20190208Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Ultimate Member2.0.38 and earlierunfixedultimate-memberCross-Site Request Forgery, see noteshttps://wordpress.org/plugins/ultimate-member/
I was unable to verify this vulnerability before posting. Researcher has history of misidentifying vulnerabilities. Remove, or see source for temporary fix
Plugin
https://packetstormsecurity.com/files/151512/wpultimatemember2038-xsrfshell.txt
3
Ultimate Member2.0.38 and earlierunfixedultimate-memberArbitrary File Upload, see noteshttps://wordpress.org/plugins/ultimate-member/
I was unable to verify this vulnerability before posting. Researcher has history of misidentifying vulnerabilities. Remove, or see source for temporary fix
Plugin
https://packetstormsecurity.com/files/151512/wpultimatemember2038-xsrfshell.txt
4
WP User Manager*2.0.8 and earlierunfixedwp-user-managerAuthenticated Arbitrary File Uploadhttps://wordpress.org/plugins/wp-user-manager/RemovePlugin
https://packetstormsecurity.com/files/151534/wpusermanager208-shell.txt
5
NextGen Gallery3.1.5 and earlier3.1.6nextgen-galleryAuthenicated Object Injectionhttps://wordpress.org/plugins/nextgen-gallery/UpdatePlugin
https://medium.com/websec/wordpress-nextgen-gallery-3-1-5-rce-via-low-priviledged-users-85a37ff87423 via https://wpvulndb.com/vulnerabilities/9213
6
Quiz And Survey Masterall, see notesunfixedquiz-master-nextCross-site Scriptinghttps://wordpress.org/plugins/quiz-master-next/RemovePlugin
Researcher tested v6.0.4 but vulnerable code is still present in version 6.2.0
https://security-consulting.icu/blog/2019/02/wordpress-quiz-and-survey-master-xss/
7
Blog2Social5.0.2 and earlier5.0.3blog2socialCross-site Scriptinghttps://wordpress.org/plugins/blog2social/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-blog2social-xss/
8
Contact Form Email1.2.65 and earlier1.2.66contact-form-to-emailCross-site Scriptinghttps://wordpress.org/plugins/contact-form-to-email/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-contact-form-email-xss-csrf/
9
Font Organizerall, see notesunfixedfont-organizerCross-site Scriptinghttps://wordpress.org/plugins/font-organizer/RemovePlugin
Plugin hasn't been updated in 2 years
https://security-consulting.icu/blog/2019/02/wordpress-font-organizer-xss/
10
Give2.3.0 and earlier2.3.1giveCross-site Scriptinghttps://wordpress.org/plugins/give/UpdatePlugin
https://security-consulting.icu/blog/2019/02/wordpress-give-xss/
11
KingComposer2.7.8 and earlierunfixedkingcomposerCross-site Scriptinghttps://wordpress.org/plugins/kingcomposer/RemovePlugin
https://security-consulting.icu/blog/2019/02/wordpress-kingcomposer-xss/
12
NextScripts: Social Networks Auto-Poster4.2.7 and earlier4.2.8
social-networks-auto-poster-facebook-twitter-g
Cross-site Scriptinghttps://wordpress.org/plugins/social-networks-auto-poster-facebook-twitter-g/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-social-networks-auto-poster-xss/
13
wpGoogleMaps7.10.417.10.43wp-google-mapsCross-site Scriptinghttps://wordpress.org/plugins/wp-google-maps/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/
14
WP Live Chat Support8.0.17 and earlier8.0.18wp-live-chat-supportCross-site Scriptinghttps://wordpress.org/plugins/wp-live-chat-support/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-wp-livechat-xss/
15
YOP Poll6.0.2 and earlier6.0.3yop-pollCross-site Scriptinghttps://wordpress.org/plugins/yop-poll/UpdatePlugin
Update was released back in November.
https://security-consulting.icu/blog/2019/02/wordpress-yop-poll-xss/
16
Forminator1.5.4 and earlier1.6forminatorStored Cross-Site Scriptinghttps://wordpress.org/plugins/forminator/UpdatePlugin
Update was released back in December.
https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
17
Forminator1.5.4 and earlier1.7forminatorBlind SQL Injectionhttps://wordpress.org/plugins/forminator/UpdatePlugin
Update was released back in December.
https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
18
Parallax Scroll2.0.1 and earlier2.1adamrob-parallax-scrollCross-site Scriptinghttps://wordpress.org/plugins/adamrob-parallax-scroll/UpdatePlugin
https://wpvulndb.com/vulnerabilities/9214
19
Accessibility Suite by Online ADA2.0.8 and earlier2.0.9online-accessibilityRestricted File Uploadhttps://wordpress.org/plugins/online-accessibility/UpdatePlugin
https://www.pluginvulnerabilities.com/2019/02/04/our-proactive-monitoring-caught-a-restricted-file-upload-vulnerability-in-accessibility-suite-by-online-ada/
20
Accessibility Suite by Online ADA2.0.8 and earlier2.0.10online-accessibilitySQL Injectionhttps://wordpress.org/plugins/online-accessibility/UpdatePlugin
https://www.pluginvulnerabilities.com/2019/02/04/the-wordpress-rest-api-opening-up-new-front-for-security-vulnerabilities-in-wordpress-plugins/
21
Logo Carouselall, see notesunfixedkiwi-logo-carouselCross-Site Request Forgeryhttps://wordpress.org/plugins/kiwi-logo-carousel/RemovePlugin
Plugin hasn't been updated in 2 years and has now been closed in public repository
https://www.pluginvulnerabilities.com/2019/02/07/another-one-of-the-1000-most-popular-wordpress-plugins-contains-a-csrf-xss-vulnerability/
22
Logo Carouselall, see notesunfixedkiwi-logo-carouselCross-site Scriptinghttps://wordpress.org/plugins/kiwi-logo-carousel/RemovePlugin
https://www.pluginvulnerabilities.com/2019/02/07/another-one-of-the-1000-most-popular-wordpress-plugins-contains-a-csrf-xss-vulnerability/
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu