For your WP Security, be informed about the latest vulnerabilities in WordPress plugins:
- WP Security Audit Log Plugin
- Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
- immediately upgrade to version 3.1.2 to fix the vulnerability
- Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
- WordPress File Upload
- Security Issue in Shortcodes reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
- Cross-Site Scripting (XSS) reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
- immediately upgrade to version 4.3.4 to fix both vulnerabilities
- My Calendar
- Authenticated Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com/. An authenticated user, who can add new events, can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized.
- immediately upgrade to version 2.5.17 to fix the vulnerability
- Authenticated Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com/. An authenticated user, who can add new events, can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized.
- WP Background Takeover
- Directory Traversal reported by Colette Chamberland (@cjchamberland; https://defiant.com). Allows for an attacker to browse files via the download.php file. https://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
- immediately upgrade to version 4.1.5 to fix the vulnerability
- Directory Traversal reported by Colette Chamberland (@cjchamberland; https://defiant.com). Allows for an attacker to browse files via the download.php file. https://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
- Relevanssi
- Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
- immediately upgrade to version 4.0.5 to fix the vulnerability
- Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
- Contact Form 7 to Database Extension
- CSV Injection reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
- immediately upgrade to version 2.10.36 to fix the vulnerability
- This plugin has been closed and is no longer available for download. https://wordpress.org/plugins/contact-form-7-to-database-extension/
- CSV Injection reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
- WP Live Chat Support
- Unauthenticated Stored XSS reported by Luigi https://www.gubello.me/blog/. An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439). WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too.
- immediately upgrade to version 8.0.06 to fix the vulnerability
- Unauthenticated Stored XSS reported by Luigi https://www.gubello.me/blog/. An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439). WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too.
- WP Image Zoom
- Cross-Site Request Forgery (CSRF) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
- immediately upgrade to version 1.24 to fix the vulnerability
- Cross-Site Request Forgery (CSRF) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
- Responsive Cookie Consent
- Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim’s browser when they visit the website.
- immediately upgrade to version 1.8 to fix the vulnerability
- Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim’s browser when they visit the website.
- UK Cookie Consent
- Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim’s web browser.
- immediately upgrade to version 2.3.10 to fix the vulnerability
- Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim’s web browser.
- Caldera Forms
- Multiple Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
- immediately upgrade to version 1.6.0 to fix the vulnerability
- Multiple Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
Our only security is our ability to change. ~ John Lilly
At the end of the day, the goals are simple: safety and security. ~ Jodi Rell
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
