August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Simple Banner

Plugin: Simple Banner
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.10.4
Severity ScoreLow

HD Quiz

Plugin: HD Quiz
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.8.4
Severity ScoreLow

Contact Form 7 Captcha

Plugin: Contact Form 7 Captcha
Vulnerability: CSRF to Stored XSS
Patched in Version: 0.0.9
Severity ScoreHigh

WPFront Scroll Top

Plugin: WPFront Scroll Top
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.6.07225
Severity ScoreMedium

WP SMS

Plugin: WP SMS
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 5.4.13
Severity ScoreLow

Qyrr

Plugin: Qyrr
Vulnerability: Authenticated (contributor+) Stored XSS
Patched in Version: 0.7
Severity ScoreMedium

Paid Member Subscriptions

Plugin: Paid Member Subscriptions
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.4.2
Severity ScoreHigh

GiveWP

Plugin: GiveWP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.12.0
Severity ScoreMedium

Slider Hero

Plugin: Slider Hero
Vulnerability: CSRF to Stored XSS
Patched in Version: 8.2.7
Severity ScoreCritical

Simple Social Media Share Buttons

Plugin: Simple Social Media Share Buttons 
Vulnerability: Contributor+ Stored XSS
Patched in Version: 3.2.3
Severity ScoreMedium

Advanced Shipment Tracking

Plugin: Advanced Shipment Tracking for WooCommerce 
Vulnerability: Authenticated Options Change
Patched in Version: 3.2.7
Severity ScoreCritical

WP LMS

Plugin: WP LMS
Vulnerability: Unauthenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.1.3
Severity ScoreHigh

Custom Login Redirect

Plugin: Custom Login Redirect
Vulnerability: CSRF to Stored XSS
Patched in Versionno known fix
Severity ScoreHigh

Blue Admin

Plugin: Blue Admin
Vulnerability: CSRF to Stored Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreHigh

Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreHigh

uListing

Plugin: uListing
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 2.0.4
Severity ScoreHigh

WooCommerce Blocks

Plugin: WooCommerce Blocks 2.5 to 5.5
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 5.5.1
Severity Score: Critical

 
WooCommerce

Plugin: Woocommerce 3.3 to 5.5
Vulnerability: Authenticated Blind SQL Injection
Patched in Version: 5.5.1
Severity ScoreHigh

Admin Custom Login

Plugin: Admin Custom Login
Vulnerability: CSRF to Stored XSS
Patched in Version: 3.2.8
Severity ScoreHigh

SEO Backlinks

Plugin: SEO Backlinks 
Vulnerability: CSRF to Stored XSS
Patched in VersionNo known fix
Severity ScoreHigh

Poll Maker

Plugin: Poll Maker
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.2.9
Severity ScoreHigh

 

Post Index

Plugin: Post Index 
Vulnerability: CSRF to Stored XSS
Patched in VersionNo known fix
Severity ScoreHigh

 

Side Menu Lite

Plugin: Side Menu Lite
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.2.6
Severity ScoreHigh

 

WordPress Download Manager

Plugin: WordPress Download Manager
Vulnerability: Authenticated Directory Traversal
Patched in Version: 3.1.25
Severity ScoreMedium

 

FluentSMTP

Plugin: FluentSMTP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.1
Severity ScoreLow

 

YouTube Feeder

Plugin: Youtube Feeder
Vulnerability: CSRF to Stored XSS
Patched in VersionNo known fix
Severity ScoreHigh

 

Nifty Newsletter

Plugin: Nifty Newsletters
Vulnerability: CSRF to Stored XSS
Patched in VersionNo known fix
Severity ScoreHigh

 

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Plugins

Plugin Vulnerabilities for January 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! SVG Support

Do You Want To Boost Your Business?

drop us a line and keep in touch