Documentation: Home / Vulnerabilities / Input validation vulnerability in 68 different plugins

Latest

Input validation vulnerability in 68 different plugins

CVE-2021-4342

Severity: high-risk
Status: Open
Publication: September 26, 2020

Around 70 different plugins and themes had a security issue that could let someone else do something on the website without permission. The problem was that the system that was meant to stop this from happening had been set up incorrectly, so it didn’t work properly.

Detected in:

Abandoned Cart Lite for WooCommerce fixed vulnerable versions: > 0 < 0

Abandoned Cart Recovery for WooCommerce fixed vulnerable versions: > 0 < 0

Absolute Reviews fixed vulnerable versions: > 0 < 0

Advanced Popups fixed vulnerable versions: > 0 < 0

Amministrazione Trasparente fixed vulnerable versions: > 0 < 0

Better Search – Relevant search results for WordPress fixed vulnerable versions: > 0 < 0

Coming Soon & Maintenance Mode Page fixed vulnerable versions: > 0 < 0

Coming Soon & Maintenance Mode Page & Under Construction fixed vulnerable versions:

Cool Timeline (Horizontal & Vertical Timeline) fixed vulnerable versions: > 0 < 0

Coupon Creator fixed vulnerable versions: > 0 < 0

Custom CSS, JS & PHP fixed vulnerable versions: > 0 < 0

Custom Field Template fixed vulnerable versions: > 0 < 0

Customizr fixed vulnerable versions: > 0 < 0

Defender Security – Malware Scanner, Login Security & Firewall fixed vulnerable versions: > 0 < 0

Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy fixed vulnerable versions: > 0 < 0

Dokan – Powerful WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy fixed vulnerable versions:

eCommerce Product Catalog Plugin for WordPress fixed vulnerable versions: > 0 < 0

ElasticPress fixed vulnerable versions: > 0 < 0

Event Espresso – Event Registration & Ticketing Sales fixed vulnerable versions:

EWWW Image Optimizer fixed vulnerable versions: > 0 < 0

Feed Them Social – Page, Post, Video, and Photo Galleries fixed vulnerable versions: > 0 < 0

Feed Them Social – Social Media Feeds, Video, and Photo Galleries fixed vulnerable versions:

Forminator – Contact Form, Payment Form & Custom Form Builder fixed vulnerable versions: > 0 < 0

Forminator Forms – Contact Form, Payment Form & Custom Form Builder fixed vulnerable versions:

Hueman fixed vulnerable versions: > 0 < 0

Import / Export Customizer Settings fixed vulnerable versions: > 0 < 0

Lightweight Sidebar Manager fixed vulnerable versions: > 0 < 0

Menu Swapper fixed vulnerable versions: > 0 < 0

Multiple Roles fixed vulnerable versions: > 0 < 0

MultiVendorX – MultiVendor Marketplace Solution For WooCommerce fixed vulnerable versions: > 0 < 0

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution fixed vulnerable versions:

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution fixed vulnerable versions:

MultiVendorX Marketplace – WooCommetrce MultiVendor Marketplace Solution fixed vulnerable versions:

NotificationX – Best FOMO, Social Proof, Custom & Live Sales Notification, WooCommerce Sales Popup, Floating & Sticky Notification Bar fixed vulnerable versions:

NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor fixed vulnerable versions: > 0 < 0

NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar fixed vulnerable versions:

NotificationX – WooCommerce Sales Notification Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar fixed vulnerable versions:

NotificationX – WooCommerce Sales Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar fixed vulnerable versions:

Ocean Extra fixed vulnerable versions: > 0 < 0

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions fixed vulnerable versions:

POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications fixed vulnerable versions:

Post SMTP – The Complete WP SMTP Plugin with Email Logs and Mobile app for email Failure Notifications fixed vulnerable versions:

Post SMTP – The WordPress SMTP Plugin with Email Logs and Mobile App for Email Failure Notifications fixed vulnerable versions:

Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more fixed vulnerable versions:

Post SMTP – WP SMTP Plugin with Email Logs & Mobile App for Failure Alerts – Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark fixed vulnerable versions:

