20170818 Vulnerable Plugins/Themes Report

	A	B	C	D	E	F	G	H	I	J
1	Name	Version(s) Affected	Fixed in Version	Plugin Directory	Vulnerability	Link/Plugin Status	Suggested Action	Plugin/Theme	Other Notes	Source

2	WP Post Popup	2.0.2 and earlier	2.0.3	wp-post-modal	Arbitrary File Viewing	https://wordpress.org/plugins/wp-post-modal/	Update	Plugin		https://www.pluginvulnerabilities.com/2017/08/11/arbitrary-file-viewing-vulnerability-in-wp-post-popup/
3	Simba Plugin Updates Manager	1.6.20 and earlier	1.6.20	simba-plugin-updates-manager	Cross-Site Request Forgery	https://wordpress.org/plugins/simba-plugin-updates-manager/	Update	Plugin		https://wordpress.org/plugins/simba-plugin-updates-manager/#developers
4	Blaszok eCommerce Theme	3.9.3 and earlier	3.9.4	blaszok	Unauthorized Access to view/edit theme settings	https://themeforest.net/item/blaszok-ecommerce-theme/7163563	Update	Theme		http://wphutte.com/blaszok-3-9-3-theme-exploit-theme-options-exposed/
5	Blaszok eCommerce Theme	3.9.3 and earlier	3.9.4	blaszok	Cross-Site Scripting	https://themeforest.net/item/blaszok-ecommerce-theme/7163563	Update	Theme		http://wphutte.com/blaszok-3-9-3-theme-exploit-theme-options-exposed/
6	Share on Diaspora	all versions	unfixed	share-on-diaspora	Cross-Site Scripting	https://wordpress.org/plugins/share-on-diaspora/	Remove	Plugin		https://cxsecurity.com/issue/WLB-2017080099
7	Asgaros Forum	1.5.7 and earlier	1.5.9	asgaros-forum	Unauthorized Settings Override	https://wordpress.org/plugins/asgaros-forum/	Update	Plugin		https://www.pluginvulnerabilities.com/2017/08/16/settings-change-vulnerability-in-asgaros-forum/
8	Leaky Paywall	4.9.1 and earlier	4.9.2	leaky-paywall	PHP Object Injection	https://wordpress.org/plugins/leaky-paywall/	Update Immediately	Plugin		https://www.pluginvulnerabilities.com/2017/08/17/php-object-injection-vulnerability-in-leaky-paywall/
9	AddToAny Share Buttons	1.7.14 and ealier	1.7.15	add-to-any	Conditional Host Header Injection	https://wordpress.org/plugins/add-to-any/	Update	Plugin		https://wpvulndb.com/vulnerabilities/8885
10	Link-Library	5.9.13.26 and ealier	5.9.13.27	link-library	Authenticated SQL Injection	https://wordpress.org/plugins/link-library/	Update	Plugin	Requires user to have permissions to access the link library settings	http://lenonleite.com.br/en/blog/2017/08/14/link-library-5-9-13-26-plugin-wordpress-sql-injection/
11	I Recommend This	3.7.7 and earlier	unfixed	i-recommend-this	Authenticated SQL Injection	https://wordpress.org/plugins/i-recommend-this/	Remove	Plugin	Only requires subscriber role or above	https://wpvulndb.com/vulnerabilities/8887
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100