Patch Tuesday! 2/8/22

patch tuesday

Patch Tuesday! 2/8/22

Plugin: WP Spell Check
Vulnerability: SQL Injection
Patched Version: 9.10
Recommended Action: Update the WordPress WP Spell Check plugin to the latest available version (at least 9.10).

Plugin: Vossle
Vulnerability: Arbitrary File Upload
Patched Version: 1.0.1
Recommended Action: Update the WordPress Vossle plugin to the latest available version (at least 1.0.1).

Plugin: Ad Inserter
Vulnerability: Remote Code Execution (RCE)
Patched Version: 2.7.11
Recommended Action: Update the WordPress Ad Inserter plugin to the latest available version (at least 2.7.11).

Plugin: Yet Another Stars Rating
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.0.0
Recommended Action: Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version (at least 3.0.0).

Plugin: Revolut Gateway for WooCommerce
Vulnerability: SQL Injection
Patched Version: 3.1.2
Recommended Action: Update the WordPress Revolut Gateway for WooCommerce plugin to the latest available version (at least 3.1.2).

Plugin: ThriveDesk
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 0.9.6
Recommended Action: Update the WordPress ThriveDesk plugin to the latest available version (at least 0.9.6).

Plugin: CorreosExpress
Vulnerability: Information Disclosure
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue.

Plugin: Download Manager
Vulnerability: Information Disclosure
Patched Version: 3.2.25
Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.25)

Plugin: NotificationX
Vulnerability: SQL Injection
Patched Version: 2.3.9
Recommended Action: Update the WordPress NotificationX plugin to the latest available version (at least 2.3.9).

Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.0
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.0).

Plugin: Custom Content Shortcode
Vulnerability: Other Vulnerability Type
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).

Plugin: Custom Content Shortcode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.0.2
Recommended Action: Update the WordPress Custom Content Shortcode plugin to the latest available version (at least 4.0.2).

Plugin: MaxGalleria
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Time Slots Booking Form
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.63
Recommended Action: Update the WordPress WP Time Slots Booking Form plugin to the latest available version (at least 1.1.63).

Plugin: CP Blocks
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.15
Recommended Action: Update the WordPress CP Blocks plugin to the latest available version (at least 1.0.15).

Plugin: Advanced iFrame
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2022
Recommended Action: Update the WordPress Advanced iFrame plugin to the latest available version (at least 2022).

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.