Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: Blog2Social: Social Media Auto Post & Scheduler
Vulnerability: Authenticated SQL Injection
Patched Version: 6.3.1
Recommended Action: Update to version 6.3.1, or a newer patched version
Plugin: bbPress
Vulnerability: Unauthenticated Privilege Escalation
Patched Version: 2.6.5
Recommended Action: Update to version 2.6.5, or a newer patched version
Plugin: Image Photo Gallery Final Tiles Grid
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 3.4.19
Recommended Action: Update to version 3.4.19, or a newer patched version
Plugin: Page Builder: Pagelayer – Drag and Drop website builder
Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version
Plugin: Connections Business Directory
Vulnerability: Authenticated CSV Injection
Patched Version: 9.7
Recommended Action: Update to version 9.7, or a newer patched version
Plugin: ACF to REST API
Vulnerability: Insecure direct object reference via permalinks manipulation
Patched Version: 3.3.0
Recommended Action: Update to version 3.3.0, or a newer patched version
Plugin: Allow svg files
Vulnerability: Authenticated (Admin+) Arbitrary File Upload
Patched Version: 1.1
Recommended Action: Update to version 1.1, or a newer patched version
Plugin: MapPress Maps for WordPress
Vulnerability: Remote Code Execution via Improper Capability Checks in AJAX Calls
Patched Version: 2.54.6
Recommended Action: Update to version 2.54.6, or a newer patched version
Plugin: Page Builder: Pagelayer – Drag and Drop website builder
Vulnerability: Missing Authorization to Cross-Site Scripting
Patched Version: 1.1.2
Recommended Action: Update to version 1.1.2, or a newer patched version
Plugin: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Vulnerability: Cross-Site Scripting
Patched Version: 1.8.18
Recommended Action: Update to version 1.8.18, or a newer patched version
Plugin: bbPress
Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting via the forums list table
Patched Version: 2.6.5
Recommended Action: Update to version 2.6.5, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.
