0409 507 920 [email protected]

The good people over at iTheme have an updated Vulnerability Report for June 2021, and its well worth look.

 

The Plus Addons for Elementor

 

Plugin: The Plus Addons for Elementor
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.1.12
SeverityMedium

Plugin: The Plus Addons for Elementor
Vulnerability: Open Redirect
Patched in Version: 4.1.10
SeverityMedium

Plugin: The Plus Addons for Elementor
Vulnerability: Arbitrary Reset Pwd Email Sending
Patched in Version: 4.1.11
Severity: High

Yes/No chart

Plugin: Yes/No Chart
Vulnerability: Authenticated Blind SQL Injection
Patched in Version: 1.0.12
Severity ScoreHigh

FooGallery

Plugin: FooGallery
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.0.35
Severity Score: Medium

Event Calendar WD

Plugin: Event Calendar WD
Vulnerability: Cross-Site Scripting
Patched in Version: 1.1.45
Severity Score: Medium

MC4WP: Mailchimp for WordPress

Plugin: MC4WP: Mailchimp for WordPress
Vulnerability: Authenticated Arbitrary Redirect
Patched in Version: 4.8.5
Severity Score: Medium

Plugin: MC4WP: Mailchimp for WordPress
Vulnerability: Unauthorized Actions via CSRF
Patched in Version: 4.8.5
Severity Score: Medium

 

All 404 Redirect to Homepage

Plugin: All 404 Redirect to Homepage
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
Fancy Product Designer

Plugin: Fancy Product Designer
Vulnerability: Unauthenticated Arbitrary File Upload and RCE
Patched in Version: 4.6.9
Severity Score: Critical

GetPaid

Plugin: GetPaid
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.3.4
Severity Score: High

Quiz And Survey Master

Plugin: Quiz And Survey Master
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 7.1.19
Severity Score: High

Plugin: Quiz And Survey Master
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.1.18
Severity Score: High

Jetpack
Jetpack Logo

Plugin: Jetpack
Vulnerability: Carousel Non-Published Page/Post Attachment Comment Leak
Patched in Version: 9.8
Severity Score: Medium

Peter Cornish
Peter Cornish

An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.

Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.