• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report: July 2021, Part 1

WordPress Vulnerability Report: July 2021, Part 1

1. Paid Membership Pro

Plugin: Paid Membership Pro
Vulnerability: Cross-Site Scripting
Patched in Version: 2.5.10
Severity: Medium

The vulnerability is patched, so you should update to version 2.5.10+.

2. Event Calendar WD

Plugin: Event Calendar WD
Vulnerability: Cross-Site Scripting
Patched in Version: 1.1.46
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.1.46+.

3. Yada Wiki

Plugin: Yada Wiki
Vulnerability: Stored Cross-Site Scripting
Patched in Version: 3.4.1
Severity Score: Medium

The vulnerability is patched, so you should update to version 3.4.1+.

4. User Profile Picture

Plugin: User Profile Picture
Vulnerability: Arbitrary User Picture Change/Deletion via IDOR
Patched in Version: 2.6.0
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.6.0+.

5. YouTube Embed, Playlist and Popup

Plugin: YouTube Embed, Playlist and Popup
Vulnerability: Stored XSS
Patched in Version: 2.3.9
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.3.9+.

6. W3 Total Cache

w3totalcache logo

Plugin: W3 Total Cache
Vulnerability: Reflected XSS in Extensions Page
Patched in Version: 2.1.5
Severity Score: High

Plugin: W3 Total Cache
Vulnerability: Reflected XSS in Extensions Page
Patched in Version: 2.1.4
Severity Score: Critical

The vulnerability is patched, so you should update to version 2.1.5+.

7. ProfilePress

Plugin: ProfilePress
Vulnerability: Authenticated Stored XSS
Patched in Version: 3.1.8
Severity Score: Medium

Plugin: ProfilePress
Vulnerability: Unauthenticated Privilege Escalation
Patched in Version: 3.1.4
Severity Score: Critical

Plugin: ProfilePress
Vulnerability: Arbitrary File Upload in Image Uploader Component
Patched in Version: 3.1.4
Severity Score: Critical

The vulnerability is patched, so you should update to version 3.1.8+.

8. Tutor LMS

Plugin: Tutor LMS
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 1.9.2
Severity Score: High

The vulnerability is patched, so you should update to version 1.9.2+.

9. Youzify

Plugin: Youzify
Vulnerability: Stored Cross-Site Scripting via Biography
Patched in Version: 1.0.7
Severity Score: High

The vulnerability is patched, so you should update to version 1.0.7+.

10. Any Hostname

Plugin: Any Hostname
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

11. Event Geek

Plugin: Event Geek
Vulnerability: Stored Cross-site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

12. DrawBlog

Plugin: DrawBlog
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

13. Bookshelf

Plugin: Bookshelf
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

14. Migrate Users

Plugin: Migrate Users
Vulnerability: CSRF to Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

15. Steam Group Viewer

Plugin: Steam Group Viewer
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

16. Awesome Weather Widget

Plugin: Awesome Weather Widget
Vulnerability: Authenticated Stored Cross-Site Scripting 
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

17. Post Grid

Plugin: Post Grid
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 2.1.8+.

18. Quiz Maker

Plugin: Quiz Maker
Vulnerability: Multiple Authenticated Blind SQL Injections
Patched in Version: 6.2.0.9
Severity Score: High

The vulnerability is patched, so you should update to version 6.2.0.9+.

19. Portfolio Responsive Gallery

Plugin: Portfolio Responsive Gallery
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.1.8+.

Plugin: Portfolio Responsive Gallery
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.1.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.1.8+.

20. Popup box

Plugin: Popup box
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.3.4
Severity Score: High

The vulnerability is patched, so you should update to version 2.3.4+.

Plugin: Popup box
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.3.4
Severity Score: High

The vulnerability is patched, so you should update to version 2.3.4+.

21. Survey Maker

Plugin: Survey Maker
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.5.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.5.6+.

Plugin: Survey Maker
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.5.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.5.6+.

