20180706 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Product Enquiry for WooCommerceall, see notesunfixedproduct-enquiry-for-woocommerceCross-Site Scriptinghttps://wordpress.org/plugins/product-enquiry-for-woocommerce/RemovePlugin
Researcher doesn't indicate how far back the issue was introduced
https://cxsecurity.com/issue/WLB-2018070051
3
Open Graph for Facebook, Google+ and Twitter Card Tags
2.2.4.1 and earlier2.2.4.2
wonderm00ns-simple-facebook-open-graph-tags
Cross-Site Scripting
https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/
UpdatePlugin
https://wpvulndb.com/vulnerabilities/9103
4
Advanced Order Export For WooCommerce
1.5.4 and earlier1.5.5woo-order-export-liteCSV Injectionhttps://wordpress.org/plugins/woo-order-export-lite/UpdatePlugin
https://wpvulndb.com/vulnerabilities/9096
5
iThemes Security7.0.27.0.3better-wp-securityAuthenticated SQL Injectionhttps://wordpress.org/plugins/better-wp-security/UpdatePlugin
Requires an admin level user. I think the bigger issue here is CSRF
https://wpvulndb.com/vulnerabilities/9099
6
weixin robot advancedall, see notesunfixedweixin-robot-advancedCross-Site Scriptinghttps://github.com/wp-plugins/weixin-robot-advancedRemovePlugin
https://cxsecurity.com/issue/WLB-2018060281
7
Email Subscribers & Newsletters3.4.12 and earlier3.5.0email-subscribersCross-Site Scriptinghttps://wordpress.org/plugins/email-subscribers/UpdatePlugin
http://jvn.jp/en/jp/JVN16471686/index.html
8
Site Reviews2.15.2 and earlier2.15.3site-reviewsCross-Site Scriptinghttps://wordpress.org/plugins/site-reviews/UpdatePlugin
http://jvn.jp/en/jp/JVN60978548/index.html
9
wpShopGermany Free4.0.10 and earlier, see notes4.0.11wpshopgermany-freeCross-Site Request Forgeryhttps://wordpress.org/plugins/wpshopgermany-free/UpdatePlugin
Researcher doesn't indicate how far back the issue was introduced
https://www.pluginvulnerabilities.com/2018/07/02/our-proactive-monitoring-caught-a-cross-site-request-forgery-csrf-arbitrary-file-upload-vulnerability-in-wpshopgermany-free/
10
wpShopGermany Free4.0.10 and earlier, see notes4.0.11wpshopgermany-freeAuthenticated Arbitrary File Upload, see noteshttps://wordpress.org/plugins/wpshopgermany-free/UpdatePlugin
Would need to be combined with the CSRF above to be exploited. Researcher doesn't indicate how far back the issue was introduced
https://www.pluginvulnerabilities.com/2018/07/02/our-proactive-monitoring-caught-a-cross-site-request-forgery-csrf-arbitrary-file-upload-vulnerability-in-wpshopgermany-free/
11
Sitesassure WP Malware Scannerall, see notesunfixedsitesassure-wp-malware-scannerCross-Site Scriptinghttps://wordpress.org/plugins/sitesassure-wp-malware-scanner/RemovePlugin
Researcher doesn't indicate how far back the issue was introduced
https://www.pluginvulnerabilities.com/2018/07/02/when-a-security-vulnerability-is-only-one-of-the-issues-with-a-wordpress-security-plugin/
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...