Vulnerabilities Digest: April 2020

Relevant Plugins and Vulnerabilities:

Plugin
Vulnerability
Patched Version
Installs

Widget Settings Importer/Exporter
Stored XSS
Closed
40000

Accordion
Stored/Reflected XSS
2.2.9
30000

Support Ticket System By Phoeniixx
Reflected XSS
Closed
2000

Gutenberg Blocks
Authenticated Settings Change
1.14.8
200000

WP Lead Plus X
Stored XSS
0.99
70000

OneTone
Stored XSS
Closed
20000

WP Advanced Search
SQL Injection
3.3.6
1000

Easy Forms for Mailchimp
Authenticated XSS
6.6.3
100000

CM Pop-Up banners
Stored XSS
1.4.11
10000

Duplicate Page and Post
SQL Injection
2.5.8
50000

WP post page close
SQL Injection
Closed
—-

Highlights for April 2020

  • Developers are still falling short when sanitizing user input, leading to the exploitation of vulnerable third-party components.

Continue reading Vulnerabilities Digest: April 2020 at Sucuri Blog.

More great articles

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign

The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie…

Read Story

One Attacker Outpaces All Others

Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker,…

Read Story

The WordPress 6.4.3 Security Update – What You Need to Know

Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.