Here is what we have been doing to keep our customer’s websites secure from WordPress plugin vulnerabilities this week (if you haven’t signed up, what are you waiting for):

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Persistent cross-site scripting (XSS) vulnerability in WP-Piwik
• Cross-site request forgery (CSRF)/settings change vulnerability in Cerber Limit Login Attempts
• Cross-site request forgery (CSRF)/user import in Import users from CSV with meta
• Authenticated media deletion vulnerability in Import users from CSV with meta
• Cross-site request forgery (CSRF)/cross-site scripting (XSS) in Centrora Security
• Authenticated persistent cross-site scripting (XSS) vulnerability in Centrora Security

Plugin Vulnerabilities We Helped Get Fixed This Week

• Reflected cross-site scripting (XSS) vulnerability in Huge-IT Google Maps, discovered by Julien Rentrop
• Cross-site request forgery (CSRF)/settings change vulnerability in Cerber Limit Login Attempts, discovered by us
• Cross-site request forgery (CSRF)/user import in Import users from CSV with meta, discovered by us
• Authenticated media deletion vulnerability in Import users from CSV with meta, discovered by us
• Cross-site request forgery (CSRF)/cross-site scripting (XSS) in Centrora Security, discovered by us
• Authenticated persistent cross-site scripting (XSS) vulnerability in Centrora Security, discovered by us
• Persistent cross-site scripting (XSS) vulnerability in 404 to 301, discovered by us

 

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Persistent cross-site scripting (XSS) vulnerability in WP-Piwik, discovered by us

Additional Vulnerabilities Added This Week

• Cross-site request forgery (CSRF)/settings change vulnerability in Cerber Limit Login Attempts, discovered by us
• Cross-site request forgery (CSRF)/user import in Import users from CSV with meta, discovered by us
• Authenticated media deletion vulnerability in Import users from CSV with meta, discovered by us
• Cross-site request forgery (CSRF)/cross-site scripting (XSS) in Centrora Security, discovered by us
• Authenticated persistent cross-site scripting (XSS) vulnerability in Centrora Security, discovered by us
• Persistent cross-site scripting (XSS) vulnerability in 404 to 301, discovered by Louis Dion-Marcil