I receive this newsletter from different security plugin. I don’t have it installed, I’m using BPS Pro, but, I like the newsletter.
I’m just curious: They mentioned a few vulnerabilities that have been identified. They include:
FV Flowplayer Video Player
Vulnerability: Authenticated stored cross-site scripting (XSS)
Fixed in version: 7.4.38.727
Number of sites affected: 40 000+
Simple Job Board
Vulnerability: Authenticated directory traversal
Fixed in version: no known fix
Number of sites affected: 20 000+
Orbit Fox by ThemeIsle
Vulnerability: Authenticated stored cross-site scripting (XSS) & authenticated privilege escalation
Fixed in version: 2.10.3
Number of sites affected: 400 000+
Elementor Contact Form DB
Vulnerability: Cross-site request forgery (CSRF) via backend admin pages
Fixed in version: 1.6
Number of sites affected: 40 000+
Custom Global Variables
Create your own custom variables to manage information on your website.
Vulnerability: Stored cross-site scripting (XSS)
Fixed in version: no known fix
Number of sites affected: N/A
Stored cross-site scripting (XSS) vulnerability found by Swapnil Subhash Bodekar in WordPress Custom Global Variables plugin (versions <= 1.0.5).
Can you tell, would BPS Pro protect against these listed above, with and without AutoRestore enabled?
.
