Wordpress
July 20, 2020

Vulnerabilities Digest: February 2020

Fixed Plugins and Vulnerabilities

Plugin
Vulnerability
Patched Version
Installs

Duplicator
Arbitrary File Download
1.3.28
1000000

Modula Image Gallery
Authenticated Stored XSS
2.2.5
70000

Easy Property Listings
CSRF
3.4
6000

ThemeREX Addons
Remote Code Execution

40000

Popup Builder
SQL injection
3
100000

ThemeGrill Importer
Database Wipe
1.6.2
200000

Ninja Forms
Authenticated XSS
3.4.23
1000000

GDPR Cookie Consent
Improper Access Controls
1.8.3
700000

Participants Database
Authenticated SQL Injection
1.9.5.6
10000

Profile Builder Pro
User Registration With Administrator Role
3.1.1
50000

Events Manager Pro
CSV Injection
2.6.7.2
100000

Htaccess BestWebSoft
CSRF to edit .htaccess

Closed

Auth0
Reflected XSS
3.11.3
4000

Portfolio Filter Gallery
CSRF & Reflected XSS
1.1.3
10000

Strong Testimonials
Stored XSS
2.40.1
90000

Highlights for February 2020

Plugin vulnerabilities allowing attackers to take full control of WordPress sites were most predominant this past month.

Continue reading Vulnerabilities Digest: February 2020 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?…

Read Story
Wordpress
September 5, 2024

Critical Vulnerabilities Patched in Quiz and Survey Master Plugin

On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin…

Read Story
Wordpress
August 13, 2020

Recent Patches Rock the Elementor Ecosystem

Over the last few weeks, the Wordfence Threat Intelligence team has responsibly disclosed vulnerabilities in more than 15 of the…

Read Story
Wordpress
April 13, 2021

Emergency WordPress Help

One of our techs will get back to you within minutes.