Plugin Vulnerabilities Updates – Week of 7/22/2016
Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Option update vulnerability in Form Lightbox
- Persistent cross-site scripting (XSS) vulnerability in Total Security
- Settings change vulnerability in Total Security
- Authenticated persistent cross-site scripting (XSS) vulnerability in User Login Log
Plugin Vulnerabilities We Helped Get Fixed This Week
- Arbitrary directory download vulnerability in Download Plugin, discovered by us
- Arbitrary directory download vulnerability in Download Theme, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Option update vulnerability in Form Lightbox, discovered by us
- Persistent cross-site scripting (XSS) vulnerability in Total Security, discovered by us
- Settings change vulnerability in Total Security, discovered by us
- Authenticated persistent cross-site scripting (XSS) vulnerability in User Login Log, discovered by us
Additional Vulnerabilities Added This Week
- Persistent cross-site scripting (XSS) vulnerability in dwnldr, discovered by Rob Carr
- Reflected cross-site scripting (XSS) vulnerability in Woo Email Control, discovered by Rob Carr
- Reflected cross-site scripting (XSS) vulnerability in Ninja Forms, discovered by Han Sahin
- Cross-site request forgery (CSRF) vulnerability in Icegram, discovered by Yorick Koster
- Authenticated SQL injection in WordPress Video Player, discovered by David Vaartjes & Yorick Koster
- Authenticated persistent cross-site scripting (XSS) vulnerability in WooCommerce, discovered by Han Sahin
- Reflected cross-site scripting (XSS) vulnerability in Paid Memberships Pro, discovered by Burak Kelebek
- Reflected cross-site scripting (XSS) vulnerability in WP No External Links, discovered by Yorick Koster
- Reflected cross-site scripting (XSS) vulnerability in Contact Form to Email, discovered by Burak Kelebek