20190426 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Contact Form Builder1.0.671.0.69contact-form-builderCross-Site Request Forgeryhttps://wordpress.org/plugins/contact-form-builder/UpdatePlugin
https://seclists.org/bugtraq/2019/Apr/31
3
a2 optimised WP<=2.0.10.82.0.10.9a2-optimized-wpSensitive Information disclosurehttps://en-gb.wordpress.org/plugins/a2-optimized-wp/UpdatePlugin
Changelog states "Fixes security issue that may expose wp-config.php contents"
Changelog: https://wordpress.org/plugins/a2-optimized-wp/#developers
4
WooCommerce Checkout Managerassume all
unfixed (assumed), see notes
woocommerce-checkout-managerArbitrary File Uploadhttps://wordpress.org/plugins/woocommerce-checkout-manager/Remove ImmediatelyPlugin
"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin has been closed in public repository. Last commit does not indicate a fix to the disclosed vulnerabilty.
https://www.pluginvulnerabilities.com/2019/04/23/our-proactive-monitoring-caught-an-arbitrary-file-upload-vulnerability-in-woocommerce-checkout-manager/
5
wp database backup5.1.2
unfixed (assumed), see notes
wp-database-backup
Cross-Site Request Forgery + unatuthenticated plugin settings change
https://wordpress.org/plugins/wp-database-backup/Remove, see notesPlugin
"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions.
https://www.pluginvulnerabilities.com/2019/04/24/security-changes-led-to-us-noticing-settings-change-vulnerability-in-wp-database-backup/
6
wp buddha free adwords1.0.0unfixedwp-buddha-free-adwordsAuthenticated Options update, see noteshttps://wordpress.org/plugins/wp-buddha-free-adwords/Remove ImmediatelyPlugin
Plugin closed in public repository. Plugin uses the vulnerable version of the Freemius library. Several commits recently looks like developer is working to fix the issue
https://www.pluginvulnerabilities.com/2019/04/25/what-security-review-brand-new-wordpress-plugin-contains-widely-exploited-freemius-library-vulnerability/
7
Car spot<=2.1.62.1.7car-spotAuthenticated Stored Cross-Site Scripting
https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539
UpdateTheme
https://wpvulndb.com/vulnerabilities/9258
8
WP Statistics<=12.6.312.6.4wp-statisticsCross-Site Scriptinghttps://wordpress.org/plugins/wp-statistics/UpdatePlugin
https://wpvulndb.com/vulnerabilities/9261
9
JobCareer | Job Board Responsive WordPress Theme
assume all
unfixed, see notes
jobcareer-wordpress-job-board-theme
Stored Cross-Site Scripting, unverfied see noteshttps://wordpress.org/plugins/jobcareer-wordpress-job-board-theme/
Use with caution, contact vendor
Theme
The PoC from the source appears to work as described, but since this is a paid theme, I dont have access to the source code and am unable to verify. Also couldnt find a changelog for the theme to see if the issue has been fixed in a recent version
https://cxsecurity.com/issue/WLB-2019040200
10
Zielke Specialized Catalogassume all
unfixed, see notes
zielke-specialized-catalogArbitrary File Uploadhttps://wordpress.org/plugins/zielke-specialized-catalog/Remove ImmediatelyPlugin
"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin has been closed in public repository. Last commit does not indicate a fix to the disclosed vulnerabilty.
https://www.pluginvulnerabilities.com/2019/04/22/our-proactive-monitoring-caught-an-arbitrary-file-upload-vulnerability-returng-to-zielke-specialized-catalog/
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...