Watch Out Wednesday – May 20, 2020

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: WP Product Review Lite

Vulnerability: Unauthenticated Stored Cross Site Scripting
Patched Version: 3.7.6
Recommended Action: Update to version 3.7.6, or a newer patched version

Plugin: WordPress Infinite Scroll – Ajax Load More

Vulnerability: SQL Injection
Patched Version: 5.3.2
Recommended Action: Update to version 5.3.2, or a newer patched version

Plugin: Team Members

Vulnerability: Authenticated Cross-Site Scripting
Patched Version: 5.0.4
Recommended Action: Update to version 5.0.4, or a newer patched version

Plugin: Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Vulnerability: SQL Injection via bwg_search_x Parameter
Patched Version: 1.5.55
Recommended Action: Update to version 1.5.55, or a newer patched version

Plugin: Login/Signup Popup ( Inline Form + Woocommerce )

Vulnerability: Missing Authorization
Patched Version: 1.5
Recommended Action: Update to version 1.5, or a newer patched version

Plugin: WP Frontend Profile

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version

Plugin: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Vulnerability: Authenticated SQL Injection
Patched Version: 2.3.3
Recommended Action: Update to version 2.3.3, or a newer patched version

Plugin: Simple File List

Vulnerability: Arbitrary File Deletion
Patched Version: 4.2.8
Recommended Action: Update to version 4.2.8, or a newer patched version

Plugin: Easy Testimonials

Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 3.6
Recommended Action: Update to version 3.6, or a newer patched version

Plugin: Visual Composer Website Builder

Vulnerability: Multiple Cross-Site Scripting
Patched Version: 27.0
Recommended Action: Update to version 27.0, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Recent Posts

WordPress