August 25, 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Pinterest Automatic

Plugin: WordPress Automatic
Vulnerability: Unauthenticated Arbitrary Options Update
Patched in Version: 3.53.3

ELEX WooCommerce Google Shopping

Plugin: ELEX WooCommerce Google Shopping 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.2.4

User Registration

Plugin: User Registration
Vulnerability: Low Privilege Stored Cross-Site Scripting
Patched in Version: 2.0.2
Severity Score: Medium

uListing

Plugin: uListing
Vulnerability: Arbitrary Blog Option Update via CSRF
Patched in Version: 2.0.9

Appointment Hour Booking

Plugin: Appointment Hour Booking 
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 1.3.16

UsersWP

Plugin: UsersWP
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.2.2.29

PublishPress Editorial Calendar

Plugin: PublishPress Editorial Calendar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.5.1

Better Find and Replace

Plugin: Better Find and Replace
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.2.9

CM Tooltip Glossary

Plugin: CM Tooltip Glossary
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 3.9.21

Bitcoin / AltCoin Payment Gateway for WooCommerce

Plugin: Bitcoin / AltCoin Payment Gateway for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.6.1

Modern Events Calendar Lite

Plugin: Modern Events Calendar Lite
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 5.22.2

My Chatbot

Theme: My Chatbot 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix

Duplicate Page

Plugin: Duplicate Page
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 4.4.3

Weather Effect

Plugin: Weather Effect
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.3.6

Chained Quiz

Plugin: Chained Quiz
Vulnerability: Authenticated Stored Cross Site Scripting
Patched in Version: 1.2.7.2

WP Academic People List

Plugin: WP Academic People List 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Konnichiwa! Membership

Plugin: Konnichiwa! Membership
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

3D Cover Carousel

Plugin: 3D Cover Carousel
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

More From Google

Plugin: More From Google 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

simpleSAMLphp Authentication

Plugin: simpleSAMLphp Authentication
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Custom Menu Plugin

Plugin: Custom Menu Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Twitter Friends Widget

Plugin: Twitter Friends Widget
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

RentPress

Plugin: RentPress
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

SP Rental Manager

Plugin: SP Rental Manager
Vulnerability: Unauthenticated SQL Injection
Patched in Version: No known fix

User Activation Email

Plugin: User Activation Email
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WP Google Maps

Plugin: WP Google Maps
Vulnerability: Multiple Admin+ Stored Cross-Site Scripting
Patched in Version: 8.1.13

GeoDirectory

Plugin: GeoDirectory
Vulnerability: Authenticated (admin+) Stored Cross-Site Scripting (XSS)
Patched in Version: 2.1.1.3

TranslatePress

Plugin: TranslatePress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.0.9

Post Title Counter

Plugin: Post Title Counter
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

YouTube Video Inserter

Plugin: YouTube Video Inserter
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Notices

Plugin: Notices
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

DJ EmailPublish

Plugin: DJ EmailPublish
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Visual Link Preview

Plugin: Visual Link Preview
Vulnerability: Unauthorised AJAX Calls
Patched in Version: 2.2.3
Severity Score: Medium

Yet Another bol.com Plugin

Plugin: Yet Another bol.com Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WP-T-Wap

Plugin: WP-T-Wap
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

On Page SEO + Whatsapp Chat Button

Plugin: On Page SEO + Whatsapp Chat Button
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WP Scrippets

Plugin: WP Scrippets
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WP Design Maps & Places

Plugin: WP Design Maps & Places
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Wise Agent Capture Forms

Plugin: Wise Agent Capture Forms
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Edit Comments XT

Plugin: Edit Comments XT 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

RSVPMaker Excel

Plugin: RSVPMaker Excel
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Border Loading Bar

Plugin: Border Loading Bar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Simple Matted Thumbnails

Plugin: Simple Matted Thumbnails
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WordPress Simple Shop

Plugin: WordPress Simple Shop
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WooCommerce Payment Gateway Per Category

Plugin: WooCommerce Payment Gateway Per Category
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Custom Website Data

Plugin: Custom Website Data
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Advance Search

Plugin: Advance Search
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Integration of Moneybird for WooCommerce

Plugin: Integration of Moneybird for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Spideranalyse

Plugin: Integration of Moneybird for WooCommerce
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

OSD Subscribe

Plugin: OSD Subscribe
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Feedify Web Push Notifications

Plugin: Feedify Web Push Notifications
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Dropdown and scrollable Text

Plugin: Dropdown and scrollable Text
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

GNU-Mailman Integration

Plugin: GNU-Mailman Integration
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

Bug Library

Plugin: Bug Library
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

SMS OVH

Plugin: SMS OVH
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

MoolaMojo

Plugin: MoolaMojo
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

WordPress InviteBox Plugin

Plugin: WordPress InviteBox Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix

wp-publications

Plugin: wp-publications
Vulnerability: Local File Inclusion
Patched in Version: No known fix

Timetable and Event Schedule by MotoPress

Plugin: Timetable and Event Schedule by MotoPress
Vulnerability: Author+ Stored Cross-Site Scripting
Patched in Version: 2.3.19

Comment Link Remove and Other Comment Tools

Plugin: Comment Link Remove and Other Comment Tools
Vulnerability: Arbitrary Comment Deletion via CSRF
Patched in Version: 2.1.6

WP Simple Booking Calendar

Plugin: WP Simple Booking Calendar
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.0.6

Block and Stop Bad Bots

Plugin: Block and Stop Bad Bots
Vulnerability: Authenticated SQL Injections
Patched in Version: 6.60

Paid Member Subscriptions

Plugin: Paid Member Subscriptions
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.4.2

Easy Accordion

Plugin: Easy Accordion
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.0.22

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch