8 important WordPress plugins vulnerability

Today we discuss some important WordPress plugins recently discovered vulnerability

Vulnerabilities discovered in WordPress plugins


Unrestricted File Upload in Contact Form 7 plugin


Contact Form 7 plugin for WP that allows its users to add multiple contact forms on their site has an Unrestricted File Upload vulnerability in version 5.3.1 and below.
This plugin is installed on over 5 million WordPress sites. By exploiting this vulnerability, the hackers can upload malicious files into your website and can also plant backdoors.
The patched version of this plugin is v5.3.2 and above.


Debug Log Disclosure vulnerability in Easy WP SMTP plugin


Easy WP SMTP plugin for WordPress that allows its users to configure and send all outgoing emails via an SMTP server has a debug log disclosure vulnerability in its plugin version below 1.4.3.
This plugin is installed on over 500K WordPress sites. By exploiting this vulnerability, the hackers can reset the admin password and take complete control of a compromised WordPress website.
The patched versions of this plugin are v4.1.3 and above.

Authenticated SQL Injection in WP Google Map plugin

WP Google Map plugin for WordPress that allows its users to create google maps shortcodes to display responsive google maps on pages, widgets, and custom templates, has an authenticated SQL injection vulnerability in its plugin version below 4.1.4.
This plugin is installed on over 100K WordPress sites. If you’re using this plugin, it is recommended to update to its latest version 4.1.4.


Multiple vulnerabilities in WPJobBoard plugin


WPJobBoard WordPress Plugins that allows its users to run a job board on a website – has multiple vulnerabilities in its plugin version below 5.7.0.
The patched versions of this plugin are v5.7.0 and above.


XSS in WP-PostRatings plugin


WP-PostRatings plugin for WordPress has a Cross-Site Scripting (XSS) vulnerability in its plugin versions 1.86 and below.
This plugin is installed on over 80K WordPress sites. If you’re using this plugin, it is recommended to update to its latest version 1.89.


Unauthenticated Arbitrary File Read vulnerability in W3 Total Cache plugin


W3 Total Cache plugin for WordPress that helps its users with SEO and CDN has an unauthenticated arbitrary file upload vulnerability in its plugin version below 2.0.1
This plugin is installed on over 1 million WordPress sites. The patched versions of this plugin are v2.0.1 and above.


Multiple Stored XSS in WordPress Popup Builder plugin


Popup Builder plugin for WordPress that allows its users to create and manage promotion modal popups for their WordPress blog or website – has multiple stored Cross-site Scripting (XSS) vulnerabilities in plugin versions <=3.69.6.
This plugin is installed on over 200K WordPress sites. The patched versions of this plugin are v3.69.7 and above. It is advised to update the plugin to its latest version 3.71

Multiple vulnerabilities in Limit Login Attempts Reloaded plugin


Limit Login Attempts Reloaded plugin for WordPress that allows its users to limit the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce, and custom login pages – has multiple vulnerabilities in its plugin:
Authenticated Reflected Cross-Site Scripting (XSS) in plugin versions 2.15.2 and below. [CVE- 2020-35589]
Login Rate Limiting Bypass vulnerability in plugin versions 2.17.3 and below. [CVE- 2020-35590]
This login security plugin is installed on over 1 million WordPress sites. By exploiting this vulnerability, the hackers can reset the admin password and take complete control of a compromised WordPress website.
The latest version of this plugin is v2.18.0 and above.

wordpress plugins
checkout for wordPress plugins security

Source

Read More WordPress security checklist

WordPress security tips

close
About Sachin Tiwari 73 Articles
I am a software engineer, and have an interest in web security or cybersecurity, love to learn in website security topic and sharing with others

Be the first to comment

Leave a Reply