest available version (at least 2.24.18).

Plugin: Assistant – Every Day Productivity Apps

Vulnerability: Auth. Server-Side Request Forgery (SSRF) vulnerability
Patched Version: 1.4.4
Recommended Action: Update the WordPress Assistant plugin to the latest available version (at least 1.4.4). 

Plugin: Bonus for Woo

Vulnerability: Reflected Cross-Site Scripting vulnerability
Patched Version: 5.8.3
Recommended Action: Update the WordPress Bonus for Woo plugin to the latest available version (at least 5.8.3). 

Plugin: PubyDoc

Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Magic Embeds

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: Seraphinite Accelerator

Vulnerability: Reflected Cross-Site Scripting vulnerability
Vulnerability: Open Redirect vulnerability
Patched Version: 2.20.29
Recommended Action: Update the WordPress Seraphinite Accelerator plugin to the latest available version (at least 2.20.29). 

Plugin: Article analytics

Vulnerability: Unauthenticated SQL Injection vulnerability
Patched Version: None
Recommended Action: No patched version available. 

Plugin: WP Post Popup

Vulnerability: Authenticated Stored Cross-Site Scripting vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to User, Term, and Post Meta Deletion vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).

Plugin: Post Meta Data Manager

Vulnerability: Missing Authorization to Privilege Escalation vulnerability
Patched Version: 1.2.1
Recommended Action: Update the WordPress Post Meta Data Manager plugin to the latest available version (at least 1.2.1).

Plugin: TK Google Fonts GDPR Compliant

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.2.12
Recommended Action: Update the WordPress TK Google Fonts GDPR Compliant plugin to the latest available version (at least 2.2.12).

Plugin: 404 Solution

Vulnerability: Authenticated (Administrator+) SQL Injection via orderby vulnerability
Patched Version: 2.34.0
Recommended Action: Update the WordPress 404 Solution plugin to the latest available version (at least 2.34.0).

Plugin: Fathom Analytics

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Patched Version: 3.1.0
Recommended Action: Update the WordPress Fathom Analytics plugin to the latest available version (at least 3.1.0).

Plugin: WP EXtra

Vulnerability: Missing Authorization to Arbitrary Email Sending vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).

Plugin: VK Blocks

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Block vulnerability
Patched Version: 1.64.0.0
Recommended Action: Update the WordPress VK Blocks plugin to the latest available version (at least 1.64.0.0). 

Plugin: ICS Calendar

Vulnerability: SSRF and Arbitrary File Read vulnerability
Patched Version: 10.12.0.4
Recommended Action: Update the WordPress ICS Calendar plugin to the latest available version (at least 10.12.0.4).

Plugin: Reusable Text Blocks

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: NinjaTeam Live Chat (Messenger API)

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: BSK PDF Manager

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress BSK PDF Manager plugin to the latest available version (at least 3.4.2). 

Plugin: Advanced Menu Widget

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Form Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Pre-Orders for WooCommerce

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.2.14
Recommended Action: Update the WordPress Pre-Orders for WooCommerce plugin to the latest available version (at least 1.2.14).

Plugin: WP Font Awesome

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Delete Me

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: MomentoPress for Momento360

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.0.2
Recommended Action: Update the WordPress MomentoPress for Momento360 plugin to the latest available version (at least 1.0.2).

Plugin: Very Simple Google Maps

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.9.1
Recommended Action: Update the WordPress Very Simple Google Maps plugin to the latest available version (at least 2.9.1).

Plugin: LiteSpeed Cache

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 5.7
Recommended Action: Update the WordPress LiteSpeed Cache plugin to the latest available version (at least 5.7).

Plugin: Current Menu Item for Custom Post Types

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.6
Recommended Action: Update the WordPress Current Menu Item for Custom Post Types plugin to the latest available version (at least 1.6).

Plugin: Alter

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: EasyRecipe

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Auto Limit Posts Reloaded

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 21, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Feather Login Page

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.1.4
Recommended Action: Update the WordPress Feather Login Page plugin to the latest available version (at least 1.1.4).

