20190524 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Carts Guru<=1.4.6unfixedcarts-guruObject Injectionhttps://wordpress.org/plugins/carts-guru/RemovePlugin
Plugin closed on public repository. Plugin seems to be actively develop so hopefully vendor will have a fix out soon
http://dumpco.re/bugs/wp-plugin-carts-guru-id
3
Virimassume allunfixedvirimObject Injectionhttps://mythemeshop.com/plugins/launcher/RemovePlugin
Plugin closed on public repository. Plugin hasn't been updated in 7 years, probably wont receive an update.
https://dumpco.re/bugs/wp-plugin-virim-id
4
WPGraphQL<=0.2.30.3.0wp-graphqlToo many to list, see sourcehttps://github.com/wp-graphql/wp-graphqlUpdate ImmediatelyPlugin
https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ via https://wpvulndb.com/vulnerabilities/9282
5
Chaty<=2.0.52.0.6chatyUnknown, see noteshttps://wordpress.org/plugins/chaty/UpdatePlugin
Changelog states "Security Update"
https://wordpress.org/plugins/chaty/#developers
6
myStickyMenu<=2.1.42.1.5mystickymenuUnknown, see noteshttps://wordpress.org/plugins/mystickymenu/UpdatePlugin
Changelog states "Security Update"
https://wordpress.org/plugins/mystickymenu/#developers
7
Foldersassume all, see notesunfixedfoldersUnauthenticated, Stored Cross-Site Scriptinghttps://wordpress.org/plugins/folders/RemovePlugin
"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin closed in public repository as of 20190524
https://www.pluginvulnerabilities.com/2019/05/20/premio-is-introducing-security-vulnerabilities-in-to-wordpress-plugins-while-commercializing-them/
8
Newletter Managerassume all, see notesunfixednewletter-managerOpen Redirecthttps://wordpress.org/plugins/newletter-manager/RemovePlugin
Plugin closed in public repository as of 20190524
https://wpvulndb.com/vulnerabilities/9281
9
Slimstat<=4.8.04.8.1slimstatStored Cross-Site Scriptinghttps://wordpress.org/plugins/slimstat/UpdatePlugin
https://blog.sucuri.net/2019/05/slimstat-stored-xss-from-visitors.html
10
WooCommerce User Email Verification<=3.3.03.4.0woo-confirmation-emailUnknown, see noteshttps://wordpress.org/plugins/woo-confirmation-email/UpdatePlugin
Changelog states "Fixed: Vulnerability resolved for admin settings."
https://wordpress.org/plugins/woo-confirmation-email/#developers
11
WP Maintenance Mode<=2.2.32.2.4wp-maintenance-modeCross-Site Scriptinghttps://wordpress.org/plugins/wp-maintenance-mode/UpdatePlugin
Changelog states "add client-side sanitization to the input fields" and links to https://github.com/Designmodocom/WP-Maintenance-Mode/issues/176
https://wordpress.org/plugins/wp-maintenance-mode/#developers
12
Elementor Contact Form DB<=1.31.4sb-elementor-contact-form-dbCross-Site Scripting, see noteshttps://wordpress.org/plugins/sb-elementor-contact-form-db/UpdatePlugin
Commit message states "security related fixes". At a _minimum_ they corrected some cross-site scripting issues.
https://plugins.trac.wordpress.org/changeset/2092078
13
Blackhole for Bad Botsassume all, see notesunfixedblackhole-bad-botsDetection bypasshttps://wordpress.org/plugins/blackhole-bad-bots/RemovePlugin
https://seclists.org/bugtraq/2019/May/52
14
Simple File List<=3.2.43.2.5simple-file-listUnknown, see noteshttps://wordpress.org/plugins/simple-file-list/UpdatePlugin
Changelog states "Fixed a security issue with the file downloader and deletion"
https://wordpress.org/plugins/simple-file-list/#developers
15
Real-time Visitor Statistics<=1.81.9wp-stats-managerUnknown, see noteshttps://wordpress.org/plugins/wp-stats-manager/UpdatePlugin
Commit message states "bug fixing and sanitizing + security issues"
https://plugins.trac.wordpress.org/changeset/2092975
16
WP Sticky Sidebar<=1.3.11.3.2mystickysidebarUnknown, see noteshttps://wordpress.org/plugins/mystickysidebar/UpdatePlugin
Changelog states "Security Update"
https://wordpress.org/plugins/mystickysidebar/#developers
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...