The good people over at iTheme have an updated Vulnerability Report for June 2021, and its well worth look.

 

The Plus Addons for Elementor

 

Plugin: The Plus Addons for Elementor
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 4.1.12
SeverityMedium

Plugin: The Plus Addons for Elementor
Vulnerability: Open Redirect
Patched in Version: 4.1.10
SeverityMedium

Plugin: The Plus Addons for Elementor
Vulnerability: Arbitrary Reset Pwd Email Sending
Patched in Version: 4.1.11
Severity: High

Yes/No chart

Plugin: Yes/No Chart
Vulnerability: Authenticated Blind SQL Injection
Patched in Version: 1.0.12
Severity ScoreHigh

FooGallery

Plugin: FooGallery
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.0.35
Severity Score: Medium

Event Calendar WD

Plugin: Event Calendar WD
Vulnerability: Cross-Site Scripting
Patched in Version: 1.1.45
Severity Score: Medium

MC4WP: Mailchimp for WordPress

Plugin: MC4WP: Mailchimp for WordPress
Vulnerability: Authenticated Arbitrary Redirect
Patched in Version: 4.8.5
Severity Score: Medium

Plugin: MC4WP: Mailchimp for WordPress
Vulnerability: Unauthorized Actions via CSRF
Patched in Version: 4.8.5
Severity Score: Medium

 

All 404 Redirect to Homepage

Plugin: All 404 Redirect to Homepage
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
Fancy Product Designer

Plugin: Fancy Product Designer
Vulnerability: Unauthenticated Arbitrary File Upload and RCE
Patched in Version: 4.6.9
Severity Score: Critical

GetPaid

Plugin: GetPaid
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched in Version: 2.3.4
Severity Score: High

Quiz And Survey Master

Plugin: Quiz And Survey Master
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 7.1.19
Severity Score: High

Plugin: Quiz And Survey Master
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 7.1.18
Severity Score: High

Jetpack

Plugin: Jetpack
Vulnerability: Carousel Non-Published Page/Post Attachment Comment Leak
Patched in Version: 9.8
Severity Score: Medium

Peter Cornish

An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.

Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.

If you found something in my site useful, I’d really appreciate if you could link to the page and maybe Google will help other people who need the same info find the page as well 😉

Exit mobile version