| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Name | Version(s) Affected | Fixed in Version | Plugin Directory | Vulnerability | Link/Plugin Status | Suggested Action | Plugin/Theme | Other Notes | Source | |||||||||||||||||||
2 | Contact Form by WD | 1.12.22 and earlier, see notes | 1.12.28 | contact-form-maker | SQL Injection | https://wordpress.org/plugins/contact-form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-004_WordPress_Contact_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
3 | Contact Form by WD | 1.12.22 and earlier, see notes | 1.12.28 | contact-form-maker | Cross-Site Scripting | https://wordpress.org/plugins/contact-form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-004_WordPress_Contact_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
4 | Contact Form by WD | 1.12.22 and earlier, see notes | 1.12.28 | contact-form-maker | Cross-Site Request Forgery | https://wordpress.org/plugins/contact-form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-004_WordPress_Contact_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
5 | Form Maker by WD | 1.12.27 and earlier, see notes | 1.12.28 | form-maker | SQL Injection | https://wordpress.org/plugins/form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-001_WordPress_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
6 | Form Maker by WD | 1.12.27 and earlier, see notes | 1.12.28 | form-maker | Cross-Site Scripting | https://wordpress.org/plugins/form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-001_WordPress_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
7 | Form Maker by WD | 1.12.27 and earlier, see notes | 1.12.28 | form-maker | Cross-Site Request Forgery | https://wordpress.org/plugins/form-maker/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. | http://www.defensecode.com/advisories/DC-2018-05-001_WordPress_Form_Maker_Plugin_Advisory.pdf | |||||||||||||||||||
8 | WooCommerce Category Banner Management | 1.1.0 and earlier, see notes | 1.1.1, see notes | banner-management-for-woocommerce | Unauthenticated Settings Change | https://wordpress.org/plugins/banner-management-for-woocommerce/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
9 | Add Social Share Messenger Buttons Whatsapp and Viber | all, see notes | unfixed | add-social-share-buttons | Cross-Site Request Forgery | https://wordpress.org/plugins/add-social-share-buttons/ | Remove | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Plugin is currently disabled in the public repository. Code was last updated on 20180606 so potentially might have a fix soon. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
10 | Advance Search for WooCommerce | 1.0.9 and earlier, see notes | 1.1, see notes | woo-advance-search | Stored Cross-Site Scripting | https://wordpress.org/plugins/woo-advance-search/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
11 | EU Cookie Notice | 1.0.6 and earlier, see notes | 1.0.7, see notes | eu-cookie-notice | Cross-Site Request Forgery | https://wordpress.org/plugins/eu-cookie-notice/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
12 | Mass Pages Posts Creator | all, see notes | unfixed | mass-pagesposts-creator | Authenticated Stored Cross-Site Scripting | https://wordpress.org/plugins/mass-pagesposts-creator/ | Remove | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Plugin is currently disabled in the public repository. Code was last updated on 20180606 so potentially might have a fix soon. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
13 | Page Visit Counter | 4.2 and earlier, see notes | 4.3, see notes | page-visit-counter | SQL Injection | https://wordpress.org/plugins/page-visit-counter/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
14 | WooCommerce Checkout for Digital Goods | 2.1 and earlier, see notes | 2.2, see notes | woo-checkout-for-digital-goods | Cross-Site Request Forgery | https://wordpress.org/plugins/woo-checkout-for-digital-goods/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
15 | WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking | 1.0.4 and earlier, see notes | 1.0.5, see notes | ecommerce-tracking-for-easy-digital-download | Cross-Site Request Forgery | https://wordpress.org/plugins/ecommerce-tracking-for-easy-digital-download/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
