Get priority WP Support NOW and immediate help for HACKED, INFECTED, CRASHED, LOCKED-OUT, NOT-WORKING sites!

WP Security: 11 plugin vulnerabilities in June 2018

WP Security: 11 plugin vulnerabilities in June 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins:

  1. Redirection
    • Authenticated Local File Inclusion reported by Ryan (Dewhurst Security). ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem. If you are logged in as an administrator on any site by using the setup page for the redirection plugin you can run arbitrary code and completely compromise the system. The software uses the external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
      • immediately upgrade to version 2.8 to fix the vulnerability

  2. Tooltipy (tooltips for WP)
    • Unauthenticated Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Reflected XSS in Tooltipy (tooltips for WP) could allow anybody to do almost anything an admin can. Tootipy contains reflected XSS in the [kttg_glossary] shortcode meaning that admin users’ browsers can be hijacked by anybody who sends them a link. The hijacked browser can be made to do almost anything an admin user can normally do. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    • Cross-Site Request Forgery (CSRF) reported by Ryan (Dewhurst Security). CSRF in Tooltipy (tooltips for WP) could allow anybody to duplicate posts. There is a CSRF vulnerability in Tooltipy’s “KTTG Converter” feature which allows anybody able to convince an admin to follow a link to duplicate posts. The PoC provided below allows duplicating every post with post_type post. The most obvious malicious use of this vulnerability would be to fill up a disk or database quota which might lead to denial of service or other issues.
      • immediately upgrade to version 5.1 to fix both vulnerabilities

  3. Pie Register
    • Authenticated Blind SQL Injection reported by Ryan (Dewhurst Security). SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
      • immediately upgrade to version 3.0.10 to fix the vulnerability

  4. Our only security is our ability to change. ~ John Lilly

  5. Ultimate Form Builder Lite
    • Multiple Vulnerabilities reported by Ryan (Dewhurst Security). SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the WordPress site in question.
      • immediately upgrade to version 1.3.8 to fix the vulnerability
      • Consider owl CONTACTS as a more secure replacement candidate.

  6. Advanced Order Export For WooCommerce
    • CSV Injection reported by Ryan (Dewhurst Security). The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
      • immediately upgrade to version 1.5.5 to fix the vulnerability

  7. WordPress Comments Import & Export
    • CSV Injection reported by Ryan (Dewhurst Security). The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
      • immediately upgrade to version 2.0.5 to fix the vulnerability

  8. At the end of the day, the goals are simple: safety and security. ~ Jodi Rell

  9. Open Graph for Facebook, Google+ and Twitter Card Tags
    • Authenticated Reflected XSS reported by hakluke https://www.hackercollab.com/. There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wd_fb_og_error parameter on a GET request when editing a post. This can be exploited by tricking an authenticated WordPress administrator into clicking a malicious link.
      • immediately upgrade to version 2.2.4.1 to fix the vulnerability

  10. iThemes Security
    • Authenticated SQL Injection reported by Çlirim Emini https://www.sentry.co.com/. The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. iThemes Security appears to be vulnerable to time-based SQL-Injection. The parameter "orderby" is vulnerable because backend variable $sort_by_column is not escaped. Privileges required: Admin user.
      • immediately upgrade to version 7.0.3 to fix the vulnerability

  11. Email Subscribers & Newsletters
    • Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
      • immediately upgrade to version 3.5.0 to fix the vulnerability

  12. Site Reviews
    • Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
      • immediately upgrade to version 2.15.3 to fix the vulnerability

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Summary
WP Security: 11 plugin vulnerabilities in June 2018
Article Name
WP Security: 11 plugin vulnerabilities in June 2018
Description
For your WP Security, be informed about the latest 11 vulnerabilities in WordPress plugins from June 2018.
Author
Publisher
owl power
https://owlpower.eu/wp-content/uploads/2016/10/owlpowerlogo.jpg

Related Posts

Leave a comment