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress fixed vulnerable versions: > 0 < 0

Product Catalog Simple fixed vulnerable versions: > 0 < 0

Radio Buttons for Taxonomies fixed vulnerable versions: > 0 < 0

RAYS Grid fixed vulnerable versions: > 0 < 0

Remove Schema fixed vulnerable versions: > 0 < 0

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator fixed vulnerable versions:

Sell Media fixed vulnerable versions: > 0 < 0

Slider Hero with Animation, Video Background fixed vulnerable versions: > 0 < 0

Slider Hero with Video Background, Animation fixed vulnerable versions:

Staff Directory Plugin: Company Directory fixed vulnerable versions: > 0 < 0

Style Kits – Advanced Theme Styles for Elementor fixed vulnerable versions: > 0 < 0

Sunshine Photo Cart fixed vulnerable versions: > 0 < 0

Sunshine Photo Cart: Free Client Galleries for Photographers fixed vulnerable versions:

Sunshine Photo Cart: Free Client Photo Galleries for Photographers fixed vulnerable versions:

Sunshine Photo Cart: Sell photos in WordPress for free fixed vulnerable versions:

Top 10 – Popular posts plugin for WordPress fixed vulnerable versions: > 0 < 0

Top 10 – WordPress Popular posts by WebberZone fixed vulnerable versions:

Ultimate Gift Cards for WooCommerce – Create WooCommerce Vouchers, Redeem & Manage Digital Gift Coupons with Personalized Templates fixed vulnerable versions:

Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates fixed vulnerable versions: > 0 < 0

Vuukle Comments, Reactions, Share Bar, Revenue fixed vulnerable versions: > 0 < 0

WooCommerce Checkout & Funnel Builder by CartFlows fixed vulnerable versions:

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce fixed vulnerable versions: > 0 < 0

WooCommerce Etsy Integration fixed vulnerable versions: > 0 < 0

Woody code snippets – Insert Header Footer Code, AdSense Ads fixed vulnerable versions: > 0 < 0

WordPress Photo Gallery – Image Gallery fixed vulnerable versions: > 0 < 0

WordPress Photo Gallery – Image Gallery fixed vulnerable versions:

WP EasyPay – Create Your Payment Forms to Pay with Square – Square for WordPress Plugin: Integrate Square with WordPress to Collect Payments fixed vulnerable versions:

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts fixed vulnerable versions: > 0 < 0

WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine fixed vulnerable versions: > 0 < 0

WP Travel – Ultimate Travel Booking System, Tour Management Engine fixed vulnerable versions:

wp-mpdf fixed vulnerable versions: > 0 < 0

10WebAnalytics open vulnerable versions: > 0 < 0

Contact Form 7 Style open vulnerable versions: > 0 < 0

Custom Banners open vulnerable versions: > 0 < 0

DW Question & Answer open vulnerable versions: > 0 < 0

Easy Testimonials open vulnerable versions: > 0 < 0

Edwiser Bridge – WordPress Moodle LMS Integration open vulnerable versions: > 0 < 0

Event Espresso 4 Decaf – Event Registration Event Ticketing open vulnerable versions: > 0 < 0

Locations open vulnerable versions: > 0 < 0

Opal Estate open vulnerable versions: > 0 < 0

Process Steps Template Designer open vulnerable versions: > 0 < 0

Qtranslate Slug open vulnerable versions: > 0 < 0

Rucy open vulnerable versions: > 0 < 0

WP EasyPay – Square for WordPress open vulnerable versions: > 0 < 0

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting open vulnerable versions: > 0 < 0

WP Hotel Booking open vulnerable versions: > 0 < 0

WP Prayer open vulnerable versions: > 0 < 0

WP Private Content Plus open vulnerable versions: > 0 < 0

WP Security Question open vulnerable versions: > 0 < 0

WP-Backgrounds Lite open vulnerable versions: > 0 < 0

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Protecting site visitors with Security Headers

Hardening your website’s security

Login protection as essential security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Password has been found in a data breach

Input validation vulnerability in 68 different plugins

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles