Patch Tuesday! 2/1/22

patch tuesday

Patch Tuesday! 2/1/22

Plugin: Download Manager
Vulnerability: Information Disclosure
Patched Version: 3.2.25
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.25)

Plugin: NotificationX
Vulnerability: SQL Injection
Patched Version: 2.3.9
Recommended Action: Update the WordPress NotificationX plugin to the latest available version (at least 2.3.9).

Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).

Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).

Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).

Plugin: MaxGalleria
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Time Slots Booking Form
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.63
Recommended Action: Update the WordPress WP Time Slots Booking Form plugin to the latest available version (at least 1.1.63).

Plugin: CP Blocks
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.15
Recommended Action: Update the WordPress CP Blocks plugin to the latest available version (at least 1.0.15).

Plugin: Advanced iFrame
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2022
Recommended Action: Update the WordPress Advanced iFrame plugin to the latest available version (at least 2022).

Plugin: Contact Form & Lead Form Elementor Builder
Vulnerability: Other Vulnerability Type
Patched Version: 1.7.4
Recommended Action: Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version (at least 1.7.4).

Plugin: Easy Pricing Tables
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.1.3
Recommended Action: Update the WordPress Easy Pricing Tables plugin to the latest available version (at least 3.1.3).

Plugin: Conversios.io
Vulnerability: SQL Injection
Patched Version: 4.6.2
Recommended Action: Update the WordPress Conversios.io plugin to the latest available version (at least 4.6.2).

Plugin: Cost Calculator
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.6
Recommended Action: Update the WordPress Cost Calculator plugin to the latest available version (at least 1.6).

Plugin: Cost Calculator
Vulnerability: Local File Inclusion
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. Reason: Security Issue.

Plugin: MasterStudy LMS
Vulnerability: Privilege Escalation
Patched Version: 2.7.6
Recommended Action: Update the WordPress MasterStudy LMS plugin to the latest available version (at least 2.7.6).

Plugin: Page View Count
Vulnerability: SQL Injection
Patched Version: 2.4.15
Recommended Action: Update the WordPress Page View Count plugin to the latest available version (at least 2.4.15).

Plugin: Crazy Bone
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 26, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Asgaros Forum
Vulnerability: SQL Injection
Patched Version: 2.0.0
Recommended Action: Update the WordPress Asgaros Forum plugin to the latest available version (at least 2.0.0).

Plugin: TI WooCommerce Wishlist
Vulnerability: SQL Injection
Patched Version: 1.40.1
Recommended Action: Update the WordPress TI WooCommerce Wishlist plugin to the latest available version (at least 1.40.1).

Plugin: TI WooCommerce Wishlist Premium
Vulnerability: SQL Injection
Patched Version: 1.40.1
Recommended Action: Update the WordPress TI WooCommerce Wishlist premium plugin to the latest available version (at least 1.40.1).

Plugin: Super Forms
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.0.4
Recommended Action: Update the WordPress Superforms premium plugin to the latest available version (at least 6.0.4).

Plugin: Essential Addons for Elementor
Vulnerability: Local File Inclusion
Patched Version: 5.0.5
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.0.5).

Plugin: WPvivid Backup and Migration
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.9.69
Recommended Action: Update the WordPress WPvivid Backup and Migration Plugin to the latest available version (at least 0.9.69).

Plugin: WP Visitor Statistics (Real Time Traffic)
Vulnerability: Other Vulnerability Type
Patched Version: 5.5
Recommended Action: Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 5.5).

Plugin: Logo Showcase with Slick Slider
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.0.1
Recommended Action: Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version (at least 2.0.1).

Plugin: Product Feed PRO for WooCommerce
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 11.2.2
Recommended Action: Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version (at least 11.2.2).

Plugin: WP Review Slider
Vulnerability: SQL Injection
Patched Version: 11.0
Recommended Action: Update the WordPress WP Review Slider plugin to the latest available version (at least 11.0).

Plugin: Use Any Font
Vulnerability: Other Vulnerability Type
Patched Version: 6.2.1
Recommended Action: Update the WordPress Use Any Font plugin to the latest available version (at least 6.2.1).

Plugin: WS Form LITE
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form LITE plugin to the latest available version (at least 1.8.176).

Plugin: WS Form LITE
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form LITE plugin to the latest available version (at least 1.8.176).

Plugin: WS Form Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.175
Recommended Action: Update the WordPress WS Form Pro premium plugin to the latest available version (at least 1.8.176).

Plugin: WS Form Pro
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.176
Recommended Action: Update the WordPress WS Form Pro premium plugin to the latest available version (at least 1.8.176).

Plugin: Blackhole for Bad Bots
Vulnerability: Other Vulnerability Type
Patched Version: 3.3.2
Recommended Action: Update the WordPress Blackhole for Bad Bots plugin to the latest available version (at least 3.3.2).

Plugin: Better Notifications for WP
Vulnerability: Information Disclosure
Patched Version: 1.8.7
Recommended Action: Update the WordPress Better Notifications for WP plugin to the latest available version (at least 1.8.7).

Plugin: WP User
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 7
Recommended Action: Update the WordPress WP User plugin to the latest available version (at least 7).

Plugin: My Site Audit
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.5
Recommended Action: Update the WordPress My Site Audit plugin to the latest available version (at least 1.2.5).

Plugin: EasyJobs
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.4.8
Recommended Action: Update the WordPress EasyJobs plugin to the latest available version (at least 1.4.8).

Plugin: Fotobook
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: AccessPress Parallax
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Accesspress Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: AccessPress Store
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Zigcy Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Enlighten
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Accesspress Mag
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: StoreVilla
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Punte
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Accesspress Basic
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: AccessPress Root
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Construction Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: VMagazine Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: ParallaxSome
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: FotoGraphy
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: VMag
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Uncode Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Bingle
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: The Launcher
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: ScrollMe
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Agency Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Swing Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Vmagazine News
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Bloger
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Revolve
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Ripple
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Zigcy Cosmetics
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: The Monday
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Zigcy Baby
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Doko
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Sakala
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Edict Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: The100
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: WP Store
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Eight Sec
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: EightLaw Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Eightmedi Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: EightStore Lite
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Brovy
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: WPparallax
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Arrival
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Ultra Seven
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: Opstore
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation.

Plugin: WP Google Map
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 1.8.4
Recommended Action: Update the WordPress WP Google Map plugin to the latest available version (at least 1.8.4).

Plugin: WHMCS Bridge
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 6.4b
Recommended Action: Update the WordPress WHMCS Bridge plugin to the latest available version (at least 6.4b).

Plugin: [GWA] AutoResponder
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation.

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.