WordPress Flaws and Vulnerabilities

WordPress Vulnerabilities 2021 week 23 via Patchstack

Blog WordPress Flaws and Vulnerabilities WordPress Vulnerabilities 2021 week 23 via Patchstack
0 comments

Vulnerabilities discovered in plugins, themes and WordPress Core from june 2021, 07th to 13th

Stripe Payment Gateway for WooCommerce

Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Stripe Payment Gateway for WooCommerce plugin (versions <= 3.5.9).



WP Hardening

Reflected Cross-Site Scripting (XSS) vulnerability discovered by dc11 in WordPress WP Hardening plugin (versions <= 1.2.1).



Comments Like Dislike

Repeated Voting Restriction Bypass vulnerability discovered by Phu Tran in WordPress Comments Like Dislike plugin (versions <= 1.1.3).



Recently

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Yu Iwama of Secure Sky Technology Inc. and the JPCERT/CC Vulnerability Coordination Group in WordPress Recently plugin (versions <= 3.0.4).



Recently

Authenticated Code Injection vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Recently plugin (versions <= 3.0.4).



WordPress Popular Posts

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Yu Iwama of Secure Sky Technology Inc. and the JPCERT/CC Vulnerability Coordination Group in WordPress Popular Posts plugin (versions <= 5.3.2).



WP Google Maps

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Mohammed Adam in WordPress WP Google Maps plugin (versions <= 8.1.11).



Jannah

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Truoc Phan in WordPress Jannah premium theme (versions <= 5.4.3).



Edwiser Bridge

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities discovered by NinTechNet in WordPress Edwiser Bridge plugin (versions <= 2.0.6).



Multiple Roles

Cross-Site Request Forgery (CSRF) vulnerability discovered by NinTechNet in WordPress Multiple Roles plugin (versions <= 1.3.1).



Custom css-js-php

Cross-Site Request Forgery (CSRF) vulnerability discovered by NinTechNet WordPress Custom css-js-php plugin (versions <= 2.0.7).



Qtranslate Slug

Cross-Site Request Forgery (CSRF) vulnerability discovered by NinTechNet in WordPress Qtranslate Slug plugin (versions <= 1.1.18).



WP Prayer

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by NinTechNet in the WordPress WP Prayer plugin (versions <= 1.6.5).



WC Marketplace

Cross-Site Request Forgery (CSRF) vulnerability discovered by NinTechNet in WordPress WC Marketplace plugin (versions <= 3.7.3).



JoomSport

Unauthenticated PHP Object Injection vulnerability discovered by Bugbang in WordPress JoomSport plugin (versions <= 5.1.5).



Motor

Unauthenticated Local File Inclusion (LFI) vulnerability discovered by Harald Eilertsen (JetPack) in WordPress Motor premium theme (versions <= 3.0).



Easy Cookies Policy

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by 0xB9 in WordPress Easy Cookies Policy plugin (versions <= 1.6.2).



WordPress Popular Posts

Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE) discovered by NinTechNet in WordPress Popular Posts plugin (versions <= 5.3.2).


Stay update!

Thanks to Patchstack.com

0 comments