Understanding Vulnerabilities in WordPress Plugins
Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.
Plugin: WP Product Review Lite
Vulnerability: Unauthenticated Stored Cross Site Scripting
Patched Version: 3.7.6
Recommended Action: Update to version 3.7.6, or a newer patched version
Plugin: WordPress Infinite Scroll – Ajax Load More
Vulnerability: SQL Injection
Patched Version: 5.3.2
Recommended Action: Update to version 5.3.2, or a newer patched version
Plugin: Team Members
Vulnerability: Authenticated Cross-Site Scripting
Patched Version: 5.0.4
Recommended Action: Update to version 5.0.4, or a newer patched version
Plugin: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Vulnerability: SQL Injection via bwg_search_x Parameter
Patched Version: 1.5.55
Recommended Action: Update to version 1.5.55, or a newer patched version
Plugin: Login/Signup Popup ( Inline Form + Woocommerce )
Vulnerability: Missing Authorization
Patched Version: 1.5
Recommended Action: Update to version 1.5, or a newer patched version
Plugin: WP Frontend Profile
Vulnerability: Cross-Site Request Forgery
Patched Version: 1.2.2
Recommended Action: Update to version 1.2.2, or a newer patched version
Plugin: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Vulnerability: Authenticated SQL Injection
Patched Version: 2.3.3
Recommended Action: Update to version 2.3.3, or a newer patched version
Plugin: Simple File List
Vulnerability: Arbitrary File Deletion
Patched Version: 4.2.8
Recommended Action: Update to version 4.2.8, or a newer patched version
Plugin: Easy Testimonials
Vulnerability: Authenticated Stored Cross-Site Scripting
Patched Version: 3.6
Recommended Action: Update to version 3.6, or a newer patched version
Plugin: Visual Composer Website Builder
Vulnerability: Multiple Cross-Site Scripting
Patched Version: 27.0
Recommended Action: Update to version 27.0, or a newer patched version
***
Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.