Plugin Vulnerabilities Updates – Week of 3/4/2016
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
Plugin Vulnerabilities We Helped Get Fixed This Week
- Authenticated persistent cross-site scripting (XSS) in Calculated Fields Form, discovered by Joaquin Ramirez Martinez
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Remote code execution vulnerability in Social Media Tab, discovered by SiteLock
- SQL injection vulnerability in WP Ultimate Exporter , discovered by Henri Salo
- Information disclosure vulnerability in WP Ultimate Exporter, discovered by us
- Cross-site request forgery (CSRF) vulnerability in More Fields, discovered by Aatif Shahdad
Additional Plugin Vulnerabilities Added This Week
- Reflected cross-site scripting (XSS) vulnerability in Testimonial Slider, discovered by SiteLock
- Reflected cross-site scripting (XSS) vulnerability in Gravity Forms, discovered by Henri Salo
- Privilege escalation vulnerability in Bulk Delete, discovered by Panagiotis Vagenas
- Cross-site request forgery (CSRF) vulnerability in CP Polls, discovered by Joaquin Ramirez Martinez
- Cross-site request forgery (CSRF)/cross-site scripting (XSS)vulnerability in CP Polls, discovered by Joaquin Ramirez Martinez
- PHP object injection in Easy Digital Downloads, discovered by Danny van Kooten