WordPress Plugin Vulnerabilities for October

WordPress Plugin Vulnerabilities for October.

If you have any of these plugins make sure you upgrade to their lastest versions.

1. XCloner

XCloner versions below 4.2.15 have a Cross-Site Request Forgery vulnerability.

The vulnerability is patched, and you should update to version 4.2.15 .

2. Ninja Forms Contact Form

Ninja Forms Contact Form versions below 3.4.27.1 have a Cross-Site Request Forgery vulnerability.

The vulnerability is patched, and you should update to version 3.4.27.1.

3. Coditor

All versions of Coditor have a Cross-Site Request Forgery vulnerability.

Remove the plugin until a security fix is released.

4. Simple:Press

Simple:Press versions below 6.6.1 have a Broken Access Control vulnerability, which could lead to a Remote Code Execution attack.

The vulnerability is patched, and you should update to version 6.6.1.

5. WP Courses LMS

WP Courses LMS versions below 2.0.29 have a Broken Access Control vulnerability.

The vulnerability is patched, and you should update to version 2.0.29.

6. Slider by 10Web

Slider by 10Web versions below 1.2.36 have Multiple Authenticated SQL Injection vulnerabilities.

The vulnerability is patched, and you should update to version 1.2.36.

7. WordPress + Microsoft Office 365 / Azure AD

WordPress + Microsoft Office 365 / Azure AD versions below 11.7 have an Authentication Bypass vulnerability.

The vulnerability is patched, and you should update to version 11.7.

8. Team Showcase

Team Showcase versions below 1.22.16 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.22.16.

9. Post Grid

Post Grid versions below 2.0.73 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.0.73.

10. WPBakery Page Builder

WPBakery Page Builder versions below 6.4.1 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 6.4.1.

11. Hypercomments

All versions of Hypercomments Unauthenticated Arbitrary File Deletion vulnerability.

Remove the plugin until a security fix is released.

12. Dynamic Content for Elementor

Dynamic Content for Elementor versions below 1.9.6 have an Authenticated Remote Code Execution vulnerability.

The vulnerability is patched, and you should update to version 1.9.6.

13. PowerPress Podcasting

PowerPress Podcasting versions below 8.3.8 have Authenticated Arbitrary File Upload leading issues leading to a Remote Code Execution vulnerability.

The vulnerability is patched, and you should update to version 8.3.8.

WordPress Theme Vulnerabilities

1. Shapely

Shapely versions below v1.2.9 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version v1.2.9.

2. NewsMag

NewsMag versions below 2.4.2 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 2.4.2.

3. Activello

Activello versions below 1.4.2 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.4.2.

4. Illdy

Illdy versions below 2.1.7 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 2.1.7.

5. Allegiant

Allegiant versions below 1.2.6 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.2.6.

6. Newspaper X

Newspaper X versions below 1.3.2 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.3.2.

7. Pixova Lite

Pixova Lite  versions below 2.0.7 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 2.0.7.

8. Brilliance

Brilliance versions below 1.3.0 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.3.0.

9. MedZone Lite

MedZone Lite versions below 1.2.6 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.2.6.

10. Regina Lite

Regina Lite versions below 2.0.6 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 2.0.6.

12. Transcend

Transcend versions below 1.2.0 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.2.0.

13. Affluent

Affluent versions below 1.1.2 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.1.2.

14. Bonkers

Bonkers versions below 1.0.6 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.0.6.

15. Antreas

Antreas versions below 1.0.7 have an Unauthenticated Function Injection vulnerability.

The vulnerability is patched, and you should update to version 1.0.7.

16. NatureMag Lite

All versions of NatureMag Lite have an Unauthenticated Function Injection vulnerability.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch