20170609 Vulnerable Plugins/Themes Report

	A	B	C	D	E	F	G	H	I	J
1	Name	Version(s) Affected	Fixed in Version	Plugin Directory	Vulnerability	Link/Plugin Status	Suggested Action	Plugin/Theme	Other Notes	Source

2	Count per Day	all	unfixed	count-per-day	Cross-Site Scripting	https://wordpress.org/plugins/count-per-day/	Remove	Plugin		https://www.pluginvulnerabilities.com/2017/06/08/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-count-per-day/
3	Count per Day	all	unfixed	count-per-day	Cross-Site Request Forgery	https://wordpress.org/plugins/count-per-day/	Remove	Plugin		https://www.pluginvulnerabilities.com/2017/06/08/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-count-per-day/
4	WP Testimonials	3.4.1 and earlier	unfixed	wp-testimonials	SQL Injection	Plugin removed from repository	Remove	Plugin		http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/
5	Skype Legacy Buttons	3.0.4 and earlier	unfixed	skype-online-status	Cross-Site Scripting	https://wordpress.org/plugins/skype-online-status/	Remove	Plugin		https://www.pluginvulnerabilities.com/2017/06/09/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-skype-legacy-buttons/
6	Skype Legacy Buttons	3.0.4 and earlier	unfixed	skype-online-status	Cross-Site Request Forgery	https://wordpress.org/plugins/skype-online-status/	Remove	Plugin		https://www.pluginvulnerabilities.com/2017/06/09/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-skype-legacy-buttons/
7	WP Posts Carousel	1.3.6 and earlier	unfixed	wp-posts-carousel	Authenticated Stored Cross-Site Scripting	https://wordpress.org/plugins/wp-posts-carousel/	Remove	Plugin		https://www.pluginvulnerabilities.com/2017/06/09/authenticated-persistent-cross-site-scripting-xss-in-wp-posts-carousel/
8	Eduma / Education WordPress	3.0.6.1	3.0.7	eduma	Stored Cross-Site Scripting	https://themeforest.net/item/education-wordpress-theme-education-wp/14058034	Update	Theme		http://wphutte.com/education-wp-3-0-6-1-unauthenticated-theme-options-overwrite-or-stored-xss/
9	Eduma / Education WordPress	3.0.6.1	3.0.7	eduma	Unauthenticated Theme Options Overwrite	https://themeforest.net/item/education-wordpress-theme-education-wp/14058034	Update	Theme		http://wphutte.com/education-wp-3-0-6-1-unauthenticated-theme-options-overwrite-or-stored-xss/
10	WC Duplicate Order	1.3 and earlier	1.4	wc-duplicate-order	Order Duplication Vulnerability	https://wordpress.org/plugins/wc-duplicate-order/	Update	Plugin		https://wordpress.org/plugins/wc-duplicate-order/#developers changelog and https://plugins.trac.wordpress.org/changeset?old_path=%2Fwc-duplicate-order%2Ftrunk%2Fclasses%2Fclass-clone-order.php&old=1670174&new_path=%2Fwc-duplicate-order%2Ftrunk%2Fclasses%2Fclass-clone-order.php&new=1670174&sfp_email=&sfph_mail=
11	Memphis Documents Library	3.6.21 and earlier	3.6.22	memphis-documents-library	Cross-Site Scripting	https://wordpress.org/plugins/memphis-documents-library/	Update	Plugin		https://wordpress.org/plugins/memphis-documents-library/#developers changelog https://plugins.trac.wordpress.org/changeset/1671057/memphis-documents-library/trunk/includes/mdocs-functions.php
12	Multi Feed Reader	2.2.3 and earlier	2.2.4	multi-feed-reader	SQL Injection	https://wordpress.org/plugins/multi-feed-reader/	Update	Plugin		http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000115.html
13	Spiff Calendar	3.2.0 and earlier	3.3.0	spiffy-calendar	Cross-Site Scripting	https://wordpress.org/plugins/spiffy-calendar/	Update	Plugin		http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100