16 | WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking | 1.0.4 and earlier, see notes | 1.0.5, see notes | ecommerce-tracking-for-easy-digital-download | Stored Cross-Site Scripting | https://wordpress.org/plugins/ecommerce-tracking-for-easy-digital-download/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
17 | WooCommerce Product Attachment | all, see notes | unfixed | woo-product-attachment | Authenticated Stored Cross-Site Scripting | https://wordpress.org/plugins/woo-product-attachment/ | Remove | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Plugin is currently disabled in the public repository. Code was last updated on 20180606 so potentially might have a fix soon. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
18 | Woo Quick Reports | 1.0.6 and earlier, see notes | 1.0.7, see notes | woo-quick-reports | Stored Cross-Site Scripting | https://wordpress.org/plugins/woo-quick-reports/ | Update | Plugin | Researcher doesn't indicate which specific versions are affected, assume all. Developer indicates in changelog that the vulnerable code has been fixed and the WordPress plugin team has re-enabled the plugin in the public repository. HOWEVER, threatpress did not release the details of the vulnerability so there is no quick way to verify the code has been corrected adequately. | https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/ | |||||||||||||||||||
19 | |||||||||||||||||||||||||||||
20 | |||||||||||||||||||||||||||||
21 | |||||||||||||||||||||||||||||
22 | |||||||||||||||||||||||||||||
23 | |||||||||||||||||||||||||||||
24 | |||||||||||||||||||||||||||||
25 | |||||||||||||||||||||||||||||
26 | |||||||||||||||||||||||||||||
27 | |||||||||||||||||||||||||||||
28 | |||||||||||||||||||||||||||||
29 | |||||||||||||||||||||||||||||
30 | |||||||||||||||||||||||||||||
31 | |||||||||||||||||||||||||||||
32 | |||||||||||||||||||||||||||||
33 | |||||||||||||||||||||||||||||
34 | |||||||||||||||||||||||||||||
35 | |||||||||||||||||||||||||||||
36 | |||||||||||||||||||||||||||||
37 | |||||||||||||||||||||||||||||
38 | |||||||||||||||||||||||||||||
39 | |||||||||||||||||||||||||||||
40 | |||||||||||||||||||||||||||||
41 | |||||||||||||||||||||||||||||
42 | |||||||||||||||||||||||||||||
43 | |||||||||||||||||||||||||||||
44 | |||||||||||||||||||||||||||||
45 | |||||||||||||||||||||||||||||
46 | |||||||||||||||||||||||||||||
47 | |||||||||||||||||||||||||||||
48 | |||||||||||||||||||||||||||||
49 | |||||||||||||||||||||||||||||
50 | |||||||||||||||||||||||||||||
51 | |||||||||||||||||||||||||||||
52 | |||||||||||||||||||||||||||||
53 | |||||||||||||||||||||||||||||
54 | |||||||||||||||||||||||||||||
55 | |||||||||||||||||||||||||||||
56 | |||||||||||||||||||||||||||||
57 | |||||||||||||||||||||||||||||
58 | |||||||||||||||||||||||||||||
59 | |||||||||||||||||||||||||||||
60 | |||||||||||||||||||||||||||||
61 | |||||||||||||||||||||||||||||
62 | |||||||||||||||||||||||||||||
63 | |||||||||||||||||||||||||||||
64 | |||||||||||||||||||||||||||||
65 | |||||||||||||||||||||||||||||
66 | |||||||||||||||||||||||||||||
67 | |||||||||||||||||||||||||||||
68 | |||||||||||||||||||||||||||||
69 | |||||||||||||||||||||||||||||
70 | |||||||||||||||||||||||||||||
71 | |||||||||||||||||||||||||||||
72 | |||||||||||||||||||||||||||||
73 | |||||||||||||||||||||||||||||
74 | |||||||||||||||||||||||||||||
75 | |||||||||||||||||||||||||||||
76 | |||||||||||||||||||||||||||||
77 | |||||||||||||||||||||||||||||
78 | |||||||||||||||||||||||||||||
79 | |||||||||||||||||||||||||||||
80 | |||||||||||||||||||||||||||||
81 | |||||||||||||||||||||||||||||
82 | |||||||||||||||||||||||||||||
83 | |||||||||||||||||||||||||||||
84 | |||||||||||||||||||||||||||||
85 | |||||||||||||||||||||||||||||
86 | |||||||||||||||||||||||||||||
87 | |||||||||||||||||||||||||||||
88 | |||||||||||||||||||||||||||||
89 | |||||||||||||||||||||||||||||
90 | |||||||||||||||||||||||||||||
91 | |||||||||||||||||||||||||||||
92 | |||||||||||||||||||||||||||||
93 | |||||||||||||||||||||||||||||
94 | |||||||||||||||||||||||||||||
95 | |||||||||||||||||||||||||||||
96 | |||||||||||||||||||||||||||||
97 | |||||||||||||||||||||||||||||
98 | |||||||||||||||||||||||||||||
99 | |||||||||||||||||||||||||||||
100 |