- WordPress Plugin Simple Fields is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Simple Fields version 0.3.5 is vulnerable; prior versions are also affected.
- Update to plugin version 0.3.6 or latest
- WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (1.0.3)
- WordPress Plugin Hide My WP Cross-Site Scripting (4.53)
- WordPress Plugin LearnDash LMS Arbitrary File Upload (2.5.3)
- WordPress Plugin YITH WooCommerce Wishlist SQL Injection (2.1.2)
- WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)