Login

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

  • Why Plugin Vulnerabilities?
    • Proactive Monitoring for New Vulnerabilities
    • We Are Improving the Security of WordPress Plugins
    • You Select Plugins To Get Security Reviews
    • Our Data vs WPScan’s Data
  • Sign Up For the Service
    • Set Up
  • Accessing Our Data
  • Blog
    • What’s New With the Service
    • Analysis
    • WordPress Plugin Security Reviews
    • Security Tips For WordPress Plugin Developers
    • Our Vulnerability Reports
    • Security Plugin Testing
  • Contact Us
    • Report a Vulnerability
  • More
    • Get the Companion Plugin
    • WordPress Plugin Security Review Service
    • Hacked WordPress Website Cleanup
    • Vulnerability Disclosure Policy
    • Get Free Help Fixing A Security Vulnerability In Your WordPress Plugin
    • Security Bug Bounty Program

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Login
  • Why Plugin Vulnerabilities?
    • Proactive Monitoring for New Vulnerabilities
    • We Are Improving the Security of WordPress Plugins
    • You Select Plugins To Get Security Reviews
    • Our Data vs WPScan’s Data
  • Sign Up For the Service
    • Set Up
  • Accessing Our Data
  • Blog
    • What’s New With the Service
    • Analysis
    • WordPress Plugin Security Reviews
    • Security Tips For WordPress Plugin Developers
    • Our Vulnerability Reports
    • Security Plugin Testing
  • Contact Us
    • Report a Vulnerability
  • More
    • Get the Companion Plugin
    • WordPress Plugin Security Review Service
    • Hacked WordPress Website Cleanup
    • Vulnerability Disclosure Policy
    • Get Free Help Fixing A Security Vulnerability In Your WordPress Plugin
    • Security Bug Bounty Program
08 Jan

Plugin Vulnerabilities Updates – Week of 1/8/2016

Vulnerabilities Added This Week

  • Authenticated persistent cross-site scripting (XSS) vulnerability  in WP Symposium Pro Social Network plugin, discovered by Rahul Pratap Singh
  • Cross-site request forgery (CSRF) vulnerability in WP Symposium Pro Social Network plugin, discovered by Rahul Pratap Singh

False Vulnerability Reports

  • File upload vulnerability not in FormCraft – Form Builder

Ridiculous Vulnerability Reports

  • Cross-site scripting (XSS) vulnerability in NextGEN Gallery

Related posts:

  1. Plugin Vulnerabilities Updates – Week of 1/15/2016
  2. Plugin Vulnerabilities Updates – Week of 2/26/2016
  3. Plugin Vulnerabilities Updates – Week of 4/22/2016
  4. Plugin Vulnerabilities Updates – Week of 1/29/2016
Plugin Vulnerabilities Posted in What's New With Plugin Vulnerabilities What's New With Plugin Vulnerabilities Leave a comment

Post navigation

← Ridiculous Vulnerability Report: NextGEN Gallery Cross site Scripting (XSS) Vulnerability
Plugin Vulnerabilities Updates – Week of 1/15/2016 →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Our Service

With our service you can get access to all our data on known vulnerabilities in WordPress plugin.

Plugin Security Checker

Have you checked to see if the plugins you use have any possible security issues identified by our new Plugin Security Checker plugin?

Keep Up With Our Blog

You can follow our blog with its RSS feed or our Twitter account.

Recent Posts

  • Vulnerability Details: Arbitrary File Deletion Vulnerability in WP Pipes
  • Vulnerability Details: Authenticated Arbitrary File Deletion Vulnerability in Woo Import Export
  • Our Proactive Monitoring Caught a PHP Object Injection Vulnerability in a Another Brand New Plugin
  • Not Really a WordPress Plugin Vulnerability – Week of April 13, 2018
  • Vulnerability Details: Arbitrary File Deletion Vulnerability in Google Drive for WordPress (wp-google-drive)

Tags

All In One WP Security & Firewall Analysis Arbitrary File Upload Arbitrary File Viewing Authenticated Arbitrary File Upload Authenticated Information Disclosure Authenticated Persistent Cross-Site Scripting (XSS) Authenticated PHP Object Injection Booking Calendar Contact Form 7 Database Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF)/Arbitrary File Upload Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF)/PHP Object Injection Detectify Display Widgets Duplicate Page False Vulnerability Report Information Disclosure Invite Anyone iThemes Security Local File Inclusion (LFI) New Features Not Really a WordPress Plugin Vulnerability Persistent Cross-Site Scripting (XSS) PHP Object Injection Plugin Directory Proactive Monitoring Protecting You Against Wordfence's Bad Security Research Practices Reflected Cross-Site Scripting (XSS) Remote Code Execution (RCE) Security Tips For WordPress Plugin Developers Security Vulnerability in Security Plugin SQL Injection Vulnerability Details Vulnerability Report What's New With Plugin Vulnerabilities Wordfence WordPress Download Manager WordPress Plugin Security Review WPCampus WP Editor WP Fastest Cache WP Job Manager WPScan Vulnerability Database
Powered by WordPress 4.9.5
© 2016-2018 White Fir Design LLC | Privacy Policy
Fruitful theme by fruitfulcode
↑