Jan 2021 Plugin vulnerabilities

WordPress Plugin Vulnerabilities

1. LiteSpeed Cache – Low

LiteSpeed Cache versions below 3.6.1 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 3.6.1.

2. Newsletter Manager – High

All versions of Newsletter Manager have a Unauthenticated Insecure Deserialization vulnerability.

Remove the plugin until a security fix is released.

3. Site Offline – Medium

Site Offline versions below 1.4.4 have Multiple Cross-Site Request Forgery vulnerabilities.

The vulnerability is patched, and you should update to version 1.4.4.

4. WP Postratings – Medium

WP Postratings versions below 1.86.1 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.86.1.

5. Custom Global Variables – High

All versions of Custom Global Variables have a Stored Cross-Site Scripting vulnerability.

Remove the plugin until a security fix is released.

6. Stripe Payments – Medium

Stripe Payments versions below 2.0.40 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.0.40.

7. Orbit Fox by ThemeIsle – Medium

Orbit Fox by ThemeIsle versions below 2.10.3 have an Authenticated Stored Cross Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.10.3.

8. WP Paginate – Medium

WP Paginate versions below 2.1.4 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.1.4.

9. WP Quick FrontEnd Editor – Medium

All versions of WP Quick FrontEnd Editor have an Authenticated Content Injection vulnerability.

Remove the plugin until a security fix is released.