Jan 2021 Plugin vulnerabilities

Is your site up to date?

Outdated plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

1. LiteSpeed Cache – Low

LiteSpeed Cache versions below 3.6.1 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 3.6.1.

2. Newsletter Manager – High

All versions of Newsletter Manager have a Unauthenticated Insecure Deserialization vulnerability.

Remove the plugin until a security fix is released.

3. Site Offline – Medium

Site Offline versions below 1.4.4 have Multiple Cross-Site Request Forgery vulnerabilities.

The vulnerability is patched, and you should update to version 1.4.4.

4. WP Postratings – Medium

WP Postratings versions below 1.86.1 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.86.1.

5. Custom Global Variables – High

All versions of Custom Global Variables have a Stored Cross-Site Scripting vulnerability.

Remove the plugin until a security fix is released.
6. Stripe Payments – Medium

Stripe Payments versions below 2.0.40 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.0.40.

 

7. Orbit Fox by ThemeIsle – Medium

Orbit Fox by ThemeIsle versions below 2.10.3 have an Authenticated Stored Cross Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.10.3.

 

8. WP Paginate – Medium

WP Paginate versions below 2.1.4 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.1.4.

 

9. WP Quick FrontEnd Editor – Medium

All versions of WP Quick FrontEnd Editor have an Authenticated Content Injection vulnerability.

Remove the plugin until a security fix is released.

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch