End of August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Clean Login

Plugin: Clean Login
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.12.6.4
Severity Score: Medium

Business Hours Indicator

Plugin: Business Hours Indicator 
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3.5
Severity Score: Low

SliceWP

Plugin: SliceWP
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.0.46
Severity Score: High

WordPress Download Manager

Plugin: WordPress Download Manager
Vulnerability: Email Template Setting Update via CSRF
Patched in Version: 3.2.13
Severity Score: Medium

SpeakOut! Email Petitions

Plugin: SpeakOut! Email Petitions
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.13.3
Severity Score: High

Site Reviews

Plugin: Site Reviews
Vulnerability: Authenticated Stored XSS
Patched in Version: 5.13.1
Severity Score: Low

Tutor LMS

Plugin: Tutor LMS
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.6
Severity Score: High

WPFront Notification Bar

Plugin: WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.1.08087
Severity Score: Low

Form Builder

Plugin: Form Builder
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.9.8.5
Severity Score: High

WPvivid Backup

Plugin: WPvivid Backup
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 0.9.56
Severity Score: High

AddToAny

Plugin: AddToAny
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.7.46
Severity Score: Low

Stop Spammers Security

Plugin: Stop Spammers Security
Vulnerability: Authenticated Stored XSS
Patched in Version: 2021.18
Severity Score: Low

Keywords & Meta

Plugin: Keywords & Meta
Vulnerability: CSRF to Stored Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

Titan Framework

Plugin: Titan Framework 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

WP Fusion Lite

Plugin: WP Fusion Lite
Vulnerability: CSRF to Data Deletion
Patched in Version: 3.37.30
Severity Score: Medium

Block and Stop Bad Bots

Plugin: Block and Stop Bad Bots 
Vulnerability: Authenticated SQL Injections
Patched in Version: 6.60
Severity Score: Medium

WP Simple Booking Calendar

Plugin: WP Simple Booking Calendar
Vulnerability: Authenticated SQL Injections
Patched in Version: 2.0.6
Severity Score: Medium

Paid Member Subscriptions

Plugin: Paid Member Subscriptions
Vulnerability: Authenticated SQL Injections
Patched in Version: 2.4.2
Severity Score: Medium

Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.3.22
Severity Score: High

Alipay

Plugin: Alipay 
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix
Severity Score: Medium

Cashtomer

Plugin: Cashtomer
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix
Severity Score: Medium

WordPress Membership SwiftCloud.io

Plugin: WordPress Membership SwiftCloud.io
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix
Severity Score: Medium

Easy Testimonial Manager

Plugin: Easy Testimonial Manager
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix
Severity Score: Medium

Embed Youtube Manager

Plugin: Embed Youtube Video 
Vulnerability: Authenticated SQL Injection
Patched in Version: No known fix
Severity Score: Medium

Quiz and Survey Master

Plugin: Quiz And Survey Master 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.1.14
Severity Score: High

Book Appointment Online

Plugin: Book appointment Online
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.39
Severity Score: Low

miniOrange's Google Authenticator

Plugin: miniOrange’s Google Authenticator
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 5.4.40
Severity Score: High

Two Factor Authentication

Plugin: Two Factor Authentication
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.0.8
Severity Score: High

Custom Post View Generator

Plugin: Custom Post View Generator 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

FV Flowplayer Video Player

Plugin: FV Flowplayer Video Player 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.5.3.727
Severity Score: High

Picture Gallery

Plugin: Picture Gallery  
Vulnerability: Authenticated Stored XSS
Patched in Version: No known fix
Severity Score: Low

Software License Manager

Plugin: Software License Manager 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.4.8 (Plugin Closed)
Severity Score: High

Per Page Add to Head

Plugin: Per Page Add to Head
Vulnerability: Authenticated Stored XSS
Patched in Version: No known fix
Severity Score: Low

Securimage-WP-Fixed

Plugin: Securimage-WP-Fixed
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

Image Export

Plugin: Image Export
Vulnerability: Directory Traversal
Patched in Version: No known fix
Severity Score: Critical

Content text slider on post

Plugin: Content text slider on post 
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 6.9
Severity Score: Medium

The vulnerability is patched, s
Contact Form Generator

Plugin: Contact Form Generator 
Vulnerability: Multiple Cross-Site Request Forgery (CSRF)
Patched in Version: No known fix
Severity Score: High

Calendar_plugin

Plugin: Calendar_plugin 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Add Sidebar

Plugin: Add Sidebar 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

WP SEO Tags

Plugin: WP SEO Tags  
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Moova for WooCommerce

Plugin: Moova for WooCommerce 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

jQuery Tagline Rotator

Plugin: jQuery Tagline Rotator
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Plugmatter Pricing Table Lite

Plugin: Plugmatter Pricing Table Lite
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Simple Popup Newsletter

Plugin: Simple Popup Newsletter
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

TypoFR

Plugin: TypoFR 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

WP Songbook

Plugin: WP Songbook 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Custom Post Type Relations

Plugin: Custom Post Type Relations
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

2Way VideoCalls and Random Chat

Plugin: 2Way VideoCalls and Random Chat
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

WP Fountain

Plugin: WP Fountain 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Media Usage

Plugin: Media Usage 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Scribble Maps

Plugin: Scribble Maps
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Multiplayer Games

Plugin: Multiplayer Games
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Skaut Bazar

Plugin: Skaut bazar
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Smart Email Alerts

Plugin: Smart Email Alerts
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Simple Behance Portfolio

Plugin: Simple Behance Portfolio
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch