Plugin Vulnerabilities Updates – Week of 6/17/2016
Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Cross-site request forgery (CSRF) vulnerability in WP to Twitter
- Arbitrary file upload vulnerability in XData Toolkit
- Cross-site request forgery (CSRF) vulnerability in WooCommerce Upload My File
Plugin Vulnerabilities We Helped Get Fixed This Week
- Cross-site request forgery (CSRF) vulnerability in WP to Twitter, discovered by us
- Cross-site request forgery (CSRF) vulnerability in WooCommerce Upload My File, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- File deletion vulnerability in Simple Backup, discovered by PizzaHatHacker
- Arbitrary file upload vulnerability in XData Toolkit, discovered by us
Additional Vulnerabilities Added This Week
- Persistent cross-site scripting (XSS) vulnerability in WP Fastest Cache, discovered by Brendon Boshell
- Cross-site request forgery (CSRF) vulnerability in WP to Twitter, discovered by us
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in CM Ad Changer, discovered by Aaditya Purani
- Cross-site request forgery (CSRF) vulnerability in WooCommerce Upload My File, discovered by us