2017041X Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) Affected
Fixed in Version
Plugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Analytics1.7 and earlierunfixedanalyticRemote Code Executionplugin removed from repositoryRemove ImmediatelyPlugin
https://www.pluginvulnerabilities.com/2017/04/11/vulnerability-details-remote-code-execution-rce-vulnerability-in-analytic/
3
Car Rental1.0.4 and earlierunfixedcar-rentalMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/car-rental/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
4
Custom Admin Page0.1.1 and earlierunfixedcustom-admin-pageMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/custom-admin-page/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
5
Donate2.1.1 and earlierunfixeddonate-buttonMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/donate-button/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
6
Error Log Viewer1.0.5 and earlierunfixederror-log-viewerMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/error-log-viewer/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
7
Featured Posts1.0.0 and earlierunfixedbws-featured-postsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-featured-posts/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
8
Gallery4.5.0 and earlierunfixedgallery-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/gallery-plugin/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
9
Google +11.3.3 and earlierunfixedgoogle-oneMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/google-one/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
10
Google Maps1.3.5 and earlierunfixedbws-google-mapsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-google-maps/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
11
Google Shortlink1.5.3 and earlierunfixedgoogle-shortlinkMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/google-shortlink/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
12
Google Sitemap3.0.8 and earlierunfixedgoogle-sitemap-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/google-sitemap-plugin/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
13
Job Board1.1.4 and earlierunfixedjob-boardMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/job-board/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
14
Latest Posts0.2 and earlierunfixedbws-latest-postsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-latest-posts/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
15
Limit Attempts1.1.8 and earlierunfixedlimit-attemptsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/limit-attempts/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
16
LinkedIn1.0.4 and earlierunfixedbws-linkedinMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-linkedin/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
17
Multilanguage1.2.3 and earlierunfixedmultilanguageMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/multilanguage/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
18
Pinterest1.0.4 and earlierunfixedbws-pinterestMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-pinterest/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
19
Post to CSV1.3.1 and earlierunfixedpost-to-csvMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/post-to-csv/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
20
Profile Extra Fields1.0.7 and earlierunfixedprofile-extra-fieldsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/profile-extra-fields/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
21
PromoBar1.1.0 and earlierunfixedpromobarMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/promobar/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
22
Quotes and Tips1.32 and earlierunfixedquotes-and-tipsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/quotes-and-tips/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
23
Rating0.1 and earlierunfixedrating-bwsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/rating-bws/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
24
Re-attacher1.0.9 and earlierunfixedre-attacherMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/re-attacher/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
25
Reality1.0.9 and earlierunfixedrealtyMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/realty/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
26
Relevant - Related1.1.9 and earlierunfixedrelevantMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/relevant/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
27
Social Buttons Pack1.1.0 and earlierunfixedsocial-buttons-packMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/social-buttons-pack/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
28
Testimonials0.1.8 and earlierunfixedbws-testimonialsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-testimonials/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
29
Timesheet0.1.4 and earlierunfixedtimesheetMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/timesheet/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
30
Twitter Button2.54 and earlierunfixedtwitter-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/twitter-plugin/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
31
Updater1.34 and earlierunfixedupdaterMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/updater/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
32
Visitors Online0.9 and earlierunfixedvisitors-onlineMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/visitors-online/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
33
Zendesk Help Center1.0.4 and earlierunfixedzendesk-help-centerMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/zendesk-help-center/
Remove until update available
Plugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
34
Duplicate Post3.1 and earlier3.2duplicate-postAuthenticated Information Disclosurehttps://wordpress.org/plugins/duplicate-post/UpdatePlugin
Plugin Changelog
35
Social Login0.1 and earlier0.2social-login-bwsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/social-login-bws/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
36
Popular Posts1.0.4 and earlier1.0.5bws-popular-postsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-popular-posts/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
37
Pagination1.0.6 and earlier1.0.7paginationMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/pagination/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
38
Gallery Categories1.0.8 and earlier1.0.9gallery-categoriesMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/gallery-categories/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
39
SMTP1.0.9 and earlier1.1.0bws-smtpMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-smtp/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
40
Email Queue1.1.1 and earlier1.1.2email-queueMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/email-queue/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
41
Contact Form Multi1.2.0 and earlier1.2.1contact-form-multiMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/contact-form-multi/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
42
Sender1.2.0 and earlier1.2.1senderMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/sender/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
43
Google Captcha1.27 and earlier1.28google-captchaMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/google-captcha/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
44
Custom Fields Search1.3.1 and earlier1.3.2custom-fields-searchMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/custom-fields-search/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
45
Subscriber1.3.4 and earlier1.3.5subscriberMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/subscriber/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
46
Custom Search1.35 and earlier1.36custom-search-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/custom-search-plugin/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
47
Google AdSense1.43 and earlier1.44adsense-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/adsense-plugin/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
48
Calendar by WD / Spider Event Calendar1.5.51 and earlier1.5.52spider-event-calendarAuthenticated Blind SQL Injectionhttps://wordpress.org/plugins/spider-event-calendar/UpdatePlugin
http://seclists.org/fulldisclosure/2017/Apr/43
49
User Role1.5.5 and earlier1.5.6user-roleMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/user-role/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
50
Contact Form to DB1.5.6 and earlier1.5.7contact-form-to-dbMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/contact-form-to-db/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
51
Tribulant Slideshow Gallery1.6.5 and earlier1.6.6slideshow-galleryMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/slideshow-gallery/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf
52
Google Analytics1.7.0 and earlier1.7.1bws-google-analyticsMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/bws-google-analytics/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
53
Htaccess1.7.5 and earlier1.7.6htaccessMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/htaccess/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
54
PDF & Print1.9.3 and earlier1.9.4pdf-printMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/pdf-print/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
55
WP Statistics12.0.4 and earlier12.0.5wp-statisticsReflected Cross-Site Scriptinghttps://wordpress.org/plugins/wp-statistics/UpdatePlugin
http://jvn.jp/en/jp/JVN17633442/index.html
56
Gallery – Video Gallery and Youtube Gallery2.1.0 and earlier2.1.1gallery-videoAuthenticated SQL Injectionhttps://wordpress.org/plugins/gallery-video/Update
Plugin Changelog
57
Portfolio2.39 and earlier2.40portfolioMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/portfolio/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
58
Facebook Button2.53 and earlier2.54facebook-button-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/facebook-button-plugin/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
59
CopySafe Web Protection2.5 and earlier2.6wp-copysafe-webCross-Site Request Forgeryhttps://wordpress.org/plugins/wp-copysafe-web/UpdatePlugin
http://seclists.org/fulldisclosure/2017/Apr/42
60
Contact Form4.0.5 and earlier4.0.6contact-form-pluginMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/contact-form-plugin/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
61
Captcha4.2.9 and earlier4.3.0captchaMultilple Cross-Site Scripting vulnerabilitieshttps://wordpress.org/plugins/captcha/UpdatePlugin
http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1