PERFORMANCE & CREATIVITY

We integrate research, strategy, design, engineering and operations to imagine, create and deliver some of the world's most engaging products and services.

Περιοχή
Marousi-Attika
box 15124
Email
info@thinkeasy.gr
dpo@thinkeasy.gr

WordPress Vulnerability Report – December 28, 2022

Ασφάλεια

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, the severity rating, and the CVE.

Click to Chat

Product image for Click to Chat.

PLUGIN SLUGclick-to-chat-for-whatsapp
INSTALLATIONS400,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION3.18.1
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 3.18.1.

Font Awesome

Product image for Font Awesome.

PLUGIN Font Awesome
PLUGIN SLUGfont-awesome
INSTALLATIONS300,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION4.3.2
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 4.3.2.

Table of Contents Plus

Product image for Table of Contents Plus.

PLUGIN SLUGtable-of-contents-plus
INSTALLATIONS300,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION2212
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 2212.

Anti-Malware Security and Brute-Force Firewall

Product image for Anti-Malware Security and Brute-Force Firewall.

PLUGIN SLUGgotmls
INSTALLATIONS200,000+
VULNERABILITYAdmin+ PHP Object Injection
PATCHED IN VERSION4.21.86
SEVERITY SCORELow
The vulnerability has been patched, so you should update to version 4.21.86.

Page Scroll To ID

Product image for Page scroll to id.

PLUGIN SLUGpage-scroll-to-id
INSTALLATIONS100,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION1.7.6
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 1.7.6.

Real Cookie Banner

Product image for Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent.

PLUGIN SLUGreal-cookie-banner
INSTALLATIONS100,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION3.4.10
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 3.4.10.

Mesmerize Companion

PLUGIN SLUGmesmerize-companion
INSTALLATIONS100,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION1.6.135
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 1.6.135.

Slimstat Analytics

Product image for Slimstat Analytics.

PLUGIN SLUGwp-slimstat
INSTALLATIONS100,000+
VULNERABILITYUnauthenticated Stored XSS
PATCHED IN VERSION4.9.3
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 4.9.3.

Smash Balloon Social Post Feed

Product image for Smash Balloon Social Post Feed.

PLUGIN SLUGcustom-facebook-feed
INSTALLATIONS100,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION4.1.6
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 4.1.6.

WPtouch

Product image for WPtouch.

PLUGIN WPtouch
PLUGIN SLUGwptouch
INSTALLATIONS100,000+
VULNERABILITYAdmin+ PHP Object Injection; Admin+ Arbitrary File Upload
PATCHED IN VERSION4.3.45
SEVERITY SCORE Medium
The vulnerability has been patched, so you should update to version 4.3.45.

Download Manager

Product image for Download Manager.

PLUGIN SLUGdownload-manager
INSTALLATIONS100,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION3.2.62
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 3.2.62.

WOOCS

Product image for WOOCS – Currency Switcher for WooCommerce Professional.

PLUGIN SLUGwoocommerce-currency-switcher
INSTALLATIONS70,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION1.3.9.4
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 1.3.9.4.

3D FlipBook

Product image for 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery.

PLUGIN SLUGinteractive-3d-flipbook-powered-physics-engine
INSTALLATIONS70,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION1.13.3
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 1.13.3.

Metricool

Product image for Metricool.

PLUGIN Metricool
PLUGIN SLUGmetricool
INSTALLATIONS40,000+
VULNERABILITYAdmin+ Stored XSS
PATCHED IN VERSION1.18
SEVERITY SCORE Low
The vulnerability has been patched, so you should update to version 1.18.

Real Testimonials

Product image for Real Testimonials.

PLUGIN SLUGtestimonial-free
INSTALLATIONS40,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION2.6.0
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 2.6.0.

Easy Accordion

Product image for Easy Accordion – Best Accordion FAQ Plugin for WordPress.

PLUGIN SLUGeasy-accordion-free
INSTALLATIONS40,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION2.2.0
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 2.2.0.

Seriously Simple Podcasting

Product image for Seriously Simple Podcasting.

PLUGIN SLUGseriously-simple-podcasting
INSTALLATIONS30,000+
VULNERABILITYContributor+ Stored XSS
PATCHED IN VERSION2.19.1
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 2.19.1.


Welcart e-Commerce

Product image for Welcart e-Commerce.

PLUGIN SLUGusc-e-shop
INSTALLATIONS20,000+
VULNERABILITYContributor+ Stored XSS via Shortcode
PATCHED IN VERSION2.8.9
SEVERITY SCOREHigh
The vulnerability has been patched, so you should update to version 2.8.9 
.

.

Greenshift – animation and page builder blocks

Product image for Greenshift – animation and page builder blocks.

PLUGIN SLUGgreenshift-animation-and-page-builder-blocks
INSTALLATIONS10,000+
VULNERABILITYContributor+ Stored XSS via Shortcode
PATCHED IN VERSION4.8.9
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 4.8.9.


WordPress Events Calendar Plugin

Product image for WordPress Events Calendar Plugin – connectDaily.

PLUGIN SLUGconnect-daily-web-calendar
INSTALLATIONS200+
VULNERABILITYMultiple Reflected XSS
PATCHED IN VERSION1.4.5
SEVERITY SCORE High
The vulnerability has been patched, so you should update to version 1.4.5.