Get priority WP Support NOW and immediate help for HACKED, INFECTED, CRASHED, LOCKED-OUT, NOT-WORKING sites!

WP Security: plugin vulnerabilities August

WP Security: plugin vulnerabilities August

For your WordPress protection, be informed about the latest vulnerabilities in WP plugins:

  1. AddToAny Share Buttons
    • Conditional Host Header Injection reported by Paul Dannewitz. It's possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when users click the buttons. Combined with a web cache poisoning, every user would share the malicious website.
      • immediately update to version 1.7.14 to fix vulnerability
  2. Embed Images in Comments
    • Unauthenticated Stored XSS, Cross-Site Scripting (XSS) reported by Gennady (https://codeseekah.com). Unescaped src and href attribute replacements allows breaking out of the generated replacement tags.
      • immediately update to version 0.5 to fix vulnerability
  3. Photo Gallery by WD
    • Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
      • immediately update to version 1.1.46 to fix vulnerability
  4. BackupGuard
    • Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
      • immediately update to version 1.1.46 to fix vulnerability
  5. WooCommerce Product Vendors
    • Unauthenticated Reflected Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
      • immediately update to version 2.0.27 to fix vulnerability

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Related Posts