Wordpress
July 20, 2020

Vulnerabilities Digest: April 2020

Relevant Plugins and Vulnerabilities:

Plugin
Vulnerability
Patched Version
Installs

Widget Settings Importer/Exporter
Stored XSS
Closed
40000

Accordion
Stored/Reflected XSS
2.2.9
30000

Support Ticket System By Phoeniixx
Reflected XSS
Closed
2000

Gutenberg Blocks
Authenticated Settings Change
1.14.8
200000

WP Lead Plus X
Stored XSS
0.99
70000

OneTone
Stored XSS
Closed
20000

WP Advanced Search
SQL Injection
3.3.6
1000

Easy Forms for Mailchimp
Authenticated XSS
6.6.3
100000

CM Pop-Up banners
Stored XSS
1.4.11
10000

Duplicate Page and Post
SQL Injection
2.5.8
50000

WP post page close
SQL Injection
Closed
—-

Highlights for April 2020

  • Developers are still falling short when sanitizing user input, leading to the exploitation of vulnerable third-party components.

Continue reading Vulnerabilities Digest: April 2020 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Over 600,000 Sites Impacted by WP Statistics Patch

On March 13, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a vulnerability in WP Statistics, a plugin…

Read Story
Wordpress
May 18, 2021

$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to…

Read Story
Wordpress
April 15, 2024

WordPress 5.8.3 Security Release

On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities.…

Read Story
Wordpress
January 9, 2022

Emergency WordPress Help

One of our techs will get back to you within minutes.