October 2020 WordPress Plugin Vulnerabilities

Is Your site secure?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

1. Live Chat – Live support

Live Chat – Live support versions below 3.2.0 have a Cross-Site Request Forgery vulnerability.

The vulnerability is patched, and you should update to version 3.2.0.

2. Quick Chat

All versions of Quick Chat have an Unauthenticated Stored Cross-Site Scripting vulnerability.

Remove the plugin until a security fix is released.
 

3. Child Theme Creator by Orbisius

Child Theme Creator by Orbisius versions below 1.5.2 have an CSRF to Arbitrary File Modification/Creation vulnerability.

The vulnerability is patched, and you should update to version 1.5.2.
 

4. Realia

All versions of Realia have an Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability.

Remove the plugin until a security fix is released.
 

5. Comment Press

Comment Press versions below 2.7.2 have an Unauthenticated Cross-Frame Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.7.2.
 

6. Super Store Finder for WordPress

Super Store Finder for WordPress versions below 6.2 have an Unauthenticated Arbitrary File Upload vulnerability.

The vulnerability is patched, and you should update to version 6.2.
 

7. Super Interactive Maps for WordPress

Super Interactive Maps for WordPress versions below 2.0 have an Unauthenticated Arbitrary File Upload vulnerability.

The vulnerability is patched, and you should update to version 2.0.
 

8. Super Logos Showcase for WordPress

Super Logos Showcase for WordPress versions below 2.3 have an Unauthenticated Arbitrary File Upload vulnerability.

The vulnerability is patched, and you should update to version 2.3.

9. Simple Download Monitor

Simple Download Monitor versions below 3.8.9 have an Unauthenticated Cross-Site Scripting and a SQL Injection vulnerabilities.

The vulnerability is patched, and you should update to version 3.8.9.
 

10. Loginizer

Loginizer versions below 1.6.4 have an Unauthenticated SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 1.6.4.
 

11. Helios Solutions Brand Logo Slider

All versions Helios Solutions Brand Logo Slider have an Authenticated Arbitrary File Upload vulnerability.

Remove the plugin until a security fix is released.
 

12. CM Download Manager

CM Download Manager versions below 2.8.0 have an Authenticated Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.8.0.
 

13. Advanced Booking Calendar

Advanced Booking Calendar versions below 1.6.2 have an Unauthenticated SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 1.6.2.

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch