WP Security: plugin vulnerabilities August
For your WordPress protection, be informed about the latest vulnerabilities in WP plugins:
- AddToAny Share Buttons
- Conditional Host Header Injection reported by Paul Dannewitz. It's possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when users click the buttons. Combined with a web cache poisoning, every user would share the malicious website.
- immediately update to version 1.7.14 to fix vulnerability
- Embed Images in Comments
- Unauthenticated Stored XSS, Cross-Site Scripting (XSS) reported by Gennady (https://codeseekah.com). Unescaped src and href attribute replacements allows breaking out of the generated replacement tags.
- immediately update to version 0.5 to fix vulnerability
- Photo Gallery by WD
- WooCommerce Product Vendors
Protect your WordPress!
BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business.