20170519 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) Affected
Fixed in Version
Plugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
BibleGet I/O3.4 and ealierunfixedbibleget-ioArbitrary File UploadPlugin removed from repositoryRemovePlugin
Looks like the author has a fix in place with v3.5
https://www.pluginvulnerabilities.com/2017/05/18/vulnerability-details-remote-code-execution-rce-vulnerability-in-bibleget-io/
3
WP Booking System Free1.3.3 and earlier1.4wp-booking-systemStored Cross-Site Scripting, SQL Injectionhttps://wordpress.org/plugins/wp-booking-system/UpdatePlugin
http://jvn.jp/en/jp/JVN96165722/ and changelog: https://wordpress.org/plugins/wp-booking-system/#developers
4
WP Booking System Premium3.6 and earlier3.7Stored Cross-Site Scripting, SQL Injectionhttps://www.wpbookingsystem.com/UpdatePlugin
http://jvn.jp/en/jp/JVN96165722/
5
MaxButtons Free6.18 and ealier6.19maxbuttonsCross-Site Scriptinghttps://wordpress.org/plugins/maxbuttons/UpdatePlugin
http://jvn.jp/en/jp/JVN70411623/
6
MaxButtons Pro6.18 and earlier6.19Cross-Site Scriptinghttps://maxbuttons.com/UpdatePlugin
http://jvn.jp/en/jp/JVN70411623/
7
LayerSlider6.2.0 and earlier6.2.1LayerSliderCross-Site Request Forgeryhttps://layerslider.kreaturamedia.com/UpdatePlugin
http://wphutte.com/layer-slider-6-1-6-csrf-to-xss-to-sqli-with-poc/
8
LayerSlider6.2.0 and earlier6.2.1LayerSliderAuthenticated Stored Cross-Site Scriptinghttps://layerslider.kreaturamedia.com/UpdatePlugin
http://wphutte.com/layer-slider-6-1-6-csrf-to-xss-to-sqli-with-poc/
9
LayerSlider6.2.0 and earlier6.2.1LayerSliderSQL Injectionhttps://layerslider.kreaturamedia.com/UpdatePlugin
http://wphutte.com/layer-slider-6-1-6-csrf-to-xss-to-sqli-with-poc/
10
Ultimate Addons for Visual Composer
3.16.113.16.12Ultimate_VC_AddonsAuthenticated Stored Cross-Site Scripting
https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199
UpdatePlugin
http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
11
Ultimate Addons for Visual Composer
3.16.113.16.12Ultimate_VC_AddonsCross-Site Request Forgery
https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199
UpdatePlugin
http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
12
Ultimate Addons for Visual Composer
3.16.113.16.12Ultimate_VC_AddonsRemote Code Execution
https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199
UpdatePlugin
http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
13
Crafty Social Buttons1.5.7 and ealier1.5.8crafty-social-buttonsCross-Site Scriptinghttps://wordpress.org/plugins/crafty-social-buttons/UpdatePlugin
Changelog https://wordpress.org/plugins/crafty-social-buttons/#developers
14
EELV Newsletter4.6 and earlier4.6.1eelv-newsletterAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/eelv-newsletter/UpdatePlugin
https://www.vulnerability-lab.com/get_content.php?id=2069 and changelog https://wordpress.org/plugins/eelv-newsletter/#developers
15
EELV Newsletter4.6 and earlier4.6.2eelv-newsletterCross-Site Request Forgeryhttps://wordpress.org/plugins/eelv-newsletter/UpdatePlugin
https://www.vulnerability-lab.com/get_content.php?id=2069 and changelog https://wordpress.org/plugins/eelv-newsletter/#developers
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1