Plugin Vulnerabilities for December 2021

Is your site up to date?

Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable!

Events Manager

Plugin: Events Manager
Vulnerability: Admin+ SQL Injection
Patched in Version: 5.9.8

Rich Reviews by Starfish

Plugin: Rich Reviews by Starfish
Vulnerability: Admin+ SQL Injection
Patched in Version: 1.9.6

Typebot

Plugin: Typebot
Vulnerability: Admin+ Stored Cross Site Scripting
Patched in Version: 1.4.3

Contact Form & Lead Form Elementor Builder

Plugin: Contact Form & Lead Form Elementor Builder
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.6.4

Download Manager

Plugin: Download Manager
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 3.2.22

WP RSS Aggregator

Plugin: Subscriber+ Stored Cross-Site Scripting
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.19.3

Buttonizer – Smart Floating Action Button

Plugin: Buttonizer – Smart Floating Action Button
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 2.5.5

WP Mail Logging

Plugin: WP Mail Logging
Vulnerability: Outdated Redux Framework
Patched in Version: 1.10.0

Stetic

Plugin: Stetic 
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed

Contact Form With Captcha

Plugin: Contact Form With Captcha
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed

Awesome Support

Plugin: Awesome Support 
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 6.0.7

Asgaros Forums

Plugin: Asgaros Forums
Vulnerability: Admin+ Stored Cross-Site Scripting
Patched in Version: 1.15.14

LiteSpeed Cache

Plugin: LiteSpeed Cache
Vulnerability: IP Check Bypass to Unauthenticated Stored XSS
Patched in Version: 4.4.4

Video Conferencing with Zoom

Plugin: Video Conferencing with Zoom
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.8.16

Booster for Woocommerce

Plugin: Booster for Woocommerce
Vulnerability: Reflected Cross-Site Scripting in PDF Invoicing Module
Patched in Version: 5.4.9

Speed Booster Pack

Plugin: Speed Booster Pack
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.3.3.1

OMGF

Plugin: OMGF
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.5.12

CAOS

Plugin: CAOS
Vulnerability: Admin+ Arbitrary Folder Deletion via Path Traversal
Patched in Version: 4.1.9

WP Travel Engine

Plugin: WP Travel Engine
Vulnerability: Editor+ Stored Cross-Site Scripting
Patched in Version: 5.3.1

Download Monitor

Plugin: Download Monitor
Vulnerability: Admin+ SQL Injection
Patched in Version: 4.4.5

Mortgage Calculator / Loan Calculator

Plugin: Mortgage Calculator / Loan Calculator
Vulnerability: Contributor+ Stored Cross-Site Scripting
Patched in Version: 1.5.17

Variation Swatches for WooCommerce

Plugin: Variation Swatches for WooCommerce
Vulnerability: Subscriber+ Stored Cross-Site Scripting
Patched in Version: 2.1.2

ClickBank Affiliate Ads

Plugin: ClickBank Affiliate Ads
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix – plugin closed

Advanced Custom Fields

Plugin: Advanced Custom Fields
Vulnerability: Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move
Patched in Version: 5.11

Canto

Plugin: Canto 
Vulnerability: Unauthenticated Blind SSRF
Patched in Version: No known fix

All-In-One-Gallery

Plugin: All-In-One-Gallery
Vulnerability: Admin+ Local File Inclusion
Patched in Version: 2.5.0

Need Security Help? Get WooSecured

We take security seriously. While security measures are built into WordPress and WooCommerce out of the box, there are things store owners should be doing to keep their customers, team, and data safe in the event of those worst-case scenarios. Our security services make your life easier by making your data and your customer data safe.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch