24 Jun 2016

Plugin Vulnerabilities Updates – Week of 6/24/2016

Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

Plugin Vulnerabilities We Helped Get Fixed This Week

Reflected cross-site scripting (XSS) vulnerability in Forget About Shortcode Buttons, discovered by Larry W. Cashdollar
Cross-site request forgery (CSRF)/ cross-site scripting (XSS) vulnerability in WP Fastest Cache, discovered by us
Information disclosure vulnerability in Yoast SEO, discovered by us
Cross-site Request Forgery (CSRF) Vulnerability in Yoast SEO, discovered by us

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

Cross-site request forgery (CSRF) vulnerability in wpDiscuz, discovered by us
Privilege escalation vulnerability in Simplr Registration Form Plus+, discovered by us
Cross-site request forgery (CSRF)/ cross-site scripting (XSS) vulnerability in WP Mobile Detector, discovered by us
Persistent cross-site scrpting (XSS) vulnerability in WordPress File Monitor, discovered by us
Arbitrary file upload vulnerability in Jssor Slider, discovered by us

Additional Vulnerabilities Added This Week

Authenticated settings change vulnerability in Product Catalog, discovered by Joaquin R. Martinez
Reflected cross-site scripting (XSS) vulnerability in Lingotek Translation, discovered by Kacper Szurek
Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in Remote Upload, discovered by Bini Shala and us
Reflected cross-site scripting (XSS) vulnerability in OptionTree, discovered by Kacper Szurek
Privilege escalation vulnerability in Advanced Access Manager, discovered by James Golovich

Leave a Reply Cancel reply