Relevant Plugins and Vulnerabilities:
Plugin
Vulnerability
Patched Version
Installs
WP Product Review
Unauthenticated Stored XSS
3.7.6
40000
Form Maker by 10Web
Authenticated SQL Injection
—
100000
Add-on SweetAlert Contact Form 7
Authenticated XSS
1.0.8
20
Paid Memberships Pro
Authenticated SQL Injection
2.3.3
90000
Visual Composer
Authenticated XSS
27
80000
Team Members
Authenticated XSS
5.0.4
40000
Photo Gallery by 10Web
Unauthenticated SQL Injection
1.5.55
300000
Login/Signup Popup
Authenticated XSS
1.5
10000
Easy Testimonials
Authenticated Stored XSS
3.6
30000
WooCommerce
Unescaped Metadata
4.1.0
5000000
Page Builder by SiteOrigin
CSRF to XSS
2.10.16
1000000
Chopslider
Authenticated SQL Injection
—
200
Elementor Pro
Authenticated File Upload
2.9.4
100000
LearnPress
Privilege Escalation
3.2.6.9
80000
Elementor
Authenticated Stored XSS
2.9.8
4000000
Avada
Authenticated Stored XSS
6.2.3
500000
Ninja Forms
CSRF to Stored XSS
3.4.24.2
1000000
Advanced Order Export For Woo
Authenticated XSS
3.1.4
90000
Quick Page/Post redirect
Authenticated Settings Update
—
100000
Ultimate Addons for Elementor
Registration Bypass
1.24.2
100000
WTI Like Post
Authenticated XSS
—
10000
WP-Advanced-Search
Authenticated SQL Injection
3.3.7
1000
Gmedia Photo Gallery
Authenticated XSS
1.18.5
10000
Highlights for May 2020
- Cross site scripting is still the most prevalent vulnerability.
Continue reading Vulnerabilities Digest: May 2020 at Sucuri Blog.
