• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report: July 2021, Part 1

WordPress Vulnerability Report: July 2021, Part 1

1. Paid Membership Pro

Plugin: Paid Membership Pro
Vulnerability: Cross-Site Scripting
Patched in Version: 2.5.10
Severity: Medium

The vulnerability is patched, so you should update to version 2.5.10+.

2. Event Calendar WD

Plugin: Event Calendar WD
Vulnerability: Cross-Site Scripting
Patched in Version: 1.1.46
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.1.46+.

3. Yada Wiki

Plugin: Yada Wiki
Vulnerability: Stored Cross-Site Scripting
Patched in Version: 3.4.1
Severity Score: Medium

The vulnerability is patched, so you should update to version 3.4.1+.

4. User Profile Picture

Plugin: User Profile Picture
Vulnerability: Arbitrary User Picture Change/Deletion via IDOR
Patched in Version: 2.6.0
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.6.0+.

5. YouTube Embed, Playlist and Popup

Plugin: YouTube Embed, Playlist and Popup
Vulnerability: Stored XSS
Patched in Version: 2.3.9
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.3.9+.

6. W3 Total Cache

w3totalcache logo

Plugin: W3 Total Cache
Vulnerability: Reflected XSS in Extensions Page
Patched in Version: 2.1.5
Severity Score: High

Plugin: W3 Total Cache
Vulnerability: Reflected XSS in Extensions Page
Patched in Version: 2.1.4
Severity Score: Critical

The vulnerability is patched, so you should update to version 2.1.5+.

7. ProfilePress

Plugin: ProfilePress
Vulnerability: Authenticated Stored XSS
Patched in Version: 3.1.8
Severity Score: Medium

Plugin: ProfilePress
Vulnerability: Unauthenticated Privilege Escalation
Patched in Version: 3.1.4
Severity Score: Critical

Plugin: ProfilePress
Vulnerability: Arbitrary File Upload in Image Uploader Component
Patched in Version: 3.1.4
Severity Score: Critical

The vulnerability is patched, so you should update to version 3.1.8+.

8. Tutor LMS

Plugin: Tutor LMS
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 1.9.2
Severity Score: High

The vulnerability is patched, so you should update to version 1.9.2+.

9. Youzify

Plugin: Youzify
Vulnerability: Stored Cross-Site Scripting via Biography
Patched in Version: 1.0.7
Severity Score: High

The vulnerability is patched, so you should update to version 1.0.7+.

10. Any Hostname

Plugin: Any Hostname
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

11. Event Geek

Plugin: Event Geek
Vulnerability: Stored Cross-site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

12. DrawBlog

Plugin: DrawBlog
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

13. Bookshelf

Plugin: Bookshelf
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

14. Migrate Users

Plugin: Migrate Users
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

15. Steam Group Viewer

Plugin: Steam Group Viewer
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

16. Awesome Weather Widget

Plugin: Awesome Weather Widget
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

17. Post Grid

Plugin: Post Grid
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 2.1.8+.

18. Quiz Maker

Plugin: Quiz Maker
Vulnerability: Multiple Authenticated Blind SQL Injections
Patched in Version: 6.2.0.9
Severity Score: High

The vulnerability is patched, so you should update to version 6.2.0.9+.

19. Portfolio Responsive Gallery

Plugin: Portfolio Responsive Gallery
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.1.8+.

Plugin: Portfolio Responsive Gallery
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.1.8+.

20. Popup box

Plugin: Popup box
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.3.4
Severity Score: High

The vulnerability is patched, so you should update to version 2.3.4+.

Plugin: Popup box
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.3.4
Severity Score: High

The vulnerability is patched, so you should update to version 2.3.4+.

21. Survey Maker

Plugin: Survey Maker
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.5.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.5.6+.

Plugin: Survey Maker
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.5.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.5.6+.

22. Popup Like box – Page Plugin

Plugin: Popup Like box – Page Plugin
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 3.5.3
Severity Score: High

The vulnerability is patched, so you should update to version 3.5.3+.

