20170104 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) Affected
Fixed in Version
Plugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther Notes
2
Pike Firewall1.4.0 and earlierunfixedpike-firewallInformation DisclosureCurrently unfixedRemove until fixedPlugin
3
404 Redirection ManagerAll versionsunfixed404-redirection-managerRemote SQL InjectionPlugin removed from repositoryRemove immediatelyPlugin
4
Delete All Comments2.0 and earlierunfixeddelete-all-commentsArbitrary File UploadPlugin removed from repositoryRemove immediatelyPlugin
5
Simply PollAll versionsunfixedsimply-pollRemote SQL InjectionPlugin removed from repositoryRemove immediatelyPlugin
6
Stats Counter1.2.2.5 and earlierunfixedstats-counterPHP Object InjectionPlugin removed from repositoryRemove immediatelyPlugin
7
Twitter Cards Meta2.4.5 and earlierunfixedtwitter-cards-metaCross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)Plugin removed from repositoryRemovePlugin
8
WP Support Plus Responsive Ticket System7.1.3 and earlierunfixedwp-support-plus-responsive-ticket-systemSQL InjectionPlugin removed from repositoryRemovePlugin
9
WP Private Messages1.0.1unfixedwp-private-messagesAuthenticated SQL InjectionPlugin removed from repositoryRemovePlugin
10
Single Personal Message1.0.3 and earlerunfixedsimple-personal-messageAuthenticated SQL InjectionPlugin removed from repositoryRemovePlugin
11
ZX_CSV Upload1.0 and earlierunfixedzx-csv-uploadCSRF and Database manipulationPlugin removed from repositoryRemovePlugin
12
Chained Quiz0.9.8 and earlier0.9.9chained-quizCross-Site Scriptinghttps://wordpress.org/plugins/chained-quiz/UpdatePlugin
13
WooCommerce2.6.8 and earlier2.6.9woocommerceAuthenticated XSS vulnerability in Tax-Rate CSV importhttps://wordpress.org/plugins/woocommerce/UpdatePlugin
14
XCloner Backup and Restore3.1.4 and earlier3.1.5xcloner-backup-and-restoreAuthenticated Path Traversalhttps://wordpress.org/plugins/xcloner-backup-and-restore/UpdatePlugin
https://gist.github.com/ldionmarcil/b223bb39694019d6f35a601ed7f841bf
15
BuddyPress2.0 through 2.7.32.7.4buddypressArbitrary File Deletionhttps://wordpress.org/plugins/buddypress/UpdatePlugin
https://wptavern.com/buddypress-2-7-4-patches-security-vulnerability-that-could-allow-arbitrary-file-deletion
16
Slider1.1.89 and earlier1.1.90image-slider-widgetAuthenticated Arbitrary File Deletionhttps://wordpress.org/plugins/image-slider-widget/UpdatePlugin
https://security.dxw.com/advisories/arbitrary-file-deletion-vulnerability-in-image-slider-allows-authenticated-users-to-delete-files/
17
Stop User Enumeration1.3.4 and earlier1.3.5stop-user-enumerationSensitive Information Disclosurehttps://wordpress.org/plugins/stop-user-enumeration/UpdatePlugin
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu