20171110 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Shortcodes Ultimate5.0.0 and earlier5.0.1shortcodes-ultimateAuthenticated Code Executionhttps://wordpress.org/plugins/shortcodes-ultimate/Update ImmediatelyPlugin
https://wpvulndb.com/vulnerabilities/8945
3
UserPro4.6.17 and earliersee notesuserproAuthentication Bypasshttps://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681Update ImmediatelyPlugin
Paid plugin, disclosure states plugin developer released a fix on 10/26/2017 but doesn't mention version number
https://www.exploit-db.com/exploits/43117/
4
Duplicator - WordPress Migration PluginallunfixedduplicatorMultiple Cross-Site Scriptinghttps://wordpress.org/plugins/duplicator/RemovePlugin
https://packetstormsecurity.com/files/144914/wpmigration1228-xss.txt
5
Animated Weather Widget by weatherfor.us
allunfixedweather-for-us-widgetsee notesPlugin removed from repositoryRemovePlugin
https://www.wordfence.com/blog/2017/11/wordpress-plugin-banned-crypto-mining/
6
Ultimate Instagram Feedallunfixedultimate-instagram-feedCross-Site Scriptinghttps://wordpress.org/plugins/ultimate-instagram-feed/RemovePlugin
I know the source says it's been fixed in 1.3.1, but it's not.
https://packetstormsecurity.com/files/144921/wpuif12-xss.txt
7
WPML Translation Management2.4.1 and earlier2.4.2wpml-translation-managementObject Injectionhttps://wordpress.org/plugins/wpml-translation-management/UpdatePlugin
https://wpvulndb.com/vulnerabilities/8946
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...