Vulnerabilities Digest: May 2020
Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL…
Read Story
Unauthenticated Stored Cross Site Scripting in WP Product Review
During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users…
Read Story
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed…
Read Story
2 Million Users Affected by Vulnerability in All in One SEO Pack
On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin…
Read Story
XSS Flaw Impacting 100,000 Sites Patched in KingComposer
On June 15, 2020, our Threat Intelligence team was made aware of a number of access control vulnerabilities that had…
Read Story
Critical Vulnerabilities Patched in Adning Advertising Plugin
On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin,…
Read Story
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking…
Read Story
High-Severity Vulnerabilities Patched in LearnPress
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability…
Read Story
High Severity Vulnerability Patched in Ninja Forms
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress…
Read Story
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor…
Read Story