22. Popup Like box – Page Plugin

Plugin: Popup Like box – Page Plugin
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 3.5.3
Severity Score: High

The vulnerability is patched, so you should update to version 3.5.3+.

Plugin: Popup Like box – Page Plugin
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 3.5.3
Severity Score: High

The vulnerability is patched, so you should update to version 3.5.3+.

23. FAQ Builder

Plugin: FAQ Builder
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 1.3.6
Severity Score: High

The vulnerability is patched, so you should update to version 1.3.6+.

24. Photo Gallery by Ays 

Plugin: Photo Gallery by Ays
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 4.4.4
Severity Score: High

The vulnerability is patched, so you should update to version 4.4.4+.

Plugin: Photo Gallery by Ays
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.4.4
Severity Score: High

The vulnerability is patched, so you should update to version 4.4.4+.

25. Image Slider by Ays

Plugin: Image Slider by Ays
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.5.0
Severity Score: High

Plugin: Image Slider by Ays
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 2.5.0
Severity Score: High

The vulnerability is patched, so you should update to version 2.5.0+.

26. Poll Maker

Plugin: Poll Maker
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 3.2.1
Severity Score: High

The vulnerability is patched, so you should update to version 3.2.1+.

27. Secure Copy Content Protection and Content Locking

Plugin: Secure Copy Content Protection and Content Locking
Vulnerability: Authenticated Blind SQL Injections
Patched in Version: 2.6.7
Severity Score: High

The vulnerability is patched, so you should update to version 2.6.7+.

28. RSVPMaker

Plugin: RSVPMaker
Vulnerability: Authenticated SSRF
Patched in Version: 8.7.3
Severity Score: Medium

The vulnerability is patched, so you should update to version 8.7.3+.

29. WP Offload SES Lite

Plugin: WP Offload SES Lite
Vulnerability: Stored Cross-Site Scripting
Patched in Version: 1.4.5
Severity: High

The vulnerability is patched, so you should update to version 1.4.5+.

30. WP SMS

Plugin: WP SMS
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 5.4.9.1
Severity: High

The vulnerability is patched, so you should update to version 5.4.9.1+.

31. Profile Builder

Plugin: Profile Builder
Vulnerability: Authenticated Stored XSS
Patched in Version: 3.4.8
Severity: Medium

The vulnerability is patched, so you should update to version 3.4.8+.

32. TaxoPress

Plugin: TaxoPress
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 3.0.7.2
Severity: Medium

The vulnerability is patched, so you should update to version 3.0.7.2+.

33. Strong Testimonials

Strong Testimonials Logo

Plugin: Strong Testimonials
Vulnerability: Unauthorized AJAX Call
Patched in Version: 2.51.3
Severity: Medium

The vulnerability is patched, so you should update to version 2.51.3+.

34. Adapta RGPD

Plugin: Adapta RGPD
Vulnerability: Unauthorized Consent via CSRF
Patched in Version: 1.3.3
Severity: Medium

The vulnerability is patched, so you should update to version 1.3.3+.

35. MailOptin

Plugin: MailOptin
Vulnerability: Unauthorized AJAX Call
Patched in Version: 1.2.35.2
Severity: Medium

The vulnerability is patched, so you should update to version 1.2.35.2+.

36. YITH Request a Quote for WooCommerce 

Plugin: YITH Request a Quote for WooCommerce 
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.6.4
Severity: Medium

The vulnerability is patched, so you should update to version 1.6.4+.

37. ReviewX

Plugin: ReviewX
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.2.9
Severity: Medium

The vulnerability is patched, so you should update to version 1.2.9+.

38. Food Store

Plugin: Food Store
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.3.7
Severity: Medium

The vulnerability is patched, so you should update to version 1.3.7+.

39. WP Prayer

Plugin: WP Prayer
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.5.5
Severity: Medium

The vulnerability is patched, so you should update to version 1.5.5+.

