Scroll Top

WP Security: 5 plugin vulnerabilities in July 2018

By Csaba, Miklós WP Maintenance WP SERVICES 6 August 2018

WP SECURITY: 5 PLUGIN VULNERABILITIES IN JULY 2018

At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month:

  1. Open Graph for Facebook, Google+ and Twitter Card Tags
    • Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
      • WordPress Maintenance recommendation: immediately upgrade to version 2.2.4.2 to fix the vulnerability
  2. All In One Favicon
    • Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
      • WordPress Maintenance recommendation: immediately upgrade to version 4.7 to fix the vulnerability
  3. Geo Mashup
    • Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of the post editor and other user input.
      • WordPress Maintenance recommendation: immediately upgrade to version 1.10.4 to fix the vulnerability

    4. Our only security is our ability to change. ~ John Lilly

    WP Security
  4. Multi Step Form
    • Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). WordPress Plugin Multi-Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, with the use of CSRF.
      • WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 30, 2018 and is no longer available for download.
  5. Snazzy Maps
    • Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Snazzy Maps plugin for WordPress CMS, multiple Cross-Site Scripting (XSS) vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform.
      • WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 29, 2018 and is no longer available for download.

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

WP Security

We're passionate about helping you grow and make your impact

Continue being informed



Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.

Related Posts

THEMES VULNERABILITY 2022
WP Themes vulnerability SEP 2022: 2 new risks

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

06 Sep 2022
WPS
WordPress 4.8.1

The new WordPress 4.8.1 maitenance update contains 29 maintenance fixes and enhancements to the 4.8 release series. Changes worth mentioning are: fixes to the rich Text widget and the introduction of the Custom HTML widget. Administration #40982 – Permalink Settings: custom structure field keyboard trap Build/Test Tools #41327 – Bump…

07 Aug 2017
WP SECURITY
7 WordPress Security Core Vulnerabilities in December 2018

7 WordPress Security Core Vulnerabilities in December 2018 For your WordPress Security, be informed about the NEW WP Core Vulnerabilities. Publicly known since its first official report on December 14, 2018. WordPress <= 5.0 – Authenticated File Delete Description: Karim El Ouerghemmi discovered that authors could alter meta data to…

10 Jan 2019
WP SECURITY
WP Security: 2 premium theme vulnerabilities in February 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress themes: Enfold Theme Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton https://www.dogsbodytechnology.com/. The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security…

05 Mar 2018
WORDPRESS PROTECTION
TOP 3 always ignored WordPress protection

TOP 3 always ignored WordPress protection Everybody wants what is best for them, there are no exceptions. When we’re doing on-demand cleaning services, like malware CLEANUP or undo DISASTERS (infection/hack removal); we often hired to do also a Security AUDIT to find out how this happened and do the necessary…

12 Mar 2019
WP CORE VULNERABILITY 2022
Caution: CRITICAL WP Core Vulnerability MAY 2021

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

11 Jun 2021
THEMES VULNERABILITY 2022
WP Themes vulnerability AUG 2022: 3 new risks

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

16 Aug 2022
WP ERROR DB CONNECTION
WP Maintenance disaster – Error establishing a database connection

WP Maintenance disaster Error establishing a database connection As a WordPress owner, this might be awfully frustrating specifically when it took place by itself without you changing anything. You are getting this error because WordPress is not able to establish a database connection. Now the reason WordPress is unable to…

25 Apr 2019
WP SECURITY
WordPress protection: Core vulnerabilities September

For your WordPress protection, be informed about the latest WordPress Core vulnerabilities fixed in security release WordPress 4.8.2 from September 2017. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly…

02 Oct 2017
THEMES VULNERABILITY 2022
WP Themes vulnerability APR 2023: 17 premium risks

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

03 Apr 2023
WP CORE VULNERABILITY 2022
3 WP Core Vulnerability APR 2022: Critical Caution

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

13 Apr 2022
THEMES VULNERABILITY 2022
WP Themes vulnerability JUL 2023: 6 premium risks

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

10 Jul 2023
THEMES VULNERABILITY 2022
WP Theme CVE AUG 2024: 47 Premium Hack risk

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

18 Aug 2024
THEMES VULNERABILITY 2022
WP Theme CVE JUL 2024: 59 Premium Hack risk

We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…

14 Jul 2024
VULNERABILITY
WordPress Security explained: Vulnerability

WordPress Security explained: Vulnerability In WordPress Security, a vulnerability is a weak point which can be made use of by a cyber attack to get unauthorised access to or perform unapproved actions on a computer system. Vulnerabilities can allow opponents to run code, circumvent WordPress protection, access a system’s memory,…

27 Sep 2019
owlpower.eu
×
Top Searches:
infected hacked migrate perfect pagespeed managed monitoring