Patch Tuesday! 3/15/22

patch tuesday

Patch Tuesday! 3/15/22

Plugin: Download Manager

Vulnerability: Other Vulnerability Type

Patched Version: 3.2.39

Recommended Action: Update the WordPress Download Manager plugin to the latest available version (at least 3.2.39).

Plugin: iQ Block Country

Vulnerability: Arbitrary File Deletion

Patched Version: 1.2.13

Recommended Action: Update WordPress iQ Block Country plugin to the latest available version (at least 1.2.13).

Plugin: Responsive Menu

Vulnerability: Information Disclosure

Patched Version: 4.1.8

Recommended Action: Update the WordPress Responsive Menu plugin to the latest available version (at least 4.1.8).

Plugin: LearnPress

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 4.1.6

Recommended Action: Update the WordPress LearnPress plugin to the latest available version (at least 4.1.6).

Plugin: StopBadBots

Vulnerability: SQL Injection

Patched Version: 6.930

Recommended Action: Update the WordPress Stop Bad Bots plugin to the latest available version (at least 6.930).

Plugin: Post Grid

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.1.16

Recommended Action: Update the WordPress Post Grid plugin to the latest available version (at least 2.1.16).

Plugin: Post Grid

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.1.16

Recommended Action: Update the WordPress Post Grid plugin to the latest available version (at least 2.1.16).

Plugin: Super Socializer

Vulnerability: Cross Site Scripting (XSS)

Patched Version: None

Recommended Action: Deactivate and delete. No patched version is available.

Plugin: Sassy Social Share

Vulnerability: Cross Site Scripting (XSS)

Patched Version: None

Recommended Action: Deactivate and delete. No patched version is available.

Plugin: Rearrange Woocommerce Products

Vulnerability: SQL Injection

Patched Version: None

Recommended Action: No patched version is available.

Plugin: Grid KIT Portfolio

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.1.0

Recommended Action: Update the WordPress Grid Kit Portfolio plugin to the latest available version (at least 2.1.0).

Plugin: NS WooCommerce Watermark

Vulnerability: Other Vulnerability Type

Patched Version: None

Recommended Action: Deactivate and delete. This plugin has been closed as of March 15, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Easy Social Icons

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 3.2.0

Recommended Action: Update the WordPress Easy Social Icons plugin to the latest available version (at least 3.2.0).

Plugin: Ad Inserter

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.7.12

Recommended Action: Update the WordPress Ad Inserter plugin to the latest available version (at least 2.7.12).

Plugin: Dropdown Menu Widget

Vulnerability: Other Vulnerability Type

Patched Version: None

Recommended Action: Deactivate and delete. This plugin has been closed as of March 7, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: File Manager

Vulnerability: Other Vulnerability Type

Patched Version: None

Recommended Action: Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: KingComposer

Vulnerability: Cross Site Scripting (XSS)

Patched Version: None

Recommended Action: No patched version is available. This plugin has been closed as of February 2, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Stripe Payments

Vulnerability: Cross Site Request Forgery (CSRF)

Patched Version: 2.0.54

Recommended Action: Update the WordPress Accept Stripe Payments plugin to the latest available version (at least 2.0.54).

Plugin: MapPress Maps for WordPress

Vulnerability: Remote Code Execution (RCE)

Patched Version: 2.73.13

Recommended Action: Update the WordPress MapPress Maps for WordPress plugin to the latest available version (at least 2.73.13).

Plugin: Ad Inserter Pro

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.7.12

Recommended Action: Update the WordPress Ad Inserter Pro premium plugin to the latest available version (at least 2.7.12).

Plugin: Amelia

Vulnerability: Information Disclosure

Patched Version: 1.0.48

Recommended Action: Update the WordPress Amelia plugin to the latest available version (at least 1.0.48).

Plugin: Amelia

Vulnerability: Other Vulnerability Type

Patched Version: 1.0.49

Recommended Action: Update the WordPress Amelia plugin to the latest available version (at least 1.0.49).

Plugin: Members List

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 4.3.7

Recommended Action: Update the WordPress Members List plugin to the latest available version (at least 4.3.7).

Plugin: Mark Posts

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 2.0.1

Recommended Action: Update the WordPress Mark Posts plugin to the latest available version (at least 2.0.1).

Plugin: Material Design for Contact Form 7

Vulnerability: Other Vulnerability Type

Patched Version: None

Recommended Action: Deactivate and delete. This plugin has been closed as of February 11, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin: Gutenberg

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 12.7.2

Recommended Action: Update the WordPress Gutenberg plugin to the latest available version (at least 12.7.2).

Plugin: WordPress

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 5.9.2

Recommended Action: Update the WordPress to the latest available version (at least 5.9.2).

Plugin: WooCommerce

Vulnerability: Other Vulnerability Type

Patched Version: 6.3.1

Recommended Action: Update the WordPress WooCommerce plugin to the latest available version (at least 6.3.1).

Plugin: UpdraftPlus

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 1.22.9

Recommended Action: Update the WordPress UpdraftPlus plugin to the latest available version (at least 1.22.9).

Plugin: Profile Builder

Vulnerability: Cross Site Scripting (XSS)

Patched Version: 3.6.8

Recommended Action: Update the WordPress Profile Builder plugin to the latest available version (at least 3.6.8).

Plugin: Booking Package

Vulnerability: Information Disclosure

Patched Version: 1.5.29

Recommended Action: Update the WordPress Booking Package plugin to the latest available version (at least 1.5.29).

Odell Duppins Jr

WordPress Developer

No Comments

Sorry, the comment form is closed at this time.