WordPress Core Vulnerabilities
No WordPress core vulnerabilities were disclosed in the second of September. Just make sure you are running the latest version of WordPress, which is version 5.5.1.
WordPress Plugin Vulnerabilities
1. Asset CleanUp
Asset CleanUp versions below 1.3.6.7 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
2. Sticky Menu, Sticky Header
Sticky Menu, Sticky Header versions below 2.21 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
3. Cookiebot
Cookiebot versions below 3.6.1 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
4. All In One WP Security & Firewall
All In One WP Security & Firewall versions below 4.4.4 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
5. Absolutely Glamorous Custom Admin
Absolutely Glamorous Custom Admin versions below 6.5.5 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
6. Elementor Addon Elements
Elementor Addon Elements versions below 1.6.4 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities.
7. Email Subscribers & Newsletters
Email Subscribers & Newsletters versions below 4.5.6 have an Unauthenticated Email Forgery/Spoofing vulnerability.
8. 10Web Social Post Feed
10Web Social Post Feed versions below 1.1.27 have an Authenticated SQL Injection vulnerability.
9. Affiliate Manager
Affiliate Manager versions below 2.7.8 have an Unauthenticated Stored Cross-Site Scripting vulnerability.
10. WP Hotel Booking
WP Hotel Booking versions below 1.10.2 have a Cross-Site Request Forgery vulnerability.
11. WP Project Manager
WP Project Manager versions below 2.4.1 have a Cross-Site Request Forgery vulnerability.
12. 10WebAnalytics
10WebAnalytics versions below 1.2.9 have a Cross-Site Request Forgery vulnerability.
13. Top 10 – Popular posts plugin for WordPress
Top 10 – Popular posts plugin for WordPress versions below 2.9.5 have a Cross-Site Request Forgery vulnerability.
14. Lightweight Sidebar Manager
Lightweight Sidebar Manager versions below 1.1.4 have a Cross-Site Request Forgery vulnerability.
15. Radio Buttons for Taxonomies
Radio Buttons for Taxonomies versions below 2.0.6 have a Cross-Site Request Forgery vulnerability.
16. Product Catalog X
Product Catalog X versions below 1.5.13 have a Cross-Site Request Forgery vulnerability.
17. Paid Memberships Pro
Paid Memberships Pro versions below 2.4.3 have a Cross-Site Request Forgery vulnerability.
18. NotificationX
NotificationX versions below 1.8.3 have a Cross-Site Request Forgery vulnerability.
19. Coming Soon & Maintenance Mode Page
Coming Soon & Maintenance Mode Page versions below 1.58 have a Cross-Site Request Forgery vulnerability.
20. Menu Swapper
Menu Swapper versions below 1.1.1 have a Cross-Site Request Forgery vulnerability.
21. Woody ad snippets
Woody ad snippets versions below 2.3.10 have a Cross-Site Request Forgery vulnerability.
22. Forminator
Forminator versions below 1.13.5 have a Cross-Site Request Forgery vulnerability.
23. RSS Aggregator by Feedzy
RSS Aggregator by Feedzy versions below 3.4.3 have a Cross-Site Request Forgery vulnerability.
24. Feed Them Social
Feed Them Social versions below 2.8.7 have a Cross-Site Request Forgery vulnerability.
25. WP ERP
WP ERP versions below 1.6.4 have a Cross-Site Request Forgery vulnerability.
26. eCommerce Product Catalog
eCommerce Product Catalog versions below 2.9.44 have a Cross-Site Request Forgery vulnerability.
27. Easy Testimonials
Easy Testimonials versions below 3.7 have a Cross-Site Request Forgery vulnerability.
28. Dokan
Dokan versions below 3.0.9 have a Cross-Site Request Forgery vulnerability.
29. Best WooCommerce Multivendor Marketplace Solution
Best WooCommerce Multivendor Marketplace Solution versions below 3.5.8 have a Cross-Site Request Forgery vulnerability.
30. Custom Field Template
Custom Field Template versions below 2.5.2 have a Cross-Site Request Forgery vulnerability.
31. Coupon Creator
Coupon Creator versions below 3.1.1 have a Cross-Site Request Forgery vulnerability.
32. Cool Timeline
Cool Timeline versions below 2.0.3 have a Cross-Site Request Forgery vulnerability.
33. Funnel Builder by CartFlows
Funnel Builder by CartFlows versions below 1.5.16 have a Cross-Site Request Forgery vulnerability.
34. Import / Export Customizer Settings
Import / Export Customizer Settings versions below 1.0.4 have a Cross-Site Request Forgery vulnerability.
35. Discount Rules for WooCommerce
Discount Rules for WooCommerce versions below 2.2.1 have multiple Authorization Bypass vulnerabilities.
36. MetaSlider
MetaSlider versions below 3.17.2 have an Authenticated Stored Cross-Site Scripting vulnerability.
37. Drag and Drop Multiple File Upload
Drag and Drop Multiple File Upload versions below 1.3.5.5 have an Unauthenticated Remote Code Execution vulnerability.
WordPress Theme Vulnerabilities
1. JobMonster
JobMonster versions below 4.6.6.1 have a Directory Listing in Upload Folder vulnerability.