201811116 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Ninja Forms3.3.17 and earlier3.3.18ninja-formsMultiple Cross-Site Scriptinghttps://wordpress.org/plugins/ninja-forms/UpdatePlugin
https://packetstormsecurity.com/files/150375/wpninjaforms3317-xss.txt
3
Custom Frontend Login Registration Formallunfixed
custom-frontend-login-registration-form
Multiple Cross-Site Scriptinghttps://wordpress.org/plugins/custom-frontend-login-registration-form/RemovePlugin
Hasn't been updated in 3 years; most likely will not receive an update
https://packetstormsecurity.com/files/150374/wpcflrf101-xss.txt
4
Better WordPress reCAPTCHA2.0.3 and earlierunfixedbwp-recaptchaCross-Site Scriptinghttps://wordpress.org/plugins/bwp-recaptcha/RemovePlugin
https://wpvulndb.com/vulnerabilities/9146
5
PeepSoallunfixedpeepso-coreAuthenticated Cross-Site Scriptinghttps://wordpress.org/plugins/peepso-core/RemovePlugin
Source indicated versioin 1.11.2 but vulnerability still remains in latest version
https://seclists.org/bugtraq/2018/Nov/14
6
AMP for WP – Accelerated Mobile Pages0.9.97.19 and earlier0.9.97.20accelerated-mobile-pagesMultiple Vulnerabilities, see noteshttps://wordpress.org/plugins/accelerated-mobile-pages/UpdatePlugin
Both source article and wpvulndb.com indicate multiple issues, though the PoC video only demonstrates XSS.
https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu