Wordpress
July 20, 2020

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities.

Plugin
Vulnerability
Patched Version
Installs

Elementor Page Builder
Authenticated Stored XSS
2.9.10
5000000

AdRotate
Authenticated SQL Injection
5.8.4
40000

Brizy – Page Builder
Improper Access Controls
1.0.126
60000

Careerfy
Unauthenticated XSS
3.9.0
5000

SportsPress
Authenticated Stored XSS
2.7.2
20000

JobSearch
Unauthenticated XSS
1.5.1
5000

Newspaper
Unauthenticated XSS
10.3.4
6000

Multi Scheduler
Record Deletion CSRF

20

Highlights

  • Cross-site scripting is the most common vulnerability in WordPress plugins
  • None of these plugins have been identified in massive attacks

Relevant Plugins
SportsPress

Sportspress fixed an authenticated stored cross-site scripting vulnerability in version 2.7.2.

Continue reading Vulnerable Plugins: June 2020 Update at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…

Read Story
Wordpress
November 23, 2023

700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin

This morning, on September 1, 2020, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being…

Read Story
Wordpress
September 1, 2020

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the…

Read Story
Wordpress
October 7, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.