For your WordPress protection, be informed about the latest vulnerabilities in WP plugins:
- AddToAny Share Buttons
- Conditional Host Header Injection reported by Paul Dannewitz. It's possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when users click the buttons. Combined with a web cache poisoning, every user would share the malicious website.
- immediately update to version 1.7.14 to fix vulnerability
- Embed Images in Comments
- Unauthenticated Stored XSS, Cross-Site Scripting (XSS) reported by Gennady (https://codeseekah.com). Unescaped src and href attribute replacements allows breaking out of the generated replacement tags.
- immediately update to version 0.5 to fix vulnerability
- Photo Gallery by WD
- Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 1.1.46 to fix vulnerability
- BackupGuard
- Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 1.1.46 to fix vulnerability
- WooCommerce Product Vendors
- Unauthenticated Reflected Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
- immediately update to version 2.0.27 to fix vulnerability
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
We're passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.