WordPress Flaws and Vulnerabilities

WordPress Vulnerabilities 2021 week 25 via Patchstack

Blog WordPress Flaws and Vulnerabilities WordPress Vulnerabilities 2021 week 25 via Patchstack
0 comments

Vulnerabilities discovered in plugins, themes and WordPress Core from june 2021, 21th to 27th

Sign-up Sheets

Authenticated CSV Injection vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin (versions <= 1.0.13).


Sign-up Sheets

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin (versions <= 1.0.13).


Browser Screenshots

Stored Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Browser Screenshots plugin (versions <= 1.7.5).


Glass

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by ABISHEIK M in WordPress Glass plugin (versions <= 1.3.2).


Prismatic

Reflected Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Prismatic plugin (versions <= 2.7).


Prismatic

Stored Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Prismatic plugin (versions <= 2.7)


Staff Directory Plugin: Company Directory

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Staff Directory Plugin: Company Directory (versions <= 3.6).


wp-mpdf

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress wp-mpdf plugin (versions <= 3.5.1).


Ultimate Gift Cards For WooCommerce

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Ultimate Gift Cards For WooCommerce plugin (versions <= 2.1.1).

  • Score: 4.7/10
  • Fixed in: 2.1.2
  • Sources:


Sunshine Photo Cart

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Sunshine Photo Cart plugin (versions <= 2.8.28).


Remove Schema

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Remove Schema plugin (versions <= 1.4).


Advanced Popups

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Advanced Popups plugin (versions <= 1.1.1).


Absolute Reviews

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Absolute Reviews plugin (versions <= 1.0.8).


Contact Form 7 Style

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Contact Form 7 Style plugin (versions <= 3.2).


Salon booking system

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Phu Tran in WordPress Salon booking system plugin (versions <= 6.3)


DW Question & Answer

Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress DW Question & Answer plugin (versions <= 1.5.7).


Stay updated!

Thanks to Patchstack.com

0 comments