Fixed Plugins and Vulnerabilities
Plugin
Vulnerability
Patched Version
Installs
Duplicator
Arbitrary File Download
1.3.28
1000000
Modula Image Gallery
Authenticated Stored XSS
2.2.5
70000
Easy Property Listings
CSRF
3.4
6000
ThemeREX Addons
Remote Code Execution
–
40000
Popup Builder
SQL injection
3
100000
ThemeGrill Importer
Database Wipe
1.6.2
200000
Ninja Forms
Authenticated XSS
3.4.23
1000000
GDPR Cookie Consent
Improper Access Controls
1.8.3
700000
Participants Database
Authenticated SQL Injection
1.9.5.6
10000
Profile Builder Pro
User Registration With Administrator Role
3.1.1
50000
Events Manager Pro
CSV Injection
2.6.7.2
100000
Htaccess BestWebSoft
CSRF to edit .htaccess
–
Closed
Auth0
Reflected XSS
3.11.3
4000
Portfolio Filter Gallery
CSRF & Reflected XSS
1.1.3
10000
Strong Testimonials
Stored XSS
2.40.1
90000
Highlights for February 2020
Plugin vulnerabilities allowing attackers to take full control of WordPress sites were most predominant this past month.
Continue reading Vulnerabilities Digest: February 2020 at Sucuri Blog.