Plugin: Popup Like box – Page Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.5.3
Severity Score: High

The vulnerability is patched, so you should update to version 3.5.3+.

23. FAQ Builder

Plugin: FAQ Builder
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.3.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.3.6+.

24. Photo Gallery by Ays 

Plugin: Photo Gallery by Ays
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 4.4.4
Severity Score: High

The vulnerability is patched, so you should update to version 4.4.4+.

Plugin: Photo Gallery by Ays
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.4.4
Severity Score: High

The vulnerability is patched, so you should update to version 4.4.4+.

25. Image Slider by Ays

Plugin: Image Slider by Ays
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.5.0
Severity Score: High

Plugin: Image Slider by Ays
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.5.0
Severity Score: High

The vulnerability is patched, so you should update to version 2.5.0+.

26. Poll Maker

Plugin: Poll Maker
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 3.2.1
Severity Score: High

The vulnerability is patched, so you should update to version 3.2.1+.

27. Secure Copy Content Protection and Content Locking

Plugin: Secure Copy Content Protection and Content Locking
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.6.7
Severity Score: High

The vulnerability is patched, so you should update to version 2.6.7+.

28. RSVPMaker

Plugin: RSVPMaker
Vulnerability: Authenticated SSRF
Patched in Version: 8.7.3
Severity Score: Medium

The vulnerability is patched, so you should update to version 8.7.3+.

29. WP Offload SES Lite

Plugin: WP Offload SES Lite
Vulnerability: Stored Cross-Site Scripting
Patched in Version: 1.4.5
Severity: High

The vulnerability is patched, so you should update to version 1.4.5+.

30. WP SMS

Plugin: WP SMS
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 5.4.9.1
Severity: High

The vulnerability is patched, so you should update to version 5.4.9.1+.

31. Profile Builder

Plugin: Profile Builder
Vulnerability: Authenticated Stored XSS
Patched in Version: 3.4.8
Severity: Medium

The vulnerability is patched, so you should update to version 3.4.8+.

32. TaxoPress

Plugin: TaxoPress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 3.0.7.2
Severity: Medium

The vulnerability is patched, so you should update to version 3.0.7.2+.

33. Strong Testimonials

Strong Testimonials Logo

Plugin: Strong Testimonials
Vulnerability: Unauthorized AJAX Call
Patched in Version: 2.51.3
Severity: Medium

The vulnerability is patched, so you should update to version 2.51.3+.

34. Adapta RGPD

Plugin: Adapta RGPD
Vulnerability: Unauthorized Consent via CSRF
Patched in Version: 1.3.3
Severity: Medium

The vulnerability is patched, so you should update to version 1.3.3+.

35. MailOptin

Plugin: MailOptin
Vulnerability: Unauthorized AJAX Call
Patched in Version: 1.2.35.2
Severity: Medium

The vulnerability is patched, so you should update to version 1.2.35.2+.

36. YITH Request a Quote for WooCommerce 

Plugin: YITH Request a Quote for WooCommerce 
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.6.4
Severity: Medium

The vulnerability is patched, so you should update to version 1.6.4+.

37. ReviewX

Plugin: ReviewX
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.2.9
Severity: Medium

The vulnerability is patched, so you should update to version 1.2.9+.

38. Food Store

Plugin: Food Store
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.3.7
Severity: Medium

The vulnerability is patched, so you should update to version 1.3.7+.

39. WP Prayer

Plugin: WP Prayer
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.5.5
Severity: Medium

The vulnerability is patched, so you should update to version 1.5.5+.

40. KONTXT Content Advisor

Plugin: KONTXT Content Advisor
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 2.3
Severity: Medium

The vulnerability is patched, so you should update to version 2.3+.

41. Fontsampler

Plugin: Fontsampler
Vulnerability: CSRF to Authenticated Reflected Cross-Site Scripting
Patched in Version: 0.4.13
Severity: High

The vulnerability is patched, so you should update to version 0.4.13+.

