20181207 Vulnerable Plugins/Themes Report
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
NameVersion(s) AffectedFixed in VersionPlugin DirectoryVulnerabilityLink/Plugin StatusSuggested ActionPlugin/ThemeOther NotesSource
2
Kiwi Social Sharing2.0.10 and earlier2.0.11kiwi-social-shareArbitrary Options Updatehttps://wordpress.org/plugins/kiwi-social-share/UpdatePlugin
https://blog.nintechnet.com/critical-vulnerability-in-wordpress-kiwi-social-sharing-plugin-actively-exploited/
3
Arigato Autoresponder and Newsletter2.5.1.8 and earlier2.5.2bft-autoresponderAuthenticated Blind SQL Injectionhttps://wordpress.org/plugins/bft-autoresponder/UpdatePlugin
Requires an authenticated user with a role that allows them to access the plugin's settings page
http://www.vapidlabs.com/advisory.php?v=203
4
Arigato Autoresponder and Newsletter2.5.1.8 and earlier2.5.3bft-autoresponderMultiple Cross-Site Scriptinhttps://wordpress.org/plugins/bft-autoresponder/UpdatePlugin
Requires a user with a role that allows them to access the plugin's settings page
http://www.vapidlabs.com/advisory.php?v=203
5
Ninja Forms3.3.19 and earlier3.3.19.1ninja-formsAuthenticated Open Redirecthttps://wordpress.org/plugins/ninja-forms/UpdatePlugin
https://wpvulndb.com/vulnerabilities/9154
6
Redirection3.6.2 and earlier3.6.3redirectionCross-Site Request Forgeryhttps://wordpress.org/plugins/redirection/UpdatePlugin
https://www.ripstech.com/php-security-calendar-2018/
7
Redirection3.6.2 and earlier3.6.3redirectionRemote Code Executionhttps://wordpress.org/plugins/redirection/Update ImmediatelyPlugin
https://www.ripstech.com/php-security-calendar-2018/ day 5
8
Toolset Types2.3.3 and earlier2.3.4typesPrivilege Escalationhttps://wordpress.org/plugins/types/Update ImmediatelyPlugin
https://www.ripstech.com/php-security-calendar-2018/ day 7
9
WooCommerce3.4.5 and earlier3.4.6woocommerceAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/woocommerce/UpdatePlugin
Requires an authenticated user with a role of Shop Manager or greater
https://www.ripstech.com/php-security-calendar-2018/ day 1
10
WooCommerce3.4.5 and earlier3.4.6woocommercePrivilege Escalationhttps://wordpress.org/plugins/woocommerce/Update ImmediatelyPlugin
https://www.ripstech.com/php-security-calendar-2018/ day 6
11
WooCommerce3.4.5 and earlier3.4.6woocommerceRemote Code Executionhttps://wordpress.org/plugins/woocommerce/Update ImmediatelyPlugin
RCE occurs via phar deserialization
https://www.ripstech.com/php-security-calendar-2018/ day 3
12
All in One SEO Pack2.9.1.1 and earlier2.10all-in-one-seo-packAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/all-in-one-seo-pack/UpdatePlugin
Requires an authenticated user with a role of contributor or greater. Fixed: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1987196%40all-in-one-seo-pack%2Ftags%2F2.10&old=1881030%40all-in-one-seo-pack%2Ftrunk#file25
https://www.ripstech.com/php-security-calendar-2018/ day 4
13
Google Analytics by Monster Insights7.1.0 and earlier7.2.0google-analytics-for-wordpressAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/google-analytics-for-wordpress/UpdatePlugin
Requires an authenticated user with a role of contributor or greater.
https://www.ripstech.com/php-security-calendar-2018/ day 2
14
WP Mail SMTP by WPForms1.3.3 and earlier1.4.0wp-mail-smtpAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/wp-mail-smtp/UpdatePlugin
Requires an authenticated user with a role of contributor or greater.
https://www.ripstech.com/php-security-calendar-2018/ day 2
15
Contact Form by WPForms1.4.7 and earlier1.4.8wpforms-liteAuthenticated Stored Cross-Site Scriptinghttps://wordpress.org/plugins/wpforms-lite/UpdatePlugin
Requires an authenticated user with a role of contributor or greater.
https://www.ripstech.com/php-security-calendar-2018/ day 2
16
PropertyHive1.4.25 and earlier1.4.26propertyhiveUnvalidated Input to do_actionUpdatePlugin
https://wpvulndb.com/vulnerabilities/9160
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu