July 2021 Plugin Vulnerabilities & WooCommerce News

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

#1 WooCommerce

Plugin: WooCommerce 3.3 to 5.5
Vulnerability: Authenticated SQL Injection
Patched in Version: 5.5.1

 

See our post for details

#2 WooCommerce Blocks

Plugin: WooCommerce Blocks 2.5 to 5.5
Vulnerability: Unauthenticated SQL Injection
Patched in Version: 5.5.1

 

See our post for details

#3 Advanced Menu Manager

Plugin: Advanced Menu Manager
Vulnerability: Unauthorised Menu Creation/Deletion
Patched in Version: No known fix – Plugin Closed 

 

Plugin: Advanced Menu Manager
Vulnerability: Unauthorised Menu CEdition via CSRF
Patched in Version: No known fix – Plugin Closed

#4 WR Age Verification

Plugin: Wr Age Verification
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.0.0

#5 Marmoset Viewer

Plugin: Marmoset Viewer
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.9.3

#6 WOWRestro

Plugin: WOWRestro
Vulnerability: CSRF Bypass
Patched in Version: 1.1

#7 Page View Counts

Plugin: Page View Counts
Vulnerability: Contributor+ Stored Cross-Site Scripting (XSS)
Patched in Version: 2.4.9

#8 Frontend File Manager

Plugin: Frontend File Manager
Vulnerability: Privilege Escalation
Patched in Version: 18.3

 

Plugin: Frontend File Manager
Vulnerability: Unauthenticated Content Injection and Stored XSS
Patched in Version: 18.3

 

Plugin: Frontend File Manager
Vulnerability: Authenticated Arbitrary Settings Change to Arbitrary File Upload
Patched in Version: 18.3

 

Plugin: Frontend File Manager
Vulnerability: Unauthenticated Arbitrary Post Deletion
Patched in Version: 18.3

 

Plugin: Frontend File Manager
Vulnerability: Unauthenticated Post Meta Change to Arbitrary File Download
Patched in Version: 18.3

 

Plugin: Frontend File Manager
Vulnerability: Unauthenticated HTML Injection
Patched in Version: 18.3

#9 Stock in & out

Plugin: Stock in & out
Vulnerability: Authenticated SQL Injection
Patched in VersionNo known fix – Plugin Closed 

Plugin: Stock in & out
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in VersionNo known fix – Plugin Closed

#10 Side Menu Lite

Plugin: Side Menu Lite
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.2.1

#11 Profile Press

Plugin: ProfilePress
Vulnerability: Unauthenticated Cross-Site Scripting (XSS)
Patched in Version: 3.1.11

#12 WP Google Map

Plugin: WP Google Map
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 1.7.7

#13 10Web Map Builder for Google Maps

Plugin: 10Web Map Builder for Google Maps
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.0.70

#14 Video Posts Web Cam Recorder

Plugin: Video Posts Webcam Recorder
Vulnerability: Authenticated Reflected XSS
Patched in Version: 3.2.4

#15 WP Front Notification Bar

Plugin: WPFront Notification Bar
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.0.0.07176

#16 WordPress Popular Posts

Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3

#17 Form Maker from 10Web

Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3

#18 Activity Log

Plugin: Activity Log
Vulnerability: Authenticated SQL Injection
Patched in Version: 2.7.0

#19 Current Book

Plugin: Current Book
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in VersionNo known fix – Plugin Closed

#20 ECPay Logistics for WooCommerce

Plugin: WordPress Popular Posts
Vulnerability: Authenticated Code Injection
Patched in Version: 5.3.3

#21 Event Espresso Core

Plugin: Event Espresso Core
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 4.10.7.p

 

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

Plugin Vulnerabilities for January 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! SVG Support

Plugins

Plugin Vulnerabilities for December 2021

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! Events Manager

Do You Want To Boost Your Business?

drop us a line and keep in touch