Patch Tuesday! 1/25/22

patch tuesday

Patch Tuesday! 1/25/22

Plugin: LearnPress
Vulnerability: Other Vulnerability Type
Patched Version: 4.1.5
Recommended Action: Update the WordPress LearnPress plugin to the latest available version (at least 4.1.5).

Plugin: WP RSS Aggregator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.20
Recommended Action: Update the WordPress WP RSS Aggregator plugin to the latest available version (at least 4.20).

Plugin: StatCounter
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.7
Recommended Action: Update the WordPress StatCounter plugin to the latest available version (at least 2.0.7).

Plugin: WP Accessibility Helper (WAH)
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.6.0.7
Recommended Action: Update the WordPress WP Accessibility Helper (WAH) plugin to the latest available version (at least 0.6.0.7).

Plugin: WP Responsive Menu
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1.7.1
Recommended Action: Update the WordPress WP Responsive Menu plugin to the latest available version (at least 3.1.7.1).

Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).

Plugin: Embed Swagger
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Simple Membership
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.0.9
Recommended Action: Update the WordPress Simple Membership plugin to the latest available version (at least 4.0.9).

Plugin: AdSanity
Vulnerability: Other Vulnerability Type
Patched Version: 1.8.2
Recommended Action: Update the WordPress AdSanity premium plugin to the latest available version (at least 1.8.2). Vulnerability author note: new version doesn’t allow Contributor users to upload files but still allows Author+ users to do so, therefore if you have Author users registered on your blog, you may exercise extreme caution.

Plugin: AP Custom Testimonial
Vulnerability: SQL Injection
Patched Version: 1.4.8
Recommended Action: Update the WordPress AP Custom Testimonial plugin to the latest available version (at least 1.4.8).

Plugin: AP Custom Testimonial
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.8
Recommended Action: Update the WordPress AP Custom Testimonial plugin to the latest available version (at least 1.4.8).

Plugin: AccessPress Parallax
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Accesspress Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: AccessPress Store
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Zigcy Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Enlighten
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Accesspress Mag
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: StoreVilla
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Punte
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Accesspress Basic
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: AccessPress Root
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Construction Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: VMagazine Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: ParallaxSome
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: FotoGraphy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: VMag
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Uncode Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Bingle
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: The Launcher
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: ScrollMe
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Agency Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Swing Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Vmagazine News
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Bloger
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Revolve
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Ripple
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Zigcy Cosmetics
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: The Monday
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Zigcy Baby
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Doko
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Sakala
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Edict Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: The100
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: WP Store
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Eight Sec
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: EightLaw Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Eightmedi Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: EightStore Lite
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Brovy
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: WPparallax
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Arrival
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Ultra Seven
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Opstore
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation.

Plugin: Ad Inserter
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.10
Recommended Action: Update the WordPress Ad Inserter plugin to the latest available version (at least 2.7.10).

Plugin: Anti-Malware Security and Brute-Force Firewall
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.20.94
Recommended Action: Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version (at least 4.20.94).

Plugin: Popup Builder
Vulnerability: Local File Inclusion
Patched Version: 4.0.7
Recommended Action: Update the WordPress Popup Builder plugin to the latest available version (at least 4.0.7).

Plugin: Popup Builder
Vulnerability: SQL Injection
Patched Version: 4.0.7
Recommended Action: Update the WordPress Popup Builder plugin to the latest available version (at least 4.0.7).

Plugin: Advanced Database Cleaner
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.4
Recommended Action: Update the WordPress Advanced Database Cleaner plugin to the latest available version (at least 3.0.4).

Plugin: Database Backup for WordPress
Vulnerability: SQL Injection
Patched Version: 2.5.1
Recommended Action: Update the WordPress Database Backup for WordPress plugin to the latest available version (at least 2.5.1).

Plugin: Access Demo Importer
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. No patched version is available. The vendor doesn’t respond to all communication attempts.

Plugin: Access Demo Importer
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. No patched version is available. The vendor doesn’t respond to all communication attempts.

Plugin: Coming soon and Maintenance mode
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.6.8
Recommended Action: Update the WordPress Coming soon and Maintenance mode plugin to the latest available version (at least 3.6.8).

Plugin: Coming soon and Maintenance mode
Vulnerability: Other Vulnerability Type
Patched Version: 3.6.7
Recommended Action: Update the WordPress Coming soon and Maintenance mode plugin to the latest available version (at least 3.6.7).

Plugin: Catch Web Tools
Vulnerability: Other Vulnerability Type
Patched Version: 2.7.1
Recommended Action: Update the WordPress Catch Web Tools plugin to the latest available version (at least 2.7.1).

Plugin: WP Debugging
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.11.7
Recommended Action: Update the WordPress WP Debugging plugin to the latest available version (at least 2.11.7).

Plugin: WP Debugging
Vulnerability: Other Vulnerability Type
Patched Version: 2.11.7
Recommended Action: Update the WordPress WP Debugging plugin to the latest available version (at least 2.11.7).

Plugin: Duplicate Page or Post
Vulnerability: Other Vulnerability Type
Patched Version: 1.5.1
Recommended Action: Update the WordPress Duplicate Page or Post plugin to the latest available version (at least 1.5.1).

Plugin: Float menu
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 4.3.1
Recommended Action: Update the WordPress Float menu plugin to the latest available version (at least 4.3.1).

Plugin: Ad Inserter Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.7.10
Recommended Action: Update the WordPress Ad Inserter Pro premium plugin to the latest available version (at least 2.7.10).

Plugin: Classic Editor Addon
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.6.4
Recommended Action: Update the WordPress Classic Editor Addon plugin to the latest available version (at least 2.6.4).

Plugin: Classic Editor Addon
Vulnerability: Other Vulnerability Type
Patched Version: 2.6.4
Recommended Action: Update the WordPress Classic Editor Addon plugin to the latest available version (at least 2.6.4).

Plugin: Lean WP
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request.

Plugin: Lean WP
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request.

Plugin: ExportFeed: List WooCommerce Products on eBay Store
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 22, 2021 and is not available for download. Reason: Security Issue.

Plugin: Zero Spam
Vulnerability: SQL Injection
Patched Version: 5.2.10
Recommended Action: Update the WordPress Zero Spam plugin to the latest available version (at least 5.2.10).

Plugin: WOOCS – WooCommerce Currency Switcher
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.7.5
Recommended Action: Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version (at least 1.3.7.5).

Plugin: AnyComment
Vulnerability: Other Vulnerability Type
Patched Version: 0.2.18
Recommended Action: Update the WordPress AnyComment plugin to the latest available version (at least 0.2.18).

Plugin: AnyComment
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 0.2.18
Recommended Action: Update the WordPress AnyComment plugin to the latest available version (at least 0.2.18).

Plugin: Shield Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.0.6
Recommended Action: Update the WordPress Shield Security plugin to the latest available version (at least 13.0.6).

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.