More August 2021 Plugin Vulnerabilities

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Sitewide Notice WP

Plugin: Sitewide Notice WP
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3

Business Hours Indicator

Plugin: Business Hours Indicator
Vulnerability: Authenticated Stored XSS
Patched in Version: 2.3.5
Severity Score: Low

Bold Page Builder

Plugin: Bold Page Builder
Vulnerability: PHP Object Injection
Patched in Version: 3.1.6
Severity Score: Medium

ShareThis Dashboard for Google Analytics

Plugin: ShareThis Dashboard for Google Analytics
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 2.5.2
Severity Score: High

Story Chief

Plugin: StoryChief
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.0.31
Severity Score: High

WP LMS

Plugin: WP LMS
Vulnerability: Unauthenticated Arbitrary User Field Edition/Creation
Patched in Version: 1.1.5
Severity Score: Medium

VDZ Google Analytics or Google Tag Manager / GTM

Plugin: VDZ Google Analytics or Google Tag Manager / GTM
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.6.0
Severity Score: Low

Cooked

Plugin: Cooked
Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS)
Patched in Version: 1.7.9.1
Severity Score: Medium

Email Encoder

Plugin: Email Encoder – Protect Email Addresses
Vulnerability: Reflected Cross Site Scripting
Patched in Version: 2.1.2
Severity Score: Medium

SMS Alert Order Notifications - WooCommerce

Plugin: SMS Alert Order Notifications – WooCommerce
Vulnerability: Authenticated Cross Site Scripting
Patched in Version: 3.4.7
Severity Score: Low

HM Multiple Roles

Plugin: HM Multiple Roles
Vulnerability: Arbitrary Role Change
Patched in Version: 1.3
Severity Score: Critical

WP Customize Login

Plugin: WP Customize Login
Vulnerability: Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: Low

User Rights Access Manager

Plugin: User Rights Access Manager
Vulnerability: Access Restriction Bypass
Patched in Version: No known fix
Severity Score: Medium

JiangQie Official Website Mini Program

Plugin: JiangQie Official Website Mini Program
Vulnerability: Authenticated SQL Injection
Patched in Version: 1.1.1
Severity Score: Critical

Favicon by RealFaviconGenerator

Plugin: Favicon by RealFaviconGenerator
Vulnerability: Reflected Cross-Site Scripting (XSS)
Patched in Version: No known fix
Severity Score: High

Welcart e-Commerce

Plugin: Welcart e-Commerce
Vulnerability: Unauthenticated Information Disclosure
Patched in Version: 2.2.8
Severity Score: High

Highlight

Plugin: Highlight
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 0.9.3
Severity Score: Low

Cookie Notice & Consent Banner for GDPR & CCPA Compliance

Plugin: Cookie Notice & Consent Banner for GDPR & CCPA Compliance
Vulnerability: Authenticated Stored XSS
Patched in Version: 1.7.2
Severity Score: Low

Pods

Plugin: Pods
Vulnerability: Multiple Authenticated Stored Cross-Site Scripting (XSS)
Patched in Version: 2.7.29
Severity Score: Low

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Joel March 27, 2022