20170922 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
All Post Contact Formall versionsunfixedallpost-contactformArbitrary File Uploadhttps://wordpress.org/plugins/allpost-contactform/Remove ImmediatelyPlugin
https://www.pluginvulnerabilities.com/2017/09/20/arbitrary-file-upload-vulnerability-in-all-post-contact-form/
3
SQL Shortcodeall versionsunfixedsql-shortcodesAuthenticated SQL Executionplugin removed from repositoryRemove ImmediatelyPlugin
https://wpvulndb.com/vulnerabilities/8904
4
WP Like Post1.5.2 and earlierunfixedwp-like-postsAuthenticated SQL Injectionplugin removed from repositoryRemove ImmediatelyPlugin
https://wpvulndb.com/vulnerabilities/8903
5
Post Pay Counter2.730 and earlier2.731post-pay-counterObject Injectionhttps://wordpress.org/plugins/post-pay-counter/UpdatePlugin
https://www.pluginvulnerabilities.com/2017/09/18/authenticated-php-object-injection-vulnerability-in-post-pay-counter/
6
SmokeSignal1.2.6 and earlier1.2.7smokesignalAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/smokesignal/UpdatePlugin
https://wpvulndb.com/vulnerabilities/8902
7
Simple Student Result1.6.3 and earlier1.6.4simple-student-resultAuthorization Bypasshttps://wordpress.org/plugins/simple-student-result/UpdatePlugin
https://limbenjamin.com/articles/simple-student-result-auth-bypass.html
8
2kb Amazon Affiliates Store2.1.02.1.12kb-amazon-affiliates-storeCross-Site Scriptinghttps://wordpress.org/plugins/2kb-amazon-affiliates-store/UpdatePlugin
https://packetstormsecurity.com/files/144261/wp2kb-xss.txt
9
TAKETIN To WP Membership1.2.7 and earlier1.2.8taketin-to-wp-membershipObject Injectionhttps://wordpress.org/plugins/taketin-to-wp-membership/UpdatePlugin
https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/
10
Invite Anyone1.3.18 and earlier1.3.19invite-anyoneObject Injectionhttps://wordpress.org/plugins/invite-anyone/UpdatePlugin
https://plugins.trac.wordpress.org/changeset/1732512/
11
Responsive Image Gallery, Gallery Album1.2.0 and earlier1.2.1gallery-albumSQL Injectionhttps://wordpress.org/plugins/gallery-album/UpdatePlugin
http://seclists.org/fulldisclosure/2017/Sep/55
12
MediaPress1.1.9 and earlier1.2.0mediapressAuthorization Bypasshttps://wordpress.org/plugins/mediapress/UpdatePlugin
https://wordpress.org/plugins/mediapress/#developers
13
Share Drafts Publicly1.1.41.1.5share-drafts-publiclyInformation Disclosurehttps://wordpress.org/plugins/share-drafts-publicly/UpdatePlugin
Someone with at least contributor access would be able to make any draft post publicly available, hence the information disclosure classification
https://www.pluginvulnerabilities.com/2017/09/19/authenticated-information-disclosure-vulnerability-in-share-drafts-publicly/
14
Welcart e-Commerce1.9.3 and earlier1.9.4usc-e-shopObject Injectionhttps://wordpress.org/plugins/usc-e-shop/UpdatePlugin
https://plugins.trac.wordpress.org/changeset/1728429/
15
DS.DownloadListall versionsunfixeddsdownloadlistObject Injectionhttps://wordpress.org/plugins/dsdownloadlist/RemovePlugin
https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-ds-downloadlist/
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...