20170609 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Count per Dayallunfixedcount-per-dayCross-Site Scriptinghttps://wordpress.org/plugins/count-per-day/RemovePlugin
https://www.pluginvulnerabilities.com/2017/06/08/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-count-per-day/
3
Count per Dayallunfixedcount-per-dayCross-Site Request Forgeryhttps://wordpress.org/plugins/count-per-day/RemovePlugin
https://www.pluginvulnerabilities.com/2017/06/08/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-count-per-day/
4
WP Testimonials3.4.1 and earlierunfixedwp-testimonialsSQL InjectionPlugin removed from repositoryRemovePlugin
http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-injection-sqli/
5
Skype Legacy Buttons3.0.4 and earlierunfixedskype-online-statusCross-Site Scriptinghttps://wordpress.org/plugins/skype-online-status/RemovePlugin
https://www.pluginvulnerabilities.com/2017/06/09/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-skype-legacy-buttons/
6
Skype Legacy Buttons3.0.4 and earlierunfixedskype-online-statusCross-Site Request Forgeryhttps://wordpress.org/plugins/skype-online-status/RemovePlugin
https://www.pluginvulnerabilities.com/2017/06/09/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-skype-legacy-buttons/
7
WP Posts Carousel1.3.6 and earlierunfixedwp-posts-carouselAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/wp-posts-carousel/RemovePlugin
https://www.pluginvulnerabilities.com/2017/06/09/authenticated-persistent-cross-site-scripting-xss-in-wp-posts-carousel/
8
Eduma / Education WordPress3.0.6.13.0.7edumaStored Cross-Site Scripting
https://themeforest.net/item/education-wordpress-theme-education-wp/14058034
UpdateTheme
http://wphutte.com/education-wp-3-0-6-1-unauthenticated-theme-options-overwrite-or-stored-xss/
9
Eduma / Education WordPress3.0.6.13.0.7edumaUnauthenticated Theme Options Overwrite
https://themeforest.net/item/education-wordpress-theme-education-wp/14058034
UpdateTheme
http://wphutte.com/education-wp-3-0-6-1-unauthenticated-theme-options-overwrite-or-stored-xss/
10
WC Duplicate Order1.3 and earlier1.4wc-duplicate-orderOrder Duplication Vulnerabilityhttps://wordpress.org/plugins/wc-duplicate-order/UpdatePlugin
https://wordpress.org/plugins/wc-duplicate-order/#developers changelog and https://plugins.trac.wordpress.org/changeset?old_path=%2Fwc-duplicate-order%2Ftrunk%2Fclasses%2Fclass-clone-order.php&old=1670174&new_path=%2Fwc-duplicate-order%2Ftrunk%2Fclasses%2Fclass-clone-order.php&new=1670174&sfp_email=&sfph_mail=
11
Memphis Documents Library3.6.21 and earlier3.6.22memphis-documents-libraryCross-Site Scriptinghttps://wordpress.org/plugins/memphis-documents-library/UpdatePlugin
https://wordpress.org/plugins/memphis-documents-library/#developers changelog https://plugins.trac.wordpress.org/changeset/1671057/memphis-documents-library/trunk/includes/mdocs-functions.php
12
Multi Feed Reader2.2.3 and earlier2.2.4multi-feed-readerSQL Injectionhttps://wordpress.org/plugins/multi-feed-reader/UpdatePlugin
http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000115.html
13
Spiff Calendar3.2.0 and earlier3.3.0spiffy-calendarCross-Site Scriptinghttps://wordpress.org/plugins/spiffy-calendar/UpdatePlugin
http://dtsa.eu/cve-2017-9420-wordpress-spiffy-calendar-v-3-2-0-reflected-cross-site-scripting-xss/
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1