WP Security: plugin vulnerabilities October

November 1, 2017
WP Security: plugin vulnerabilities October

For your , be informed about the latest vulnerabilities in WordPress plugins:

  1. Content Timeline
    • Multiple Blind SQL Injection reported by Jeroen (IT Nerdbox). One unauthenticated and two authenticated injections in the premium 'Content Timeline' WP plugin. Author contacted twice without any response.
      • remove this plugin to fix vulnerabilities, as these seriously affects your WordPress Security
  2. Appointments
    • Unauthenticated PHP Object Injection reported by Dewhurst . This vulnerability allowed attackers to cause a vulnerable website to fetch a remote file (a PHP backdoor) and save it to a location of their choice. It required no authentication or elevated privileges.
      • immediately to version 2.2.2 to fix vulnerability
  3. Flickr Gallery
    • Unauthenticated PHP Object Injection reported by Dewhurst . This vulnerability allowed attackers to cause a vulnerable website to fetch a remote file (a PHP backdoor) and save it to a location of their choice. It required no authentication or elevated privileges. For sites running Flickr Gallery, the attackers only had to send the exploit as POST request to the site’s root URL.
      • immediately to version 1.5.3 to fix vulnerability
  4. RegistrationMagic-Custom Registration Forms
    • Unauthenticated PHP Object Injection reported by Dewhurst . This vulnerability allowed attackers to cause a vulnerable website to fetch a remote file (a PHP backdoor) and save it to a location of their choice. It required no authentication or elevated privileges.
      • immediately to version 3.7.9.3 to fix vulnerability
  5. Smush Image Compression and Optimization
    • File Transversal reported by Dewhurst . This vulnerability allowed attackers to create or overwrite critical files that are used to execute code, such as programs or libraries.
      • immediately to version 2.7.6 to fix vulnerability
  6. Simple Login Log
    • Authenticated SQL Injection reported by Dewhurst . Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Due to the missing nonce token, the attacker the vulnerable code is also directly exposed to attack vectors such as Cross-Site request forgery (CSRF).
      • immediately to version 1.1.2 to fix vulnerability
  7. WPHRM
    • Authenticated SQL Injection reported by David Hayes (https://wpshout.com). The vulnerability allows an employee users to inject SQL commands.
      • immediately update to version 1.1 to fix vulnerability
  8. Pootle button
    • Authenticated Cross-Site Scripting (XSS) reported by Dewhurst Security. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
      • immediately update to version 1.2.0 to fix vulnerability
  9. Invite Anyone
    • Unauthenticated PHP Object Injection reported by Robert R (https://pagely.com). The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector
      • immediately update to version 1.3.19 to fix vulnerability

Protect your WordPress!

BEFORE IT'S TOO LATE! You will also your customers, your reputation and your online business.

No comments

Leave a Reply

Your email address will not be published.

WP Security: plugin vulnerabilities October

by Csaba Miklós time to read: 5 min
0