smartrobbie
Book A Call

WP Security Roundup:November 14, 2023

This  WP Security Roundup shows the latest WordPress vulnerabilities including WP Event Manager, Team Members Showcase, MainWP and more!

 

Plugin: EasyRotator

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 10, 2023 and is not available for download. This closure is temporary, pending a full review.

Plugin: Themify Ultra

Vulnerability: Multiple Broken Access Control vulnerability
Patched Version: None
Recommended Action: Partially patched in versions >= 7.3.6. No fully patched version is available.

Plugin: Japanized For WooCommerce

Vulnerability: Multiple Broken Access Control vulnerability
Patched Version: 2.6.5
Recommended Action: Update the WordPress Japanized For WooCommerce plugin to the latest available version (at least 2.6.5).

Plugin: WP Event Manager

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Product Enquiry for WooCommerce

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Shortcodes Finder

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Mini Cart Drawer For WooCommerce

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Ultimate Addons for Contact Form 7

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Flo Forms

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Podlove Web Player

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Additional Order Filters for WooCommerce

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Animator

Vulnerability: Unauthenticated Plugin Settings Change Vulnerability
Patched Version: None
Recommended Action: No patched version available.

Plugin: Youtube SpeedLoad

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Woo Custom and Sequential Order Number

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Arigato Autoresponder and Newsletter

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 2.7.2.3
Recommended Action: Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version (at least 2.7.2.3).

Plugin: WP Logo Showcase Responsive Slider and Carousel

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Popup Anything

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Responsive Recent Post Slider/Carousel

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Slick Slider and Image Carousel

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Blog and Widget

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP News and Scrolling Widgets

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP responsive FAQ with category

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Featured Content and Slider

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Featured Post Creative

Vulnerability: Broken Access Control vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Preloader Matrix

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: MainWP

Vulnerability: Auth. (admin+) SQL Injection vulnerability
Patched Version: 4.4.3.4
Recommended Action: Update the WordPress MainWP plugin to the latest available version (at least 4.4.3.4).

Plugin: Essential Grid

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: 3.1.1
Recommended Action: Update the WordPress Essential Grid plugin to the latest available version (at least 3.1.1).

Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

Vulnerability: Authenticated Privilege Escalation vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: WP User Frontend

Vulnerability: Authenticated Privilege Escalation vulnerability
Patched Version: 3.6.6
Recommended Action: Update the WordPress WP User Frontend plugin to the latest available version (at least 3.6.6).

Plugin: WooCommerce Checkout Manager

Vulnerability: Broken Access Control vulnerability
Patched Version: 7.3.1
Recommended Action: Update the WordPress WooCommerce Checkout Manager plugin to the latest available version (at least 7.3.1).

Plugin: Qi Addons For Elementor

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Qi Addons For Elementor

Vulnerability: Local File Inclusion vulnerability
Patched Version: None
Recommended Action: No patched version is available. No reply from the vendor.

Plugin: Martins Free & Easy SEO Link buildings

Vulnerability: Reflected XSS vulnerability
Patched Version: 1.2.30
Recommended Action: Update the WordPress Martins Free & Easy SEO Link buildings plugin to the latest available version (at least 1.2.30).

Plugin: Brizy – Page Builder

Vulnerability: Cross-Site Scripting vulnerability
Patched Version: 2.4.30
Recommended Action: Update the WordPress Brizy – Page Builder plugin to the latest available version (at least 2.4.30).

Plugin: Product Catalog Simple

Vulnerability: Cross-Site Request Forgery via ic_system_status vulnerability
Patched Version: 1.7.6
Recommended Action: Update the WordPress Product Catalog Simple plugin to the latest available version (at least 1.7.6).

Plugin: iThemes Sync

Vulnerability: Stored Cross-Site Scripting via packages vulnerability
Patched Version: 3.0.1
Recommended Action: Update the WordPress Solid Central plugin to the latest available version (at least 3.0.1).

Plugin: Ecwid Shopping Cart

Vulnerability: Missing Authorization on multiple functions vulnerability
Patched Version: 6.12.4
Recommended Action: Update the WordPress Ecwid Shopping Cart plugin to the latest available version (at least 6.12.4).

Plugin: Job Manager & Career

Vulnerability: Directory listing to Sensitive Data Exposure vulnerability
Patched Version: 1.4.4
Recommended Action: Update the WordPress Job Manager & Career plugin to the latest available version (at least 1.4.4).

Plugin: Gift Up Gift Cards for WordPress and WooCommerce

Vulnerability: Auth. Stored Cross-Site Scripting (XSS) vulnerability
Patched Version: 2.20.2
Recommended Action: Update the WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin to the latest available version (at least 2.20.2).

Plugin: Code Snippets

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 3.6.0
Recommended Action: Update the WordPress Code Snippets plugin to the latest available version (at least 3.6.0).

Plugin: Restrict Content

Vulnerability: Sensitive Data Exposure via Log File vulnerability
Patched Version: 3.2.8
Recommended Action: Update the WordPress Restrict Content plugin to the latest available version (at least 3.2.8).

Plugin: Profile Builder

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: 3.10.4
Recommended Action: Update the WordPress Profile Builder plugin to the latest available version (at least 3.10.4).

Plugin: Korea SNS

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Vertical scroll recent post

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of July 27, 2023 and is not available for download. Reason: Security Issue.

Plugin: WP Category Post List Widget

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Post Pay Counter

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WP Full Stripe Free

Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available. This plugin has been closed as of July 27, 2023 and is not available for download. Reason: Security Issue.

Plugin: Plainview Protect Passwords

Vulnerability: Reflected Cross Site Scripting (XSS) vulnerability
Vulnerability: Cross Site Request Forgery (CSRF) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Foyer

Vulnerability: Content Injection vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: Team Members Showcase

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Plugin: WooCommerce Product Enquiry

Vulnerability: Cross Site Scripting (XSS) vulnerability
Patched Version: None
Recommended Action: No patched version is available.

Leave a Comment

Your email address will not be published. Required fields are marked *

smartrobbie

WordPress Website Design Agency based in Seaforth, Northern Beaches.

WORDPRESS SERVICES

WORDPRESS RESOURCES

OUR COMPANY

Facebook Twitter Instagram Linkedin
Semrush certified agency partner badge
Google Rating
5.0
Based on 45 reviews
js_loader

Smart Robbie acknowledges all Aboriginal and Torres Strait Islander Traditional Custodians of Country and recognises their continuing connection to land, sea, culture and community. We pay our respects to Elders past and present.

© 2012 – 2024 Smart Robbie I Website Design for Small Businesses

Scroll to Top
How fast is your website?

Get your FREE Instant Speed Audit

Get Report
Wordpress Maintenance Checklist

WordPress Maintenance Checklist

Get your FREE checklist for everything you need to maintain your WordPress Site.

  • This field is for validation purposes and should be left unchanged.