Enjoy priority support and immediate help for your WordPress sites!

WP Security: 6 plugin vulnerabilities in OCT 2018

WP Security: 6 plugin vulnerabilities in OCTOBER 2018

WP Security bulletin - OCTOBER 2018

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).


    • PDF & Print
      • Unauthenticated Cross-Site-Scripting (XSS) reported by Robin Trost (SySS GmbH). The called URL gets reflected in the tag for the "View PDF" and "Print Content" Buttons. Because the GET-parameter names did not get encoded it is possible to execute JavaScript through the URL. The value of the GET-parameter is encoded correctly, but the name of the GET-parameter is not encoded which leads to the Cross-Site-Scripting. This vulnerability affects all Blog Posts or WordPress Sites where the "View PDF" or "Print Content" Button is displayed.
        • WP Security recommendation: immediately upgrade to version 2.0.3 to fix the vulnerability

    • WooCommerce
      • OBJECTINJECTION reported by Simon Scannell, Karim, and Slavco. WooCommerce 3.4.6 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites as soon as possible. Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions. These issues can be exploited by users with Shop Manager capabilities or greater, and we recommend all users running WooCommerce 3.x upgrade to 3.4.6 to mitigate them.
        • WP Security recommendation: immediately upgrade to version 3.4.6 to fix the vulnerability

    • Pie Register
      • Unauthenticated Cross-Site-Scripting (XSS) reported by Alvaro J. Gene (Socket_0x03).
        • WP Security recommendation: immediately upgrade to version 3.0.18 to fix the vulnerability

    • ARForms
      • Unauthenticated Arbitrary File Deletion reported by Amir Hossein Mahboubi (@Mahboubi66). WordPress Arforms plugin versions 3.5.1 and below suffer from an arbitrary file deletion vulnerability.
        • WP Security recommendation: immediately upgrade to version 3.5.2 to fix the vulnerability

Our only security is our ability to change. ~ John Lilly

The following WordPress plugin vulnerabilities are extremely dangerous. And one of them is a SECURITY plugin, with more than 2 million active installs. The other one got removed this month from the WordPress repository.

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Summary
WP Security: 6 plugin vulnerabilities in OCT 2018
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).
Author
Publisher
owl power EUROPE
https://owlpower.eu/wp-content/uploads/2016/03/logo-owl-power-square-e1467623463429.jpg

Related Posts

Leave a comment