201811109 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Media File Managerall versionsunfixedmedia-file-managerAuthenticated Directory Traversalhttps://wordpress.org/plugins/media-file-manager/RemovePlugin
Researcher notes that normally the plugin requires a user with an administrator role but that it can be configured for other roles to access it. Therefore, it is only exploitable if additional roles have been configured to access it.
https://wpvulndb.com/vulnerabilities/9145
3
Media File Managerall versionsunfixedmedia-file-managerAuthenticated Cross-Site Scriptinghttps://wordpress.org/plugins/media-file-manager/RemovePlugin
Researcher notes that normally the plugin requires a user with an administrator role but that it can be configured for other roles to access it. Therefore, it is only exploitable if additional roles have been configured to access it.
https://wpvulndb.com/vulnerabilities/9146
4
Media File Managerall versionsunfixedmedia-file-managerAuthenticated File Manipulation, see noteshttps://wordpress.org/plugins/media-file-manager/RemovePlugin
Researcher notes that normally the plugin requires a user with an administrator role but that it can be configured for other roles to access it. Therefore, it is only exploitable if additional roles have been configured to access it. The plugin allows for files to be moved, but doesn't check to make sure the files are moved within a confined area. Therefore, an attacker could move files they should not have access to into publicly accessible areas. In addition, the plugin allows for renaming of files. One example is renaming wp-config.php to wp-config.txt
https://wpvulndb.com/vulnerabilities/9147
5
Flow-Flow Social Stream3.0.71 and earlier3.0.72flow-flow-social-streamsCross-Site Scriptinghttps://wordpress.org/plugins/flow-flow-social-streams/UpdatePlugin
https://wpvulndb.com/vulnerabilities/9142
6
WooCommerce3.4.5 and earlier3.4.6woocommerceAuthenticated Arbitrary File Deletion, see noteshttps://wordpress.org/plugins/woocommerce/UpdatePlugin
Researchers note that this vuilnerability is exploitable only if the account has the shop manager role or higher.
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
7
WP GDPR Compliance1.4.2 and earlier1.4.3wp-gdpr-complianceUnauthenticated Arbitrary Options Update, see noteshttps://wordpress.org/plugins/wp-gdpr-compliance/Update ImmediatelyPlugin
By leveraging the ability to modify options, an attacker can enable user registration, and set the default role for new users to administrator.
https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/
8
WP GDPR Compliance1.4.2 and earlier1.4.4wp-gdpr-complianceUnauthenticated Arbitrary Action Calls, see noteshttps://wordpress.org/plugins/wp-gdpr-compliance/Update ImmediatelyPlugin
By leveraging the ability to add actions, the attacker can leverage other plugins actions+settings to install further plugins. See https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/ for a complete explanation
https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/
9
Beginunsure, see notes
unknown, see notes
beginOpen Redirect
https://themeforest.net/item/begin-start-up-business-wordpress-theme/20590319
RemoveTheme
This is a paid theme so I don't have access to the source. In looking at the changelog I'm not seeing anything that would indicate this has been fixed. A quick look online shows the vulnerability is legitimate. Suggest removing and contacting support
https://cxsecurity.com/issue/WLB-2018110020
10
LearnPress3.0.12 and earlier3.1.0learnpressAuthenticated Cross-Site Scriptinghttps://wordpress.org/plugins/learnpress/UpdatePlugin
https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000117.html
11
LearnPress3.0.12 and earlier3.1.1learnpressOpen Redirecthttps://wordpress.org/plugins/learnpress/UpdatePlugin
https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000117.html
12
LearnPress3.0.12 and earlier3.1.2learnpressAuthenticated SQL Injectionhttps://wordpress.org/plugins/learnpress/UpdatePlugin
https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000117.html
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu