Plugin: YellowPencil Visual CSS Style Editor
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.5.4
Recommended Action: Update the WordPress Visual CSS Style Editor plugin to the latest available version (at least 7.5.4).
Plugin: Wicked Folders
Vulnerability: SQL Injection
Patched Version: 2.18.10
Recommended Action: Update the WordPress Wicked Folders plugin to the latest available version (at least 2.18.10).
Plugin: Document Embedder
Vulnerability: Information Disclosure
Patched Version: 1.7.5
Recommended Action: Update the WordPress Document Embedder plugin to the latest available version (at least 1.7.5).
Plugin: Document Embedder
Vulnerability: Information Disclosure
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary, pending a full review.
Plugin: TrustMate.io – integracja z WooCommerce
Vulnerability: Settings Change
Patched Version: 1.7.1
Recommended Action: Update the WordPress TrustMate.io –
integracja z WooCommerce plugin to the latest available version (at least
1.7.1).
Plugin: TrustMate.io – integracja z WooCommerce
Vulnerability: Settings Change
Patched Version: 1.8.12
Recommended Action: Update the WordPress TrustMate.io –
integracja z WooCommerce plugin to the latest available version (at least
1.8.12).
Plugin: SVG Support
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.3.20
Recommended Action: Update the WordPress SVG Support plugin to the latest available version (at least 2.3.20).
Plugin: Link Library
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.2.9
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.9).
Plugin: Link Library
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 7.2.8
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.8).
Plugin: Link Library
Vulnerability: Other Vulnerability Type
Patched Version: 7.2.8
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.8).
Plugin: Absolutely Glamorous Custom Admin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.0
Recommended Action: Update the WordPress Custom Dashboard & Login Page – AGCA plugin to the latest available version (at least 7.0).
Plugin: NextScripts
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.3.25
Recommended Action: Update the WordPress NextScripts plugin to the latest available version (at least 4.3.25).
Plugin: Learning Courses
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.0
Recommended Action: Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason: Security Issue.
Plugin: Error Log Viewer by BestWebSoft
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 10, 2021 and is not available for download. This closure is temporary, pending a full review.
Plugin: Rearrange Woocommerce Products
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Incomplete patch in version 3.0.7. Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review.