More August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Sitewide Notice WP

Plugin: Sitewide Notice WP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3

Business Hours Indicator

Plugin: Business Hours Indicator 
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3.5
Severity ScoreLow

Bold Page Builder

Plugin: Bold Page Builder
Vulnerability: PHP Object Injection
Patched in Version: 3.1.6
Severity ScoreMedium

ShareThis Dashboard for Google Analytics

Plugin: ShareThis Dashboard for Google Analytics
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.5.2
Severity ScoreHigh

Story Chief

Plugin: StoryChief
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.0.31
Severity ScoreHigh

WP LMS

Plugin: WP LMS
Vulnerability: Unauthenticated Arbitrary User Field Edition/Creation
Patched in Version: 1.1.5
Severity ScoreMedium

VDZ Google Analytics or Google Tag Manager / GTM

Plugin: VDZ Google Analytics or Google Tag Manager / GTM
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.6.0
Severity ScoreLow

Cooked

Plugin: Cooked 
Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.7.9.1
Severity ScoreMedium

Email Encoder

Plugin: Email Encoder – Protect Email Addresses
Vulnerability: Reflected Cross Site Scripting
Patched in Version: 2.1.2
Severity ScoreMedium

SMS Alert Order Notifications - WooCommerce

Plugin: SMS Alert Order Notifications – WooCommerce
Vulnerability: Authenticated Cross Site Scripting
Patched in Version: 3.4.7
Severity ScoreLow

HM Multiple Roles

Plugin: HM Multiple Roles
Vulnerability: Arbitrary Role Change
Patched in Version: 1.3
Severity ScoreCritical

WP Customize Login

Plugin: WP Customize Login
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreLow

User Rights Access Manager

Plugin: User Rights Access Manager 
Vulnerability: Access Restriction Bypass
Patched in VersionNo known fix
Severity ScoreMedium

JiangQie Official Website Mini Program

Plugin: JiangQie Official Website Mini Program
Vulnerability: Authenticated SQL Injection
Patched in Version: 1.1.1
Severity ScoreCritical

 
Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator 
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in VersionNo known fix
Severity ScoreHigh

Welcart e-Commerce

Plugin: Welcart e-Commerce
Vulnerability: Unauthenticated Information Disclosure
Patched in Version: 2.2.8
Severity ScoreHigh

Highlight

Plugin: Highlight
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 0.9.3
Severity ScoreLow

Cookie Notice & Consent Banner for GDPR & CCPA Compliance

Plugin: Cookie Notice & Consent Banner for GDPR & CCPA Compliance
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.7.2
Severity ScoreLow

Pods

Plugin: Pods
Vulnerability: Multiple Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 2.7.29
Severity ScoreLow

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Plugins

Plugin Vulnerabilities for January 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! SVG Support

Do You Want To Boost Your Business?

drop us a line and keep in touch