Scroll Top

WP Security: 11 plugin vulnerabilities in April 2018

WP SECURITY: 11 PLUGIN VULNERABILITIES IN APRIL 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins:

  1. WP Security Audit Log Plugin
    • Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
      • immediately upgrade to version 3.1.2 to fix the vulnerability

  2. WordPress File Upload
    • Security Issue in Shortcodes reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
    • Cross-Site Scripting (XSS) reported by Ryan (https://dewhurstsecurity.com/; @ethicalhack3r). The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
      • immediately upgrade to version 4.3.4 to fix both vulnerabilities

  3. Our only security is our ability to change. ~ John Lilly

  4. My Calendar
    • Authenticated Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com/. An authenticated user, who can add new events, can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized.
      • immediately upgrade to version 2.5.17 to fix the vulnerability

  5. WP Background Takeover
    • Directory Traversal reported by Colette Chamberland (@cjchamberland; https://defiant.com). Allows for an attacker to browse files via the download.php file. https://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
      • immediately upgrade to version 4.1.5 to fix the vulnerability

  6. Relevanssi
    • Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
      • immediately upgrade to version 4.0.5 to fix the vulnerability

  7. At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

  8. Contact Form 7 to Database Extension
    • CSV Injection reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
      • immediately upgrade to version 2.10.36 to fix the vulnerability
      • This plugin has been closed and is no longer available for download. https://wordpress.org/plugins/contact-form-7-to-database-extension/

  9. WP Live Chat Support
    • Unauthenticated Stored XSS reported by Luigi https://www.gubello.me/blog/. An unauthenticated user can inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. The arbitrary code runs on the page wplivechat-menu-history. In the file wp-live-chat-support.php there is no sanitization of $result->id (row 4439). WP Live Chat Support 8.0.05 is vulnerable, probably earlier versions too.
      • immediately upgrade to version 8.0.06 to fix the vulnerability

  10. WP Image Zoom
    • Cross-Site Request Forgery (CSRF) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
      • immediately upgrade to version 1.24 to fix the vulnerability

  11. Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

  12. Responsive Cookie Consent
    • Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the website.
      • immediately upgrade to version 1.8 to fix the vulnerability

  13. UK Cookie Consent
    • Authenticated Stored Cross-Site Scripting (XSS) reported by B0UG. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser.
      • immediately upgrade to version 2.3.10 to fix the vulnerability

  14. Caldera Forms
    • Multiple Cross-Site Scripting (XSS) reported by Ryan (@ethicalhack3r; https://dewhurstsecurity.com). Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
      • immediately upgrade to version 1.6.0 to fix the vulnerability

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

We're passionate about helping you grow and make your impact

Continue being informed



Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.

Related Posts

owlpower.eu
×