Login
Facebook-f Linkedin-in Youtube

Watch Out Wednesday – November 4, 2020

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Core: WordPress

Vulnerability: Privilege Escalation via XML-RPC
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Core: WordPress

Vulnerability: Reflected Cross-Site Scripting via Global Variables
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Core: WordPress

Vulnerability: Deserialization Gadget
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Core: WordPress

Vulnerability: PHP Object Injection Gadget
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.8, 5.2.9, 5.3.6, 5.4.4, 5.5.3

Core: WordPress

Vulnerability: Cross-Site Request Forgery to Theme Image Change
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Core: WordPress

Vulnerability: Stored Cross-Site Scripting via post slugs
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Plugin: Simple File List

Vulnerability: Remote Code Execution
Patched Version: 4.2.3
Recommended Action: Update to version 4.2.3, or a newer patched version

Plugin: GDPR CCPA Compliance & Cookie Consent Banner

Vulnerability: PHP Object Injection
Patched Version: 2.4
Recommended Action: Update to version 2.4, or a newer patched version

Core: WordPress

Vulnerability: Misconfiguration That Allows Trigger of New Installation
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Plugin: SW Ajax WooCommerce Search

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.2.8
Recommended Action: Update to version 1.2.8, or a newer patched version

Core: WordPress

Vulnerability: Arbitrary File Deletion
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Plugin: AccessPress Social Icons

Vulnerability: Author+ SQL Injection
Patched Version: 1.8.1
Recommended Action: Update to version 1.8.1, or a newer patched version

Core: WordPress

Vulnerability: Spam Embed on Multisite Installations
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

Core: WordPress

Vulnerability: Privilege Escalation via XML-RPC
Patched Version: 3.7.35
Recommended Action: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Picture of Odell Duppins Jr

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.

Recent Posts

WordPress

Login