Patch Tuesday! 1/18/22

Plugin: Zero Spam
Vulnerability: SQL Injection
Patched Version: 5.2.10
Recommended Action: Update the WordPress Zero Spam plugin to the latest available version (at least 5.2.10).

Plugin: WOOCS – WooCommerce Currency Switcher
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.7.5
Recommended Action: Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version (at least 1.3.7.5).

Plugin: Shield Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.0.6
Recommended Action: Update the WordPress Shield Security plugin to the latest available version (at least 13.0.6).

Plugin: ProfileGrid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Image Photo Gallery Final Tiles Grid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.5.3
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version (at least 3.5.3).

Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).

Plugin: The Buffer Button
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Translation Exchange
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Five Star Business Profile and Schema
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.6
Recommended Action: Update the WordPress Five Star Business Profile and Schema plugin to the latest available version (at least 2.1.6).

Plugin: FeedWordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No known fix.

Plugin: LeadMagic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.2
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.2).

Plugin: PPOM for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 24.0
Recommended Action: Update the WordPress PPOM for WooCommerce plugin to the latest available version (at least 24.0).

Plugin: CMP – Coming Soon & Maintenance
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.19
Recommended Action: Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version (at least 4.0.19).

Plugin: Noptin
Vulnerability: Open Redirection
Patched Version: 1.6.5
Recommended Action: Update the WordPress Noptin plugin to the latest available version (at least 1.6.5).

Plugin: Form Store to DB
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.1
Recommended Action: Update the WordPress Form Store to DB plugin to the latest available version (at least 1.1.1).

Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.0.0).

Plugin: WP-Appbox
Vulnerability: Local File Inclusion
Patched Version: 4.3.18
Recommended Action: Update the WordPress WP-Appbox plugin to the latest available version (at least 4.3.18).

Plugin: Magee Shortcodes
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.9
Recommended Action: Update the WordPress Magee Shortcodes plugin to the latest available version (at least 2.0.9).

Plugin: Popup | Custom Popup Builder
Vulnerability: Denial of Service Attack
Patched Version: 1.3.1
Recommended Action: Update the WordPress Popup | Custom Popup Builder plugin to the latest available version (at least 1.3.1).

Plugin: Permalink Manager Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Pro premium plugin to the latest available version (at least 2.2.15).

Plugin: MapPress Maps for WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.73.4
Recommended Action: Update the WordPress MapPress Maps for WordPress plugin to the latest available version (at least 2.73.4).

Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).

Plugin: Random Banner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.5
Recommended Action: Update the WordPress Random Banner plugin to the latest available version (at least 4.1.5).

Plugin: Themify Portfolio Post
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.7
Recommended Action: Update the WordPress Themify Portfolio Post plugin to the latest available version (at least 1.1.7).

Plugin: Futurio Extra
Vulnerability: SQL Injection
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3).

Plugin: Futurio Extra
Vulnerability: Information Disclosure
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3)

Plugin: WP Import Export Lite
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export Lite plugin to the latest available version (at least 3.9.16).

Plugin: WP Import Export
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export premium plugin to the latest available version (at least 3.9.16).

Plugin: Photoswipe Masonry Gallery
Vulnerability: Other Vulnerability Type
Patched Version: 1.2.15
Recommended Action: Update the WordPress Photoswipe Masonry Gallery plugin to the latest available version (at least 1.2.15).

Plugin: Spider Calendar
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent.

Plugin: NewStatPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.6
Recommended Action: Update the WordPress NewStatPress plugin to the latest available version (at least 1.3.6).

Plugin: Login/Signup Popup
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.3
Recommended Action: Update the WordPress Login/Signup Popup plugin to the latest available version (at least 2.3).

Plugin: WP HTML Mail
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1
Recommended Action: Update the WordPress WP HTML Mail plugin to the latest available version (at least 3.1).

Plugin: Side Cart Woocommerce (Ajax)
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1
Recommended Action: Update the WordPress Side Cart Woocommerce (Ajax) plugin to the latest available version (at least 2.1).

Plugin: Download Manager
Vulnerability: SQL Injection
Patched Version: 3.2.34
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.34).

Plugin: WP Ultimate CSV Importer
Vulnerability: Arbitrary File Upload
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).

Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).

Plugin: Permalink Manager Lite
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 2.2.15).

Plugin: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.31
Recommended Action: Update the WordPress Newsletter, SMTP, Email marketing and Subscribe plugin to the latest available version (at least 3.1.31).

Plugin: Ad Invalid Click Protector (AICP)
Vulnerability: SQL Injection
Patched Version: 1.2.6
Recommended Action: Update the WordPress Ad Invalid Click Protector (AICP) plugin to the latest available version (at least 1.2.6).

Plugin: RSVP and Event Management Plugin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.5
Recommended Action: Update the WordPress RSVP and Event Management plugin to the latest available version (at least 2.7.5).

Plugin: Ibtana
Vulnerability: Other Vulnerability Type
Patched Version: 1.1.4.9
Recommended Action: Update the WordPress Ibtana plugin to the latest available version (at least 1.1.4.9).

Plugin: PowerPack Lite for Beaver Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat…

Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum.

Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla…

Related Posts