Patch Tuesday! 1/11/22

patch tuesday

Patch Tuesday! 1/11/22

Plugin: WooCommerce Store Toolkit
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.3.2
Recommended Action: Update the WordPress Store Toolkit for WooCommerce plugin to the latest available version (at least 2.3.2).

Plugin: WooCommerce – Store Exporter
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.1
Recommended Action: Update the WordPress WooCommerce – Store Exporter plugin to the latest available version (at least 2.7.1).

Plugin: GTranslate
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.9.7
Recommended Action: Update the WordPress GTranslate plugin to the latest available version (at least 2.9.7).

Plugin: Ivory Search
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.4.1
Recommended Action: Update the WordPress Ivory Search plugin to the latest available version (at least 5.4.1).

Plugin: SEUR Oficial
Vulnerability: Arbitrary File Download
Patched Version: 1.7.2
Recommended Action: Update the WordPress SEUR Oficial plugin to the latest available version (at least 1.7.2).

Plugin: CLUEVO LMS, E-Learning Platform
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.1
Recommended Action: Update the WordPress CLUEVO LMS, E-Learning Platform plugin to the latest available version (at least 1.8.1).

Plugin: All-in-one Floating Contact Form
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.4
Recommended Action: Update the WordPress All-in-one Floating Contact Form plugin to the latest available version (at least 2.0.4).

Plugin: Paid Memberships Pro
Vulnerability: SQL Injection
Patched Version: 2.6.7
Recommended Action: Update the WordPress Paid Memberships Pro to the latest available version (at least 2.6.7).

Plugin: Ultimate Product Catalogue
Vulnerability: Settings Change
Patched Version: 5.0.26
Recommended Action: Update the WordPress Ultimate Product Catalog plugin to the latest available version (at least 5.0.26).

Plugin: Download IP2Location Country Blocker
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.26.6
Recommended Action: Update the WordPress IP2Location Country Blocker plugin to the latest available version (at least 2.26.6).

Plugin: Download IP2Location Country Blocker
Vulnerability: Other Vulnerability Type
Patched Version: 2.26.5
Recommended Action: Update the WordPress IP2Location Country Blocker plugin to the latest available version (at least 2.26.5).

Plugin: Download IP2Location Country Blocker
Vulnerability: Bypass Vulnerability
Patched Version: 2.26.5
Recommended Action: Update the WordPress IP2Location Country Blocker plugin to the latest available version (at least 2.26.5).

Plugin: RVM – Responsive Vector Maps
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.2
Recommended Action: Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version (at least 6.4.2).

Plugin: Order Tracking
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.0.17
Recommended Action: Update the WordPress Order Tracking plugin to the latest available version (at least 3.0.17).

Plugin: Order Tracking
Vulnerability: Other Vulnerability Type
Patched Version: 3.0.17
Recommended Action: Update the WordPress Order Tracking plugin to the latest available version (at least 3.0.17).

Plugin: Multisite Content Copier/Updater
Vulnerability: SQL Injection
Patched Version: 1.5.0
Recommended Action: Update the WordPress WordPress Multisite Content Copier/Updater plugin to the latest available version (at least 1.5.0).

Plugin: Multisite Content Copier/Updater
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.5.0
Recommended Action: Update the WordPress Multisite Content Copier/Updater plugin to the latest available version (at least 1.5.0).

Plugin: WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.8.3
Recommended Action: Update WordPress to the latest available version (at least 5.8.3).

Plugin: WordPress
Vulnerability: SQL Injection
Patched Version: 5.8.3
Recommended Action: Update WordPress to the latest available version (at least 5.8.3).

Plugin: WordPress
Vulnerability: SQL Injection
Patched Version: 5.8.3
Recommended Action: Update WordPress to the latest available version (at least 5.8.3).

Plugin: WordPress
Vulnerability: Other Vulnerability Type
Patched Version: 5.8.3
Recommended Action: Update WordPress to the latest available version (at least 5.8.3).

Plugin: SupportCandy
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.7
Recommended Action: Update the WordPress SupportCandy plugin to the latest available version (at least 2.2.7).

Plugin: SupportCandy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.2.7
Recommended Action: Update the WordPress SupportCandy plugin to the latest available version (at least 2.2.7).

Plugin: SupportCandy
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.7
Recommended Action: Update the WordPress SupportCandy plugin to the latest available version (at least 2.2.7).

Plugin: SupportCandy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.2.7
Recommended Action: Update the WordPress SupportCandy plugin to the latest available version (at least 2.2.7).

Plugin: SupportCandy
Vulnerability: Other Vulnerability Type
Patched Version: 2.2.5
Recommended Action: Update the WordPress SupportCandy plugin to the latest available version (at least 2.2.5).

Plugin: WPLegalPages
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.1
Recommended Action: Update the WordPress WPLegalPages plugin to the latest available version (at least 2.7.1).

Plugin: AAWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.17.1
Recommended Action: Update the WordPress AAWP premium plugin to the latest available version (at least 3.17.1).

Plugin: RVM – Responsive Vector Maps
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.5.6
Recommended Action: Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version (at least 6.5.6).

Plugin: Post Snippets
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.4
Recommended Action: Update the WordPress Post Snippets plugin to the latest available version (at least 3.1.4).

Plugin: WHMCS Bridge
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.3
Recommended Action: Update the WordPress WHMCS Bridge plugin to the latest available version (at least 6.3).

Plugin: WHMCS Bridge
Vulnerability: Other Vulnerability Type
Patched Version: 6.3
Recommended Action: Update the WordPress WHMCS Bridge plugin to the latest available version (at least 6.3).

Plugin: WHMCS Bridge
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 6.3
Recommended Action: Update the WordPress WHMCS Bridge to the latest available version (at least 6.3).

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.