20190104 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
WP Job Manager1.31.2 and earlier1.31.3wp-job-managerUnprivileged Phar Deserializationhttps://wordpress.org/plugins/wp-job-manager/UpdatePlugin
https://www.ripstech.com/php-security-calendar-2018/ day 22
3
WooCommerce3.5.0 and earlier3.5.1woocommerceStored Cross-Site Scriptinghttps://wordpress.org/plugins/woocommerce/UpdatePlugin
https://www.ripstech.com/php-security-calendar-2018/ day 23
4
Adicon Serverall, see notesunfixedadiconsSQL Injectionhttps://wordpress.org/plugins/adicons/RemovePlugin
Last update was nine years ago so it's definitely time to find a replacement
https://packetstormsecurity.com/files/150993/wpadicon12-sql.txt
5
Audio Recordall, see notesunfixedaudio-recordArbitrary File Uploadhttps://wordpress.org/plugins/audio-record/RemovePlugin
Last update was four years and most likely will not be fixed.
https://packetstormsecurity.com/files/150921/wpaudiorecord10-shell.txt
6
Baggage Freight Shipping Australiaall, see notesunfixedbaggage-freightArbitrary File Uploadhttps://wordpress.org/plugins/baggage-freight/RemovePlugin
Last update was two years and most likely will not be fixed.
https://packetstormsecurity.com/files/150927/wpbfsa010-shell.txt
7
Google XML Sitemaps4.0.9 and earlier4.1.0google-sitemap-generatorStored Cross-Site Scriptinghttps://wordpress.org/plugins/google-sitemap-generator/UpdatePlugin
https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000135.html
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu