NEWS

WordPress Vulnerabilities Digest - October 2022 Part 1

Threat Alerts / October 13, 2022

WordPress Plugin Vulnerabilities: WP Super Cache, Kadence WooCommerce Email Designer, Anti-Spam by CleanTalk, Form Maker by 10Web, etc.

Each vulnerability will have a severity rating oflow, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

WordPress Core Vulnerabilities

WordPress 6.0.2 was released on August 30, 2022. This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately.

No new WordPress core vulnerabilities were disclosed this week.

WordPress Plugin Vulnerabilities

1. WP Super Cache

PLUGIN WP Super Cache INSTALLATIONS 2,000,000+ VULNERABILITY Unauthenticated Cache Poisoning PATCHED IN VERSION 1.9 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.9.

2. Kadence WooCommerce Email Designer

PLUGIN Kadence WooCommerce Email Designer INSTALLATIONS 100,000+ VULNERABILITY Admin+ PHP Objection Injection PATCHED IN VERSION 1.5.7 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.5.7.

3. Anti-Spam by CleanTalk

PLUGIN Spam protection, AntiSpam, FireWall by CleanTalk INSTALLATIONS 100,000+ VULNERABILITY Admin+ SQLi PATCHED IN VERSION 5.185.1 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 5.185.1.

4. Form Maker by 10Web

PLUGIN Form Maker by 10Web Mobile-Friendly Drag & Drop Contact Form Builder INSTALLATIONS 80,000+ VULNERABILITY Admin+ SQLI PATCHED IN VERSION 1.15.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.15.6.

5. Manage Notification E-mails

PLUGIN Manage Notification E-mails INSTALLATIONS 80,000+ VULNERABILITY Settings Reset via CSRF PATCHED IN VERSION 1.8.3 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.8.3.

6. Blog2Social

PLUGIN Blog2Social: Social Media Auto Post & Scheduler INSTALLATIONS 70,000+ VULNERABILITY Subscriber+ SQLi; Subscriber+ SSRF PATCHED IN VERSION 6.9.10 SEVERITY SCORE High

The vulnerability has been patched, so you should update to version 6.9.10.

7. Quiz And Survey Master

PLUGIN Quiz And Survey Master Best Quiz, Exam and Survey Plugin for WordPress INSTALLATIONS 40,000+ VULNERABILITY Quiz Update via IDOR PATCHED IN VERSION 7.3.5 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 7.3.5.

8. AdminPad

PLUGIN AdminPad INSTALLATIONS 900+ VULNERABILITY Note Update via CSRF PATCHED IN VERSION 2.2 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.2.

9. WP ALL Export Pro

PLUGIN VULNERABILITY Authenticated SQLi; Authenticated Code Injection PATCHED IN VERSION 1.7.9 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.7.9.

WordPress Plugin Vulnerabilities No Known Fix

Until a patch is available, immediately uninstall and delete the plugin.

Booking Ultra Pro

PLUGIN Booking Ultra Pro Appointments Booking Calendar Plugin INSTALLATIONS 1,000+ VULNERABILITY Multiple CSRF; Stored Cross-Site Scripting via CSRF PATCHED IN VERSION No Fix SEVERITY SCORE Medium

The vulnerability has not been patched. You should deactivate the plugin.