40. KONTXT Content Advisor

Plugin: KONTXT Content Advisor
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 2.3
Severity: Medium

The vulnerability is patched, so you should update to version 2.3+.

41. Fontsampler

Plugin: Fontsampler
Vulnerability: CSRF to Authenticated Reflected Cross-Site Scripting
Patched in Version: 0.4.13
Severity: High

The vulnerability is patched, so you should update to version 0.4.13+.

42. MZ Mindbody API

Plugin: MZ Mindbody API
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 2.8.3
Severity: High

The vulnerability is patched, so you should update to version 2.8.3+.

43. Journey Analytics

Plugin: Journey Analytics
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 1.0.13
Severity: Medium

The vulnerability is patched, so you should update to version 1.0.13+.

44. Alkubot

Plugin: Alkubot
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: 3.0.0
Severity: Medium

The vulnerability is patched, so you should update to version 3.0.0+.

45. MZ MBO Access

Plugin: MZ MBO Access
Vulnerability: Unauthorized AJAX call
Patched in Version: 2.0.9
Severity: Medium

The vulnerability is patched, so you should update to version 2.0.9+.

46. BNG Gateway For Woocommerce

Plugin: BNG Gateway For Woocommerce
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

47. BuddyPress Customer.io Analytics Integration

Plugin: BuddyPress Customer.io Analytics Integration
Vulnerability: Arbitrary Plugin Settings Update via CSRF
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

48. WooCommerce Custom Registration Form

Plugin: WooCommerce Custom Registration Form
Vulnerability: Arbitrary Field Deletion and Form Modification via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

49. Woocommerce Tabs Plugin, Add Custom Product Tabs

Plugin: Woocommerce Tabs Plugin, Add Custom Product Tabs
Vulnerability: Arbitrary Tab Deletion/Edition via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

50. Global Multisite Search

Plugin: Global Multisite Search
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

51. Intimate Payments

Plugin: Intimate Payments
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

52. KONTXT Improves WordPress Search

Plugin: KONTXT Improves WordPress Search
Vulnerability: CSRF Bypass
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

53. Instantio

Plugin: Instantio
Vulnerability: CSRF Bypass
Patched in Version: 1.2.6
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.2.6+.

54. Express Shop

Plugin: Express Shop
Vulnerability: CSRF Bypass
Patched in Version: 4.0.3
Severity Score: Medium

The vulnerability is patched, so you should update to version 4.0.3+.

55. SEO Wizard

Plugin: SEO Wizard
Vulnerability: Unauthorized robots.txt & .htaccess Edit via CSRF
Patched in Version: No known fix
Severity Score: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

56. Title Field Validation

Plugin: Title Field Validation
Vulnerability: Unauthorized AJAX call via CSRF
Patched in Version: No known fix
Severity: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

57. Booking Calendar

Plugin: Booking Calendar
Vulnerability: Authorized AJAX calls
Patched in Version: 2.1.6
Severity: Medium

The vulnerability is patched, so you should update to version 2.1.6+.

58. Community Event

Plugin: Community Event
Vulnerability: Reflected XSS
Patched in Version: 1.4.8
Severity Score: High

The vulnerability is patched, so you should update to version 1.4.8+.

59. WP LMS

Plugin: WP LMS
Vulnerability: Stored Cross-Site Scripting
Patched in Version: No known fix
Severity: High

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

60. Cooked Pro

Plugin: Cooked Pro
Vulnerability: Unauthenticated Reflected Cross-Site Scripting
Patched in Version: 1.7.5.6
Severity: Medium

The vulnerability is patched, so you should update to version 1.7.5.6+.

61. PWA for WP & AMP

Plugin: PWA for WP & AMP
Vulnerability: Authenticated Arbitrary File Upload
Patched in Version: 1.7.33
Severity: Critical

The vulnerability is patched, so you should update to version 1.7.33+.

Source link

Written by:
Abdul Wahid
Published on:
July 8, 2021

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter