20190816 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
GiveWP<=2.5.02.5.1giveSQL Injectionhttps://wordpress.org/plugins/give/UpdatePlugin
Issue was patched on July 11 w/ v 2.5.1 was disclosure was embargoed until August 11
https://fortiguard.com/zeroday/FG-VD-19-098
3
Backup and Staging by WP Time Capsuleassume all, see notesunfixedwp-time-capsuleAuthenticated Object Injectionhttps://wordpress.org/plugins/wp-time-capsule/RemovePlugin
Researcher doesn't indicate when the vulnerability was introduced, asssume all
https://www.pluginvulnerabilities.com/2019/08/14/authenticated-php-object-injection-vulnerability-in-backup-and-staging-by-wp-time-capsule/
4
Import Social Events<=1.6.61.6.7import-facebook-eventsCross-Site Scriptinghttps://wordpress.org/plugins/import-facebook-events/UpdatePlugin
https://www.pluginvulnerabilities.com/2019/08/13/reflected-cross-site-scripting-xss-vulnerability-in-import-social-events/
5
Maintenanceunknown, see notesunfixedmaintenanceArbitrary File Upload via Cross-Site Request Forgeryhttps://wordpress.org/plugins/maintenance/Remove ImmediatelyPlugin
Researcher doesn't indicate when the vulnerability was introduced, asssume all. Plugin is now closed in public repository
https://www.pluginvulnerabilities.com/2019/08/15/cross-site-request-forgery-csrf-arbitrary-file-upload-vulnerability-in-maintenance/
6
Post SMTP Mailer/Email Logunknown, see notesunfixedpost-smtpCross-Site Request Forgery https://wordpress.org/plugins/post-smtp/Remove or use with cautionPlugin
Researcher doesn't indicate when the vulnerability was introduced, asssume all
https://www.pluginvulnerabilities.com/2019/08/16/cross-site-request-forgery-csrf-vulnerability-in-post-smtp/
7
10Web Social Feed for Instagramunknown, see notesunfixedwd-instagram-feedUnauthorized Settings Changehttps://wordpress.org/plugins/wd-instagram-feed/RemovePlugin
Researcher doesn't indicate when the vulnerability was introduced, asssume all. Plugin is now closed in public repository
https://www.pluginvulnerabilities.com/2019/08/12/settings-change-vulnerability-in-instagram-feed-by-10web-10web-social-feed-for-instagram/
8
Social LikeBox & Feedunknown, see notesunfixedfacebook-by-weblizarCross-Site Request Forgery + Cross-Site Scriptinghttps://wordpress.org/plugins/facebook-by-weblizar/RemovePlugin
Researcher doesn't indicate when the vulnerability was introduced, asssume all. Plugin is now closed in public repository
https://www.pluginvulnerabilities.com/2019/08/09/cross-site-request-forgery-csrf-cross-site-scripting-xss-vulnerability-in-social-likebox-feed/
9
cformsII<=15.0.115.0.2cforms2Unauthenticated HTML injectionhttps://wordpress.org/plugins/cforms2/UpdatePlugin
https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-cformsii-plugin/
10
WP Social Feed Galleryunknown, see notes2.4.8insta-galleryMultiple, see noteshttps://wordpress.org/plugins/insta-gallery/UpdatePlugin
Changelog states "Fix nonce validation" for multiple items and "fix current_user_can validation". In looking at the changes, there appears to be several instances of where an authenticated, but unauthorized (lower-roles) user could update plugin settings.
https://wordpress.org/plugins/insta-gallery/#developers
11
Ninja Forms<=3.4.163.4.17ninja-formsUnknown, see noteshttps://wordpress.org/plugins/ninja-forms/UpdatePlugin
Changelog states "Removed an outdated template that was localizing a couple server variables."
https://wordpress.org/plugins/ninja-forms/#developers
12
Formidable Forms<=4.0.24.02.01formidableUnknown, see noteshttps://wordpress.org/plugins/formidable/UpdatePlugin
Changelog states "Security: Fix vulnerability with unserializing." Most likely Object Injection
https://wordpress.org/plugins/formidable/#developers
13
Badge Designer Lite For WooCommerce<=1.0.21.0.3woo-badge-designer-liteUnknown, see noteshttps://wordpress.org/plugins/woo-badge-designer-lite/UpdatePlugin
Commit message states "fix security issues"
https://plugins.trac.wordpress.org/changeset/2139955
14
10Web Player for YouTubeunknown, see notesunfixedwd-youtubeUnknown, see noteshttps://wordpress.org/plugins/wd-youtube/RemovePlugin
Commit message on 20190814 states "Fixed: Security Issues" but plugin is still closed in public repository as of 20190816. Remove until fix is published
https://plugins.trac.wordpress.org/changeset/2139522
15
Flo Social<=2.3.02.3.1flo-instagramUnknown, see noteshttps://wordpress.org/plugins/flo-instagram/UpdatePlugin
Changelog states "Security Updates"
https://wordpress.org/plugins/flo-instagram/#developers
16
Sezzle Woocommerce Payment<=2.0.42.0.5sezzle-woocommerce-paymentUnknown, see noteshttps://wordpress.org/plugins/sezzle-woocommerce-payment/UpdatePlugin
Commit message states "Security fix"
https://plugins.trac.wordpress.org/changeset/2139624
17
10Web Facebook Feedunknown, see notesunfixedwd-facebook-feedUnknown, see noteshttps://wordpress.org/plugins/wd-facebook-feed/Remove, see notesPlugin
Commit message on 20190815 states "Fixed Security Issues" but plugin is closed in public repository as of 20190816. Remove until fix is publicly available.
https://plugins.trac.wordpress.org/changeset/2140059
18
10Web Map Builder for Google Mapsunknown, see notesunfixedwd-google-mapsUnknown, see noteshttps://wordpress.org/plugins/wd-google-maps/Remove, see notesPlugin
Commit message on 20190815 states "Fixed Security Issues" but plugin is closed in public repository as of 20190816. Remove until fix is publicly available.
https://plugins.trac.wordpress.org/changeset/2140034
19
REV – Responsive Embedded Video1.0.01.0.1rev-responsive-embedded-videoUnknown, see noteshttps://wordpress.org/plugins/rev-responsive-embedded-video/UpdatePlugin
Changelog states "Additional security feature"
https://wordpress.org/plugins/rev-responsive-embedded-video/#developers
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...