At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month:
- Open Graph for Facebook, Google+ and Twitter Card Tags
- Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
- WordPress Maintenance recommendation: immediately upgrade to version 2.2.4.2 to fix the vulnerability
- Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
- All In One Favicon
- Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
- WordPress Maintenance recommendation: immediately upgrade to version 4.7 to fix the vulnerability
- Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
- Geo Mashup
- Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of the post editor and other user input.
- WordPress Maintenance recommendation: immediately upgrade to version 1.10.4 to fix the vulnerability
- Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of the post editor and other user input.
- Multi Step Form
- Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). WordPress Plugin Multi-Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, with the use of CSRF.
- WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 30, 2018 and is no longer available for download.
- Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). WordPress Plugin Multi-Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, with the use of CSRF.
- Snazzy Maps
- Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Snazzy Maps plugin for WordPress CMS, multiple Cross-Site Scripting (XSS) vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform.
- WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 29, 2018 and is no longer available for download.
- Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Snazzy Maps plugin for WordPress CMS, multiple Cross-Site Scripting (XSS) vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform.
Our only security is our ability to change. ~ John Lilly
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
