Wordpress
July 20, 2020

Vulnerabilities Digest: February 2020

Fixed Plugins and Vulnerabilities

Plugin
Vulnerability
Patched Version
Installs

Duplicator
Arbitrary File Download
1.3.28
1000000

Modula Image Gallery
Authenticated Stored XSS
2.2.5
70000

Easy Property Listings
CSRF
3.4
6000

ThemeREX Addons
Remote Code Execution

40000

Popup Builder
SQL injection
3
100000

ThemeGrill Importer
Database Wipe
1.6.2
200000

Ninja Forms
Authenticated XSS
3.4.23
1000000

GDPR Cookie Consent
Improper Access Controls
1.8.3
700000

Participants Database
Authenticated SQL Injection
1.9.5.6
10000

Profile Builder Pro
User Registration With Administrator Role
3.1.1
50000

Events Manager Pro
CSV Injection
2.6.7.2
100000

Htaccess BestWebSoft
CSRF to edit .htaccess

Closed

Auth0
Reflected XSS
3.11.3
4000

Portfolio Filter Gallery
CSRF & Reflected XSS
1.1.3
10000

Strong Testimonials
Stored XSS
2.40.1
90000

Highlights for February 2020

Plugin vulnerabilities allowing attackers to take full control of WordPress sites were most predominant this past month.

Continue reading Vulnerabilities Digest: February 2020 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

How to remove classicpartnerships.com redirect malware

For the love of God make it stop..how to remove the classicpartnerships.com redirect (and others) *This guide is for removing…

Read Story
Wordpress
March 17, 2022

Unauthenticated Stored Cross Site Scripting in WP Product Review

During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users…

Read Story
Wordpress
July 20, 2020

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…

Read Story
Wordpress
January 18, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.