Hi Coffigniezâ, it's another week of Patchstack Weekly update. Now you can also find Patchstack Weekly from Spotify.
Patchstack Weekly is hosted and written by Robert from the Patchstack team.
It will give you weekly important information about vulnerabilities and also a little extra - something new to learn.
Shortcode Addons
Vulnerability: Unauthenticated Arbitrary Option Update Fixed in version: Plugin does not exist, is not supported, or discontinued. Number of sites affected: N/A CVSS 3.0 score: 7.2 (High - Can be exploited remotely without any authentication.)
Tabs
Vulnerability: Unauthenticated Arbitrary Option Update Fixed in version: Plugin does not exist, is not supported, or discontinued. Number of sites affected: N/A CVSS 3.0 score: 9.8 (Critical - Can be exploited remotely without any authentication.)
Crisp Live Chat
Vulnerability: Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) Fixed in version: 0.32 Number of sites affected: 30,000+ CVSS 3.0 score: 8.8 (High)
If you are using any of the mentioned plugins, you need to update it to the latest version as soon as possible. Websites with Patchstack installed are protected from the security issues mentioned below.
In this week's session, Robert will share the inside knowledge on what happens when WordPress plugin or theme developers choose to ignore security reports. ð
