For your WordPress protection, be informed about the latest vulnerabilities in WP plugins:
- AddToAny Share Buttons
- Conditional Host Header Injection reported by Paul Dannewitz. It's possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when users click the buttons. Combined with a web cache poisoning, every user would share the malicious website.
- immediately update to version 1.7.14 to fix vulnerability
- Embed Images in Comments
- Unauthenticated Stored XSS, Cross-Site Scripting (XSS) reported by Gennady (https://codeseekah.com). Unescaped src and href attribute replacements allows breaking out of the generated replacement tags.
- immediately update to version 0.5 to fix vulnerability
- Photo Gallery by WD
- Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 1.1.46 to fix vulnerability
- BackupGuard
- Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 1.1.46 to fix vulnerability
- WooCommerce Product Vendors
- Unauthenticated Reflected Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 2.0.27 to fix vulnerability
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
