WordPress Plugin Vulnerabilities for October.
If you have any of these plugins make sure you upgrade to their lastest versions.
1. XCloner
XCloner versions below 4.2.15 have a Cross-Site Request Forgery vulnerability.
2. Ninja Forms Contact Form
Ninja Forms Contact Form versions below 3.4.27.1 have a Cross-Site Request Forgery vulnerability.
3. Coditor
All versions of Coditor have a Cross-Site Request Forgery vulnerability.
4. Simple:Press
Simple:Press versions below 6.6.1 have a Broken Access Control vulnerability, which could lead to a Remote Code Execution attack.
5. WP Courses LMS
WP Courses LMS versions below 2.0.29 have a Broken Access Control vulnerability.
6. Slider by 10Web
Slider by 10Web versions below 1.2.36 have Multiple Authenticated SQL Injection vulnerabilities.
7. WordPress + Microsoft Office 365 / Azure AD
WordPress + Microsoft Office 365 / Azure AD versions below 11.7 have an Authentication Bypass vulnerability.
8. Team Showcase
Team Showcase versions below 1.22.16 have an Authenticated Stored Cross-Site Scripting vulnerability.
9. Post Grid
Post Grid versions below 2.0.73 have an Authenticated Stored Cross-Site Scripting vulnerability.
10. WPBakery Page Builder
WPBakery Page Builder versions below 6.4.1 have an Authenticated Stored Cross-Site Scripting vulnerability.
11. Hypercomments
All versions of Hypercomments Unauthenticated Arbitrary File Deletion vulnerability.
12. Dynamic Content for Elementor
Dynamic Content for Elementor versions below 1.9.6 have an Authenticated Remote Code Execution vulnerability.
13. PowerPress Podcasting
PowerPress Podcasting versions below 8.3.8 have Authenticated Arbitrary File Upload leading issues leading to a Remote Code Execution vulnerability.
WordPress Theme Vulnerabilities
1. Shapely
Shapely versions below v1.2.9 have an Unauthenticated Function Injection vulnerability.
2. NewsMag
NewsMag versions below 2.4.2 have an Unauthenticated Function Injection vulnerability.
3. Activello
Activello versions below 1.4.2 have an Unauthenticated Function Injection vulnerability.
4. Illdy
Illdy versions below 2.1.7 have an Unauthenticated Function Injection vulnerability.
5. Allegiant
Allegiant versions below 1.2.6 have an Unauthenticated Function Injection vulnerability.
6. Newspaper X
Newspaper X versions below 1.3.2 have an Unauthenticated Function Injection vulnerability.
7. Pixova Lite
Pixova Lite versions below 2.0.7 have an Unauthenticated Function Injection vulnerability.
8. Brilliance
Brilliance versions below 1.3.0 have an Unauthenticated Function Injection vulnerability.
9. MedZone Lite
MedZone Lite versions below 1.2.6 have an Unauthenticated Function Injection vulnerability.
10. Regina Lite
Regina Lite versions below 2.0.6 have an Unauthenticated Function Injection vulnerability.
12. Transcend
Transcend versions below 1.2.0 have an Unauthenticated Function Injection vulnerability.
13. Affluent
Affluent versions below 1.1.2 have an Unauthenticated Function Injection vulnerability.
14. Bonkers
Bonkers versions below 1.0.6 have an Unauthenticated Function Injection vulnerability.
15. Antreas
Antreas versions below 1.0.7 have an Unauthenticated Function Injection vulnerability.
16. NatureMag Lite
All versions of NatureMag Lite have an Unauthenticated Function Injection vulnerability.