Patch Tuesday! 1/18/22

Plugin: Zero Spam
Vulnerability: SQL Injection
Patched Version: 5.2.10
Recommended Action: Update the WordPress Zero Spam plugin to the latest available version (at least 5.2.10).

Plugin: WOOCS – WooCommerce Currency Switcher
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.7.5
Recommended Action: Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version (at least 1.3.7.5).

Plugin: Shield Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.0.6
Recommended Action: Update the WordPress Shield Security plugin to the latest available version (at least 13.0.6).

Plugin: ProfileGrid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Image Photo Gallery Final Tiles Grid
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.5.3
Recommended Action: Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version (at least 3.5.3).

Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).

Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).

Plugin: GiveWP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.17.3
Recommended Action: Update the WordPress GiveWP plugin to the latest available version (at least 2.17.3).

Plugin: The Buffer Button
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Translation Exchange
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Five Star Business Profile and Schema
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1.6
Recommended Action: Update the WordPress Five Star Business Profile and Schema plugin to the latest available version (at least 2.1.6).

Plugin: FeedWordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: No known fix.

Plugin: LeadMagic
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.2
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.2).

Plugin: PPOM for WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 24.0
Recommended Action: Update the WordPress PPOM for WooCommerce plugin to the latest available version (at least 24.0).

Plugin: CMP – Coming Soon & Maintenance
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.19
Recommended Action: Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version (at least 4.0.19).

Plugin: Noptin
Vulnerability: Open Redirection
Patched Version: 1.6.5
Recommended Action: Update the WordPress Noptin plugin to the latest available version (at least 1.6.5).

Plugin: Form Store to DB
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.1
Recommended Action: Update the WordPress Form Store to DB plugin to the latest available version (at least 1.1.1).

Plugin: Complianz – GDPR/CCPA Cookie Consent
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.0
Recommended Action: Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version (at least 6.0.0).

Plugin: WP-Appbox
Vulnerability: Local File Inclusion
Patched Version: 4.3.18
Recommended Action: Update the WordPress WP-Appbox plugin to the latest available version (at least 4.3.18).

Plugin: Magee Shortcodes
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.9
Recommended Action: Update the WordPress Magee Shortcodes plugin to the latest available version (at least 2.0.9).

Plugin: Popup | Custom Popup Builder
Vulnerability: Denial of Service Attack
Patched Version: 1.3.1
Recommended Action: Update the WordPress Popup | Custom Popup Builder plugin to the latest available version (at least 1.3.1).

Plugin: Permalink Manager Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Pro premium plugin to the latest available version (at least 2.2.15).

Plugin: MapPress Maps for WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.73.4
Recommended Action: Update the WordPress MapPress Maps for WordPress plugin to the latest available version (at least 2.73.4).

Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).

Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).

Plugin: WP Optin Wheel
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.5
Recommended Action: Update the WordPress WP Optin Wheel plugin to the latest available version (at least 1.3.5).

Plugin: Random Banner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.1.5
Recommended Action: Update the WordPress Random Banner plugin to the latest available version (at least 4.1.5).

Plugin: Themify Portfolio Post
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.7
Recommended Action: Update the WordPress Themify Portfolio Post plugin to the latest available version (at least 1.1.7).

Plugin: Futurio Extra
Vulnerability: SQL Injection
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3).

Plugin: Futurio Extra
Vulnerability: Information Disclosure
Patched Version: 1.6.3
Recommended Action: Update the WordPress Futurio Extra plugin to the latest available version (at least 1.6.3)

Plugin: WP Import Export Lite
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export Lite plugin to the latest available version (at least 3.9.16).

Plugin: WP Import Export
Vulnerability: Information Disclosure
Patched Version: 3.9.16
Recommended Action: Update the WordPress WP Import Export premium plugin to the latest available version (at least 3.9.16).

Plugin: Photoswipe Masonry Gallery
Vulnerability: Other Vulnerability Type
Patched Version: 1.2.15
Recommended Action: Update the WordPress Photoswipe Masonry Gallery plugin to the latest available version (at least 1.2.15).

Plugin: Spider Calendar
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent.

Plugin: NewStatPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.6
Recommended Action: Update the WordPress NewStatPress plugin to the latest available version (at least 1.3.6).

Plugin: Login/Signup Popup
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.3
Recommended Action: Update the WordPress Login/Signup Popup plugin to the latest available version (at least 2.3).

Plugin: WP HTML Mail
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1
Recommended Action: Update the WordPress WP HTML Mail plugin to the latest available version (at least 3.1).

Plugin: Side Cart Woocommerce (Ajax)
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.1
Recommended Action: Update the WordPress Side Cart Woocommerce (Ajax) plugin to the latest available version (at least 2.1).

Plugin: Download Manager
Vulnerability: SQL Injection
Patched Version: 3.2.34
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.34).

Plugin: WP Ultimate CSV Importer
Vulnerability: Arbitrary File Upload
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).

Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).

Plugin: WP Ultimate CSV Importer
Vulnerability: Other Vulnerability Type
Patched Version: 6.4.1
Recommended Action: Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.4.1).

Plugin: Permalink Manager Lite
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.15
Recommended Action: Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 2.2.15).

Plugin: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.31
Recommended Action: Update the WordPress Newsletter, SMTP, Email marketing and Subscribe plugin to the latest available version (at least 3.1.31).

Plugin: Ad Invalid Click Protector (AICP)
Vulnerability: SQL Injection
Patched Version: 1.2.6
Recommended Action: Update the WordPress Ad Invalid Click Protector (AICP) plugin to the latest available version (at least 1.2.6).

Plugin: RSVP and Event Management Plugin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.5
Recommended Action: Update the WordPress RSVP and Event Management plugin to the latest available version (at least 2.7.5).

Plugin: RSVP and Event Management Plugin
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.5
Recommended Action: Update the WordPress RSVP and Event Management plugin to the latest available version (at least 2.7.5).

Plugin: Ibtana
Vulnerability: Other Vulnerability Type
Patched Version: 1.1.4.9
Recommended Action: Update the WordPress Ibtana plugin to the latest available version (at least 1.1.4.9).

Plugin: PowerPack Lite for Beaver Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.9.3
Recommended Action: Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version (at least 1.2.9.3).