Plugin: Auto Excerpt everywhere

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Original texts Yandex WebMaster

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 9, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Knowledgebase

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of October 8, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Thumbnail carousel slider

Vulnerability: Cross-Site Request Forgery to Mass Slider Deletion vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail carousel slider plugin to the latest available version (at least 1.0.1).

Plugin: Thumbnail Slider With Lightbox

Vulnerability: Cross-Site Request Forgery to Arbitrary File Upload vulnerability
Patched Version: 1.0.1
Recommended Action: Update the WordPress Thumbnail Slider With Lightbox plugin to the latest available version (at least 1.0.1).

Plugin: Neon text

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Patched Version: 1.2
Recommended Action: Update the WordPress Neon text plugin to the latest available version (at least 1.2).

Plugin: News & Blog Designer Pack – WordPress Blog Plugin

Vulnerability: Unauthenticated Remote Code Execution via Local File Inclusion vulnerability
Patched Version: 3.4.2
Recommended Action: Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version (at least 3.4.2).

Plugin: Animated Counters

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 1.8
Recommended Action: Update the WordPress Animated Counters plugin to the latest available version (at least 1.8).

Plugin: Deeper Comments

Vulnerability: Authenticated Settings Change Vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: WordPress CTA

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Download CloudNet360

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: SAHU TikTok Pixel for E-Commerce

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Export WP Page to Static HTML/CSS

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Medialist

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 1.4.0
Recommended Action: Update the WordPress Medialist plugin to the latest available version (at least 1.4.0).

Plugin: kk Star Ratings

Vulnerability: Broken Access Control vulnerability
Patched Version: 5.4.6
Recommended Action: Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6).

Plugin: WCP OpenWeather

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Generate Dummy Posts

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Custom Header Images

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: YITH WooCommerce Product Add-Ons

Vulnerability: Broken Access Control vulnerability
Patched Version: 4.2.1
Recommended Action: Update the WordPress YITH WooCommerce Product Add-Ons plugin to the latest available version (at least 4.2.1).

Plugin: Custom My Account for Woocommerce

Vulnerability: CSRF to XSS vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Glossary

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: My Shortcodes

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Product Recommendation Quiz for eCommerce

Vulnerability: Broken Access Control vulnerability
Patched Version: 2.2.0
Recommended Action: Update the WordPress Product Recommendation Quiz for eCommerce plugin to the latest available version (at least 2.2.0).

Plugin: Admin and Site Enhancements (ASE)

Vulnerability: Password Protected View Bypass Vulnerability vulnerability
Patched Version: 5.8.0
Recommended Action: Update the WordPress Admin and Site Enhancements (ASE) plugin to the latest available version (at least 5.8.0).

Plugin: Remove Add to Cart WooCommerce

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Word Count

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Simple HTML Sitemap

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Simple User Listing

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Ni WooCommerce Sales Report

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: FLOWFACT WP Connector

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Autolinks Manager

Vulnerability: Multiple Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 1.10.05
Recommended Action: Update the WordPress Autolinks Manager plugin to the latest available version (at least 1.10.05).

Plugin: Parcel Pro

Vulnerability: Open Redirection vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Groundhogg

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: 2.7.11.11
Recommended Action: Update the WordPress Groundhogg plugin to the latest available version (at least 2.7.11.11).

Plugin: WP EXtra

Vulnerability: Remote Code Execution (RCE) vulnerability
Patched Version: 6.3
Recommended Action: Update the WordPress WP EXtra plugin to the latest available version (at least 6.3).

Plugin: WPPizza

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.18.3
Recommended Action: Update the WordPress WPPizza plugin to the latest available version (at least 3.18.3).

Plugin: User Avatar

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: DeepL Pro API translation

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Spider Facebook

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Category SEO Meta Tags

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: VK Filter Search

Vulnerability: Authenticated Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: 2.3.2
Recommended Action: Update the WordPress VK Filter Search plugin to the latest available version (at least 2.3.2).

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Wordpress Maintenance Checklist

WordPress Maintenance Checklist

Get your FREE checklist for everything you need to maintain your WordPress Site.

  • This field is for validation purposes and should be left unchanged.