End of August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Clean Login

Plugin: Clean Login
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.12.6.4
Severity ScoreMedium

Business Hours Indicator

Plugin: Business Hours Indicator 
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3.5
Severity ScoreLow

SliceWP

Plugin: SliceWP
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.0.46
Severity ScoreHigh

WordPress Download Manager

Plugin: WordPress Download Manager
Vulnerability: Email Template Setting Update via CSRF
Patched in Version: 3.2.13
Severity ScoreMedium

SpeakOut! Email Petitions

Plugin: SpeakOut! Email Petitions
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.13.3
Severity ScoreHigh

Site Reviews

Plugin: Site Reviews
Vulnerability: Authenticated Stored XSS
Patched in Version: 5.13.1
Severity ScoreLow

Tutor LMS

Plugin: Tutor LMS
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.6
Severity ScoreHigh

WPFront Notification Bar

Plugin: WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.1.08087
Severity ScoreLow

Form Builder

Plugin: Form Builder
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.9.8.5
Severity ScoreHigh

WPvivid Backup

Plugin: WPvivid Backup
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 0.9.56
Severity ScoreHigh

AddToAny

Plugin: AddToAny
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.7.46
Severity ScoreLow

Stop Spammers Security

Plugin: Stop Spammers Security
Vulnerability: Authenticated Stored XSS
Patched in Version: 2021.18
Severity ScoreLow

Keywords & Meta

Plugin: Keywords & Meta
Vulnerability: CSRF to Stored Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreHigh

Titan Framework

Plugin: Titan Framework 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

WP Fusion Lite

Plugin: WP Fusion Lite
Vulnerability: CSRF to Data Deletion
Patched in Version: 3.37.30
Severity ScoreMedium

Block and Stop Bad Bots

Plugin: Block and Stop Bad Bots 
Vulnerability: Authenticated SQL Injections
Patched in Version: 6.60
Severity ScoreMedium

WP Simple Booking Calendar

Plugin: WP Simple Booking Calendar
Vulnerability: Authenticated SQL Injections
Patched in Version: 2.0.6
Severity ScoreMedium

Paid Member Subscriptions

Plugin: Paid Member Subscriptions
Vulnerability: Authenticated SQL Injections
Patched in Version: 2.4.2
Severity ScoreMedium

Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.3.22
Severity ScoreHigh

Alipay

Plugin: Alipay 
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix
Severity ScoreMedium

Cashtomer

Plugin: Cashtomer
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix
Severity ScoreMedium

WordPress Membership SwiftCloud.io

Plugin: WordPress Membership SwiftCloud.io
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix
Severity ScoreMedium

Easy Testimonial Manager

Plugin: Easy Testimonial Manager
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix
Severity ScoreMedium

Embed Youtube Manager

Plugin: Embed Youtube Video 
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix
Severity ScoreMedium

Quiz and Survey Master

Plugin: Quiz And Survey Master 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.1.14
Severity ScoreHigh

Book Appointment Online

Plugin: Book appointment Online
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.39
Severity ScoreLow

miniOrange's Google Authenticator

Plugin: miniOrange’s Google Authenticator
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 5.4.40
Severity ScoreHigh

Two Factor Authentication

Plugin: Two Factor Authentication
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.0.8
Severity ScoreHigh

Custom Post View Generator

Plugin: Custom Post View Generator 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

FV Flowplayer Video Player

Plugin: FV Flowplayer Video Player 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.5.3.727
Severity ScoreHigh

Picture Gallery

Plugin: Picture Gallery  
Vulnerability: Authenticated Stored XSS
Patched in VersionNo known fix
Severity ScoreLow

Software License Manager

Plugin: Software License Manager 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.4.8 (Plugin Closed)
Severity ScoreHigh

Per Page Add to Head

Plugin: Per Page Add to Head
Vulnerability: Authenticated Stored XSS
Patched in VersionNo known fix
Severity ScoreLow

Securimage-WP-Fixed

Plugin: Securimage-WP-Fixed
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreHigh

Image Export

Plugin: Image Export
Vulnerability: Directory Traversal
Patched in VersionNo known fix
Severity ScoreCritical

Content text slider on post

Plugin: Content text slider on post 
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 6.9
Severity Score: Medium

The vulnerability is patched, s
Contact Form Generator

Plugin: Contact Form Generator 
Vulnerability: Multiple Cross-Site Request Forgery (CSRF)
Patched in VersionNo known fix
Severity ScoreHigh

Calendar_plugin

Plugin: Calendar_plugin 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Add Sidebar

Plugin: Add Sidebar 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

WP SEO Tags

Plugin: WP SEO Tags  
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Moova for WooCommerce

Plugin: Moova for WooCommerce 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

jQuery Tagline Rotator

Plugin: jQuery Tagline Rotator
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Plugmatter Pricing Table Lite

Plugin: Plugmatter Pricing Table Lite
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Simple Popup Newsletter

Plugin: Simple Popup Newsletter
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

TypoFR

Plugin: TypoFR 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

WP Songbook

Plugin: WP Songbook 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Custom Post Type Relations

Plugin: Custom Post Type Relations
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

2Way VideoCalls and Random Chat

Plugin: 2Way VideoCalls and Random Chat
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

WP Fountain

Plugin: WP Fountain 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Media Usage

Plugin: Media Usage 
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Scribble Maps

Plugin: Scribble Maps
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Multiplayer Games

Plugin: Multiplayer Games
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Skaut Bazar

Plugin: Skaut bazar
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Smart Email Alerts

Plugin: Smart Email Alerts
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Simple Behance Portfolio

Plugin: Simple Behance Portfolio
Vulnerability: Reflected Cross-Site Scripting
Patched in VersionNo known fix
Severity ScoreHigh

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

August 25, 2021 Plugin Vulnerabilities

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! Pinterest Automatic

Do You Want To Boost Your Business?

drop us a line and keep in touch