More December Vulnerabilities

Is your site up to date?

Outdated plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

1. DiveBook

DiveBook versions below 1.1.4 have an Improper Authorization Check, Unauthenticated SQL Injection, & Unauthenticated Reflected XSS vulnerabilities.

 
Remove the plugin until a security fix is released.

 

2. Pagelayer

Pagelayer versions below 1.3.5 have Multiple Reflected Cross-Site Scripting vulnerabilities.

 
The vulnerability is patched, and you should update to version 1.3.5.

 

3. Ultimate Category Excluder

Ultimate Category Excluder versions below 1.2 have a Cross-Site Request Forgery vulnerability.

 
The vulnerability is patched, and you should update to version 1.2.

 

4. Directories Pro

Directories Pro versions below 1.3.46 have Authenticated Reflected Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.3.46.

 

5. Total Upkeep

Total Upkeep versions below 1.14.10 have a Sensitive Data Disclosure & Unauthenticated Backup Download vulnerabilities.

 
The vulnerability is patched, and you should update to version 1.14.10.

 

6. Redux Framework

Redux Framework versions below 4.1.21 have CSRF Nonce Validation Bypass vulnerability.

 
The vulnerability is patched, and you should update to version 4.1.21.

 

7. Contact Form 7

Contact Form 7 versions below 5.3.2 have an Unrestricted File Upload vulnerability.

 
The vulnerability is patched, and you should update to version 5.3.2.

 

8. Simple Social Media Share Buttons

Simple Social Media Share Buttons versions below 3.2.1 have an Unauthenticated Reflected Cross-Site Scripting vulnerability.

 
The vulnerability is patched, and you should update to version 3.2.1.

9. Envira Gallery Lite

Envira Gallery Lite versions below 1.8.3.3 have an Authenticated Stored Cross-Site Scripting vulnerability.

 
The vulnerability is patched, and you should update to version 1.8.3.3.

 

10. Limit Login Attempts Reloaded

Limit Login Attempts Reloaded versions below 2.16.0 have an Authenticated Reflected Cross-Site Scripting & Login Rate Limiting Bypass vulnerabilities.

 
The vulnerability is patched, and you should update to version 2.16.0.

 

WordPress Theme Vulnerabilities

 

1. ListingPro

ListingPro versions below 2.6.1 have an Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation & Unauthenticated Sensitive Data

Disclosure vulnerabilities.

 
The vulnerability is patched, and you should update to version 2.6.1.

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch