Wordpress
July 20, 2020

Vulnerabilities Digest: April 2020

Relevant Plugins and Vulnerabilities:

Plugin
Vulnerability
Patched Version
Installs

Widget Settings Importer/Exporter
Stored XSS
Closed
40000

Accordion
Stored/Reflected XSS
2.2.9
30000

Support Ticket System By Phoeniixx
Reflected XSS
Closed
2000

Gutenberg Blocks
Authenticated Settings Change
1.14.8
200000

WP Lead Plus X
Stored XSS
0.99
70000

OneTone
Stored XSS
Closed
20000

WP Advanced Search
SQL Injection
3.3.6
1000

Easy Forms for Mailchimp
Authenticated XSS
6.6.3
100000

CM Pop-Up banners
Stored XSS
1.4.11
10000

Duplicate Page and Post
SQL Injection
2.5.8
50000

WP post page close
SQL Injection
Closed
—-

Highlights for April 2020

  • Developers are still falling short when sanitizing user input, leading to the exploitation of vulnerable third-party components.

Continue reading Vulnerabilities Digest: April 2020 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?…

Read Story
Wordpress
August 1, 2024

Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed

On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload…

Read Story
Wordpress
January 18, 2021

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?…

Read Story
Wordpress
June 25, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.