Plugin: WP Spell Check
Vulnerability: SQL Injection
Patched Version: 9.10
Recommended Action: Update the WordPress WP Spell Check plugin to the latest available version (at least 9.10).
Plugin: Vossle
Vulnerability: Arbitrary File Upload
Patched Version: 1.0.1
Recommended Action: Update the WordPress Vossle plugin to the latest available version (at least 1.0.1).
Plugin: Ad Inserter
Vulnerability: Remote Code Execution (RCE)
Patched Version: 2.7.11
Recommended Action: Update the WordPress Ad Inserter plugin to the latest available version (at least 2.7.11).
Plugin: Yet Another Stars Rating
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.0
Recommended Action: Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version (at least 3.0.0).
Plugin: Revolut Gateway for WooCommerce
Vulnerability: SQL Injection
Patched Version: 3.1.2
Recommended Action: Update the WordPress Revolut Gateway for WooCommerce plugin to the latest available version (at least 3.1.2).
Plugin: ThriveDesk
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.9.6
Recommended Action: Update the WordPress ThriveDesk plugin to the latest available version (at least 0.9.6).
Plugin: CorreosExpress
Vulnerability: Information Disclosure
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue.
Plugin: Download Manager
Vulnerability: Information Disclosure
Patched Version: 3.2.25
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.25)
Plugin: NotificationX
Vulnerability: SQL Injection
Patched Version: 2.3.9
Recommended Action: Update the WordPress NotificationX plugin to the latest available version (at least 2.3.9).
Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).
Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).
Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).
Plugin: MaxGalleria
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: WP Time Slots Booking Form
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.63
Recommended Action: Update the WordPress WP Time Slots Booking Form plugin to the latest available version (at least 1.1.63).
Plugin: CP Blocks
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.15
Recommended Action: Update the WordPress CP Blocks plugin to the latest available version (at least 1.0.15).
Plugin: Advanced iFrame
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2022
Recommended Action: Update the WordPress Advanced iFrame plugin to the latest available version (at least 2022).