Patch Tuesday! 1/4/22

patch tuesday

Patch Tuesday! 1/4/22

Plugin: YellowPencil Visual CSS Style Editor
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.5.4
Recommended Action: Update the WordPress Visual CSS Style Editor plugin to the latest available version (at least 7.5.4).

Plugin: Wicked Folders
Vulnerability: SQL Injection
Patched Version: 2.18.10
Recommended Action: Update the WordPress Wicked Folders plugin to the latest available version (at least 2.18.10).

Plugin: Document Embedder
Vulnerability: Information Disclosure
Patched Version: 1.7.5
Recommended Action: Update the WordPress Document Embedder plugin to the latest available version (at least 1.7.5).

Plugin: Document Embedder
Vulnerability: Information Disclosure
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary, pending a full review.

Plugin: TrustMate.io – integracja z WooCommerce
Vulnerability: Settings Change
Patched Version: 1.7.1
Recommended Action: Update the WordPress TrustMate.io –
integracja z WooCommerce plugin to the latest available version (at least
1.7.1).

Plugin: TrustMate.io – integracja z WooCommerce
Vulnerability: Settings Change
Patched Version: 1.8.12
Recommended Action: Update the WordPress TrustMate.io –
integracja z WooCommerce plugin to the latest available version (at least
1.8.12).

Plugin: SVG Support
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.3.20
Recommended Action: Update the WordPress SVG Support plugin to the latest available version (at least 2.3.20).

Plugin: Link Library
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.2.9
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.9).

Plugin: Link Library
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 7.2.8
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.8).

Plugin: Link Library
Vulnerability: Other Vulnerability Type
Patched Version: 7.2.8
Recommended Action: Update the WordPress Link Library plugin to the latest available version (at least 7.2.8).

Plugin: Absolutely Glamorous Custom Admin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7.0
Recommended Action: Update the WordPress Custom Dashboard & Login Page – AGCA plugin to the latest available version (at least 7.0).

Plugin: NextScripts
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.3.25
Recommended Action: Update the WordPress NextScripts plugin to the latest available version (at least 4.3.25).

Plugin: Learning Courses
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.0
Recommended Action: Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason: Security Issue.

Plugin: Error Log Viewer by BestWebSoft
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 10, 2021 and is not available for download. This closure is temporary, pending a full review.

Plugin: Rearrange Woocommerce Products
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Incomplete patch in version 3.0.7. Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review.

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.