42. MZ Mindbody API

Plugin: MZ Mindbody API
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 2.8.3
Severity: High

The vulnerability is patched, so you should update to version 2.8.3+.

43. Journey Analytics

Plugin: Journey Analytics
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.0.13
Severity: Medium

The vulnerability is patched, so you should update to version 1.0.13+.

44. Alkubot

Plugin: Alkubot
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 3.0.0
Severity: Medium

The vulnerability is patched, so you should update to version 3.0.0+.

45. MZ MBO Access

Plugin: MZ MBO Access
Vulnerability: Unauthorized AJAX call
Patched in Version: 2.0.9
Severity: Medium

The vulnerability is patched, so you should update to version 2.0.9+.

46. BNG Gateway For Woocommerce

Plugin: BNG Gateway For Woocommerce
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

47. BuddyPress Customer.io Analytics Integration

Plugin: BuddyPress Customer.io Analytics Integration
Vulnerability: Arbitrary Plugin Settings Update via CSRF
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

48. WooCommerce Custom Registration Form

Plugin: WooCommerce Custom Registration Form
Vulnerability: Arbitrary Field Deletion and Form Modification via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

49. Woocommerce Tabs Plugin, Add Custom Product Tabs

Plugin: Woocommerce Tabs Plugin, Add Custom Product Tabs
Vulnerability: Arbitrary Tab Deletion/Edition via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

50. Global Multisite Search

Plugin: Global Multisite Search
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

51. Intimate Payments

Plugin: Intimate Payments
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

52. KONTXT Improves WordPress Search

Plugin: KONTXT Improves WordPress Search
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

53. Instantio

Plugin: Instantio
Vulnerability: CSRF Bypass
Patched in Version: 1.2.6
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.2.6+.

54. Express Shop

Plugin: Express Shop
Vulnerability: CSRF Bypass
Patched in Version: 4.0.3
Severity Score: Medium

The vulnerability is patched, so you should update to version 4.0.3+.

55. SEO Wizard

Plugin: SEO Wizard
Vulnerability: Unauthorized robots.txt & .htaccess Edit via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

56. Title Field Validation

Plugin: Title Field Validation
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: No known fix
Severity: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

57. Booking Calendar

Plugin: Booking Calendar
Vulnerability: Authorized AJAX calls
Patched in Version: 2.1.6
Severity: Medium

The vulnerability is patched, so you should update to version 2.1.6+.

58. Community Event

Plugin: Community Event
Vulnerability: Reflected XSS
Patched in Version: 1.4.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.4.8+.

59. WP LMS

Plugin: WP LMS
Vulnerability: Stored Cross-Site Scripting
Patched in Version: No known fix
Severity: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

60. Cooked Pro

Plugin: Cooked Pro
Vulnerability: Unauthenticated Reflected Cross-Site Scripting
Patched in Version: 1.7.5.6
Severity: Medium

The vulnerability is patched, so you should update to version 1.7.5.6+.

61. PWA for WP & AMP

Plugin: PWA for WP & AMP
Vulnerability: Authenticated Arbitrary File Upload
Patched in Version: 1.7.33
Severity: Critical

The vulnerability is patched, so you should update to version 1.7.33+.

Source link

Written by:
Abdul Wahid
Published on:
July 8, 2021

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Latest News (285)
  • Plugins (323)
  • Themes (332)
  • Tutorials (416)
  • Videos (848)
  • Woocommerce (423)

Recent Articles

Divi WooCommerce tutorial | Checkout page design

😍 My top Picks * BuddyBoss - …

Continue Reading about Divi WooCommerce tutorial | Checkout page design

Here’s how to downgrade WooCommerce plugin and keep your data

Receiving a "Store Version Not Supported" …

Continue Reading about Here’s how to downgrade WooCommerce plugin and keep your data

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter