Patch Tuesday! 3/01/22

patch tuesday

Patch Tuesday! 3/01/22

Plugin: WooCommerce
Vulnerability: Directory Traversal
Patched Version: 6.2.1
Recommended Action: Update the WordPress WooCommerce plugin to the latest available version (at least 6.2.1).

Plugin: WooCommerce
Vulnerability: Other Vulnerability Type
Patched Version: 6.2.1
Recommended Action: Update the WordPress WooCommerce plugin to the latest available version (at least 6.2.1).

Plugin: RW Divi Unite Gallery
Vulnerability: Bypass Vulnerability
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: BulletProof Security
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.8
Recommended Action: Update the WordPress BulletProof Security plugin to the latest available version (at least 5.8).

Plugin: Advanced Contact form 7 DB
Vulnerability: Other Vulnerability Type
Patched Version: 1.8.7
Recommended Action: Update the WordPress Advanced Contact form 7 DB plugin to the latest available version (at least 1.8.7).

Plugin: Cookie Information
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.8
Recommended Action: Update the WordPress Cookie Information plugin to the latest available version (at least 2.0.8).

Plugin: Contact Form Submissions
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.7.3
Recommended Action: Update the WordPress Contact Form Submissions plugin to the latest available version (at least 1.7.3).

Plugin: Patreon WordPress
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.2
Recommended Action: Update the WordPress Patreon WordPress plugin to the latest available version (at least 1.8.2).

Plugin: Event Manager for WooCommerce
Vulnerability: SQL Injection
Patched Version: 3.5.8
Recommended Action: Update the WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin to the latest available version (at least 3.5.8).

Plugin: WP Home Page Menu
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.1
Recommended Action: Update the WordPress WP Home Page Menu plugin to the latest available version (at least 3.1).

Plugin: GDMylist
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Petfinder Listings
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WPCargo Track & Trace
Vulnerability: Remote Code Execution (RCE)
Patched Version: 6.9.0
Recommended Action: Update the WordPress WPCargo Track & Trace plugin to the latest available version (at least 6.9.0).

Plugin: Hide Admin Bar Based on User Roles
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.1.0
Recommended Action: Update the WordPress Hide Admin Bar Based on User Roles plugin to the latest available version (at least 3.1.0).

Plugin: Hide Admin Bar Based on User Roles
Vulnerability: Other Vulnerability Type
Patched Version: 3.0.0
Recommended Action: Update the WordPress Hide Admin Bar Based on User Roles plugin to the latest available version (at least 3.0.0).

Plugin: Countdown & Clock
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.2.9
Recommended Action: Update the WordPress Countdown & Clock plugin to the latest available version (at least 2.2.9).

Plugin: Seo 301 Meta
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Simple Theme Options
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Master Addons for Elementor
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.8.2
Recommended Action: Update the WordPress Master Addons for Elementor plugin to the latest available version (at least 1.8.2).

Plugin: CommonsBooking
Vulnerability: SQL Injection
Patched Version: 2.6.8
Recommended Action: Update the WordPress CommonsBooking plugin to the latest available version (at least 2.6.8).

Plugin: Team Circle Image Slider With Lightbox
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.0.16
Recommended Action: Update the WordPress Team Circle Image Slider With Lightbox plugin to the latest available version (at least 1.0.16).

Plugin: 5 Stars Rating Funnel
Vulnerability: SQL Injection
Patched Version: 1.2.50
Recommended Action: Update the WordPress 5 Stars Rating Funnel plugin to the latest available version (at least 1.2.50).

Plugin: WCFM – Frontend Manager for WooCommerce
Vulnerability: SQL Injection
Patched Version: 6.6.2
Recommended Action: Update the WordPress WCFM – Frontend Manager for WooCommerce plugin to the latest available version (at least 6.6.2).

Plugin: Essential Addons for Elementor
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 5.0.9
Recommended Action: Update the WordPress Essential Addons for Elementor plugin to the latest available version (at least 5.0.9).

Plugin: Header Footer Code Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.17
Recommended Action: Update the WordPress Header Footer Code Manager plugin to the latest available version (at least 1.1.17).

Plugin: Security & Malware scan by CleanTalk
Vulnerability: SQL Injection
Patched Version: 2.80.1
Recommended Action: Update the WordPress Security & Malware scan by CleanTalk plugin to the latest available version (at least 2.80.1).

Plugin: UpdraftPlus
Vulnerability: Arbitrary File Download
Patched Version: 1.22.3
Recommended Action: Update the WordPress UpdraftPlus plugin to the latest available version (at least 1.22.3).

Plugin: Profile Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.6.2
Recommended Action: Update the WordPress Profile Builder plugin to the latest available version (at least 3.6.2).

Plugin: WP Statistics
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: WP Statistics
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: WP Statistics
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: Sync QCloud COS
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.0.1
Recommended Action: Update the WordPress Sync QCloud COS plugin to the latest available version (at least 2.0.1).

Plugin: Kunze Law
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.1
Recommended Action: Update the WordPress Kunze Law plugin to the latest available version (at least 2.1).

Plugin: ARI Fancy Lightbox
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.3.9
Recommended Action: Update the WordPress ARI Fancy Lightbox plugin to the latest available version (at least 1.3.9).

Plugin: Simple Quotation
Vulnerability: SQL Injection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Simple Quotation
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: ARI Stream Quiz
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.27
Recommended Action: Update the WordPress ARI Stream Quiz plugin to the latest available version (at least 1.2.27).

Plugin: Contact Form 7 Connector
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.1.14
Recommended Action: Update the WordPress Contact Form 7 Connector plugin to the latest available version (at least 1.1.14).

Plugin: WP Statistics
Vulnerability: SQL Injection
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: WP Statistics
Vulnerability: SQL Injection
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: WP Statistics
Vulnerability: SQL Injection
Patched Version: 13.1.6
Recommended Action: Update the WordPress WP Statistics plugin to the latest available version (at least 13.1.6).

Plugin: KingComposer
Vulnerability: Open Redirection
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 2, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: WP Content Copy Protection & No Right Click
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 3.4.5
Recommended Action: Update the WordPress WP Content Copy Protection & No Right Click plugin to the latest available version (at least 3.4.5).

Plugin: Login with phone number
Vulnerability: Other Vulnerability Type
Patched Version: 1.3.7
Recommended Action: Update the WordPress Login with phone number plugin to the latest available version (at least 1.3.7).

Plugin: WP Voting Contest
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of January 20, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Better WordPress Google XML Sitemaps
Vulnerability: Cross Site Scripting (XSS)
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of February 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Hub2word
Vulnerability: Other Vulnerability Type
Patched Version: None
Recommended Action: Deactivate and delete. This plugin has been closed as of October 19, 2021 and is not available for download. Reason: Security Issue.

Plugin: Powerkit
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: 2.5.9
Recommended Action: Update the WordPress Powerkit plugin to the latest available version (at least 2.5.9).

Plugin: Flexi – Guest Submit
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.20
Recommended Action: Update the WordPress Flexi – Guest Submit plugin to the latest available version (at least 4.20).

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.