August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Simple Banner

Plugin: Simple Banner
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.10.4
Severity Score: Low

HD Quiz

Plugin: HD Quiz
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.8.4
Severity Score: Low

Contact Form 7 Captcha

Plugin: Contact Form 7 Captcha
Vulnerability: CSRF to Stored XSS
Patched in Version: 0.0.9
Severity Score: High

WPFront Scroll Top

Plugin: WPFront Scroll Top
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.6.07225
Severity Score: Medium

WP SMS

Plugin: WP SMS
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.4.13
Severity Score: Low

Qyrr

Plugin: Qyrr
Vulnerability: Authenticated (contributor+) Stored XSS
Patched in Version: 0.7
Severity Score: Medium

Paid Member Subscriptions

Plugin: Paid Member Subscriptions
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.4.2
Severity Score: High

GiveWP

Plugin: GiveWP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.12.0
Severity Score: Medium

Slider Hero

Plugin: Slider Hero
Vulnerability: CSRF to Stored XSS
Patched in Version: 8.2.7
Severity Score: Critical

Simple Social Media Share Buttons

Plugin: Simple Social Media Share Buttons 
Vulnerability: Contributor+ Stored XSS
Patched in Version: 3.2.3
Severity Score: Medium

Advanced Shipment Tracking

Plugin: Advanced Shipment Tracking for WooCommerce 
Vulnerability: Authenticated Options Change
Patched in Version: 3.2.7
Severity Score: Critical

WP LMS

Plugin: WP LMS
Vulnerability: Unauthenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.1.3
Severity Score: High

Custom Login Redirect

Plugin: Custom Login Redirect
Vulnerability: CSRF to Stored XSS
Patched in Version: no known fix
Severity Score: High

Blue Admin

Plugin: Blue Admin
Vulnerability: CSRF to Stored Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

uListing

Plugin: uListing
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 2.0.4
Severity Score: High

WooCommerce Blocks

Plugin: WooCommerce Blocks 2.5 to 5.5
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 5.5.1
Severity Score: Critical

 
WooCommerce

Plugin: Woocommerce 3.3 to 5.5
Vulnerability: Authenticated Blind SQL Injection
Patched in Version: 5.5.1
Severity Score: High

Admin Custom Login

Plugin: Admin Custom Login
Vulnerability: CSRF to Stored XSS
Patched in Version: 3.2.8
Severity Score: High

SEO Backlinks

Plugin: SEO Backlinks 
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High

Poll Maker

Plugin: Poll Maker
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.2.9
Severity Score: High

 

Post Index

Plugin: Post Index 
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High

 

Side Menu Lite

Plugin: Side Menu Lite
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.2.6
Severity Score: High

 

WordPress Download Manager

Plugin: WordPress Download Manager
Vulnerability: Authenticated Directory Traversal
Patched in Version: 3.1.25
Severity Score: Medium

 

FluentSMTP

Plugin: FluentSMTP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.1
Severity Score: Low

 

YouTube Feeder

Plugin: Youtube Feeder
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High

 

Nifty Newsletter

Plugin: Nifty Newsletters
Vulnerability: CSRF to Stored XSS
Patched in Version: No known fix
Severity Score: High

 

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.
Find the Plan the Works for You

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore
Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Joel March 27, 2022
Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Joel March 10, 2022

Do You Want To Boost Your Business?

drop us a line and keep in touch