
Patch Tuesday! 1/18/22
Plugin: Zero Spam
Vulnerability: SQL Injection
Patched Version: 5.2.10
Recommended Action: Update the WordPress Zero Spam plugin to the latest available version (at least 5.2.10).
Plugin: WOOCS – WooCommerce Currency Switcher
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.7.5
Recommended Action: Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version (at least 1.3.7.5).
Plugin: Shield Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.0.6
Recommended Action: Update the WordPress Shield Security plugin to the latest available version (at least 13.0.6).
Plugin: ProfileGrid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Image Photo Gallery Final Tiles Grid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.5.3
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version (at least 3.5.3).
Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).
Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).
Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).
Plugin: The Buffer Button
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Translation Exchange
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Five Star Business Profile and Schema
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.6
Recommended Action: Update the WordPress Five Star Business Profile and Schema plugin to the latest available version (at least 2.1.6).
Plugin: FeedWordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No known fix.
Plugin: LeadMagic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.2
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.2).
Plugin: PPOM for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 24.0
Recommended Action: Update the WordPress PPOM for WooCommerce plugin to the latest available version (at least 24.0).
Plugin: CMP – Coming Soon & Maintenance
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.19
Recommended Action: Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version (at least 4.0.19).
Plugin: Noptin
Vulnerability: Open Redirection
Patched Version: 1.6.5
Recommended Action: Update the WordPress Noptin plugin to the latest available version (at least 1.6.5).
Plugin: Form Store to DB
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.1
Recommended Action: Update the WordPress Form Store to DB plugin to the latest available version (at least 1.1.1).
Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.0.0).
Plugin: WP-Appbox
Vulnerability: Local File Inclusion
Patched Version: 4.3.18
Recommended Action: Update the WordPress WP-Appbox plugin to the latest available version (at least 4.3.18).
Plugin: Magee Shortcodes
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.9
Recommended Action: Update the WordPress Magee Shortcodes plugin to the latest available version (at least 2.0.9).
Plugin: Popup | Custom Popup Builder
Vulnerability: Denial of Service Attack
Patched Version: 1.3.1
Recommended Action: Update the WordPress Popup | Custom Popup Builder plugin to the latest available version (at least 1.3.1).
Plugin: Permalink Manager Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Pro premium plugin to the latest available version (at least 2.2.15).
Plugin: MapPress Maps for WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.73.4
Recommended Action: Update the WordPress MapPress Maps for WordPress plugin to the latest available version (at least 2.73.4).
Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).
Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).
Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).
Plugin: Random Banner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.5
Recommended Action: Update the WordPress Random Banner plugin to the latest available version (at least 4.1.5).
Plugin: Themify Portfolio Post
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.7
Recommended Action: Update the WordPress Themify Portfolio Post plugin to the latest available version (at least 1.1.7).
Plugin: Futurio Extra
Vulnerability: SQL Injection
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3).
Plugin: Futurio Extra
Vulnerability: Information Disclosure
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3)
Plugin: WP Import Export Lite
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export Lite plugin to the latest available version (at least 3.9.16).
Plugin: WP Import Export
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export premium plugin to the latest available version (at least 3.9.16).
Plugin: Photoswipe Masonry Gallery
Vulnerability: Other Vulnerability Type
Patched Version: 1.2.15
Recommended Action: Update the WordPress Photoswipe Masonry Gallery plugin to the latest available version (at least 1.2.15).
Plugin: Spider Calendar
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent.
Plugin: NewStatPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.6
Recommended Action: Update the WordPress NewStatPress plugin to the latest available version (at least 1.3.6).
Plugin: Login/Signup Popup
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.3
Recommended Action: Update the WordPress Login/Signup Popup plugin to the latest available version (at least 2.3).
Plugin: WP HTML Mail
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1
Recommended Action: Update the WordPress WP HTML Mail plugin to the latest available version (at least 3.1).
Plugin: Side Cart Woocommerce (Ajax)
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1
Recommended Action: Update the WordPress Side Cart Woocommerce (Ajax) plugin to the latest available version (at least 2.1).
Plugin: Download Manager
Vulnerability: SQL Injection
Patched Version: 3.2.34
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.34).
Plugin: WP Ultimate CSV Importer
Vulnerability: Arbitrary File Upload
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).
Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).
Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).
Plugin: Permalink Manager Lite
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 2.2.15).
Plugin: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.31
Recommended Action: Update the WordPress Newsletter, SMTP, Email marketing and Subscribe plugin to the latest available version (at least 3.1.31).
Plugin: Ad Invalid Click Protector (AICP)
Vulnerability: SQL Injection
Patched Version: 1.2.6
Recommended Action: Update the WordPress Ad Invalid Click Protector (AICP) plugin to the latest available version (at least 1.2.6).
Plugin: RSVP and Event Management Plugin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.5
Recommended Action: Update the WordPress RSVP and Event Management plugin to the latest available version (at least 2.7.5).
Plugin: RSVP and Event Management Plugin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.5
Recommended Action: Update the WordPress RSVP and Event Management plugin to the latest available version (at least 2.7.5).
Plugin: Ibtana
Vulnerability: Other Vulnerability Type
Patched Version: 1.1.4.9
Recommended Action: Update the WordPress Ibtana plugin to the latest available version (at least 1.1.4.9).
Plugin: PowerPack Lite for Beaver Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).