NEWS

WordPress Vulnerabilities Digest - June 2022 Part 3

Threat Alerts / June 22, 2022
Each vulnerability will have a severity rating of low, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

Each vulnerability will have a severity rating of low, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

WordPress Core Vulnerabilities

WordPress 6.0 Arturo has been released! This major version release of WordPress was built to help you unlock your creative aspirations and make your site-building experience more intuitive, including almost 1,000 enhancements and bug fixes. See whats new in WordPress 6.0.

No new WordPress core vulnerabilities were disclosed this week.

WordPress Plugin Vulnerabilities

1. Elementor

PLUGIN Elementor Website Builder INSTALLATIONS 5,000,000+ VULNERABILITY DOM Reflected Cross-Site Scripting PATCHED IN VERSION 3.5.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 3.5.6.

2. Ninja Forms

PLUGIN Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress INSTALLATIONS 1,000,000+ VULNERABILITY Admin+ Stored Cross-Site Scripting via Import; Admin+ Stored Cross-Site Scripting PATCHED IN VERSION 3.6.10 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 3.6.10.

3. WooCommerce PDF Invoices & Packing Slips

PLUGIN WooCommerce PDF Invoices & Packing Slips INSTALLATIONS 300,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.15.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.15.0.

4. ShortPixel Image Optimizer

PLUGIN ShortPixel Image Optimizer INSTALLATIONS 300,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 4.22.10 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 4.22.10.

5. Clearfy Cache

PLUGIN Clearfy Cache WordPress optimization plugin, Minify HTML, CSS & JS, Defer INSTALLATIONS 100,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.0.5 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.0.5.

6. WooCommerce Menu Cart

PLUGIN WooCommerce Menu Cart INSTALLATIONS 100,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.12.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.12.0.

7. Modula Image Gallery

PLUGIN Customizable WordPress Gallery Plugin Modula Image Gallery INSTALLATIONS 100,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.6.7 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.6.7.

8. Flexible Shipping

PLUGIN Table Rate Shipping Method for WooCommerce by Flexible Shipping INSTALLATIONS 100,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 4.11.9 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 4.11.9.

9. 404 to 301

PLUGIN 404 to 301 Redirect, Log and Notify 404 Errors INSTALLATIONS 100,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 3.1.2 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 3.1.2.

10. WP All Export

PLUGIN Export any WordPress data to XML/CSV INSTALLATIONS 90,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 1.3.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.3.6.

11. Checkout Fields Manager for WooCommerce

PLUGIN Checkout Fields Manager for WooCommerce INSTALLATIONS 90,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 5.5.7 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 5.5.7.

12. WordPress Real Cookie Banner

PLUGIN Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent INSTALLATIONS 80,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.18.2 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.18.2.

13. Woody Code Snippets

PLUGIN Woody code snippets Insert Header Footer Code, AdSense Ads INSTALLATIONS 80,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.4.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.4.6.

14. Gravity PDF

PLUGIN Gravity PDF INSTALLATIONS 50,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 6.3.1 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 6.3.1.

15. Easy Testimonials

PLUGIN Easy Testimonials INSTALLATIONS 30,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 3.9 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 3.9.

16. WP Contact Slider

PLUGIN WP Contact Slider INSTALLATIONS 10,000+ VULNERABILITY Editor+ Stored Cross-Site Scripting PATCHED IN VERSION 2.4.7 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 2.4.7.

17. Gallery

PLUGIN Gallery Image and Video Gallery with Thumbnails INSTALLATIONS 1,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.0.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.0.0.

WordPress Plugin Vulnerabilities No Known Fix

Until a patch is available, immediately uninstall and delete the plugin.

Gallery Bank

PLUGIN Gallery Bank WordPress Photo Gallery Plugin VULNERABILITY Author+ Stored XSS via Media Upload Module; Author+ Stored XSS via Gallery Description PATCHED IN VERSION No Fix SEVERITY SCORE Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Copify

PLUGIN Copify VULNERABILITY Stored Cross-Site Scripting via CSRF PATCHED IN VERSION No Fix SEVERITY SCORE High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Toolbar To Share

PLUGIN ToolBar to Share VULNERABILITY Stored Cross-Site Scripting via CSRF PATCHED IN VERSION No Fix SEVERITY SCORE Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

Good news! No new WordPress theme vulnerabilities were disclosed this week.

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!

The information for this blog post was taken from iThemes Vulnerability Roundup

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!

Back to list