Enjoy priority support and immediate help for your WordPress sites!

WP Security: 5 plugin vulnerabilities in July 2018

WP Security: 5 plugin vulnerabilities in July 2018

At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month:


  1. Open Graph for Facebook, Google+ and Twitter Card Tags
    • Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

  2. All In One Favicon
    • Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.

  3. Geo Mashup
    • Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of the post editor and other user input.

  4. Our only security is our ability to change. ~ John Lilly


  5. Multi Step Form
    • Unauthenticated Cross-Site Scripting (XSS) reported by Javier Olmedo (https://hackpuntes.com). WordPress Plugin Multi-Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, with the use of CSRF.
      • WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 30, 2018 and is no longer available for download.

  6. Snazzy Maps
    • Unspecified Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Snazzy Maps plugin for WordPress CMS, multiple Cross-Site Scripting (XSS) vulnerabilities were discovered using DefenseCode ThunderScan application source code security analysis platform.
      • WordPress Maintenance recommendation: IMMEDIATELY UNISTALL THIS PLUGIN! This plugin was closed on July 29, 2018 and is no longer available for download.

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Summary
WP Security: 5 plugin vulnerabilities in July 2018
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month.
Author
Publisher
owl power EUROPE
https://owlpower.eu/wp-content/uploads/2016/03/logo-owl-power-square-e1467623463429.jpg

Related Posts

Leave a comment