What Plugin Vulnerabilities Was Up to in November
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during November (and what you have been missing out on if you haven’t signed up yet).
Paid customers of the service can suggest and vote on plugins to have a security review done by us (you can also order a review separately). This month we released details of our review of Custom Login.
During the month we added data on 50 vulnerabilities. Most of those vulnerabilities were ones that we discovered (21 of them) or ones where no report was put out on the vulnerability and we determined the details from other information we ran across (another 18 of them). By comparison other data sources had less vulnerabilities than either of those categories alone, as the WPScan Vulnerability Database only added 11 vulnerabilities and ThreatPress only added 12.
As on the end of the month 18 of the vulnerabilities we had added still had yet to be fixed.
We added vulnerabilities in the following plugins to our data set during the month:
- Anti-Spam by CleanTalk
- Better WordPress reCAPTCHA
- Calendar
- Contact Form Email
- Custom Frontend Login Registration Form
- Easy Testimonials
- EME Sync Facebook Events
- Feedify
- Flow-Flow Social Stream
- FooGallery
- Google Maps Widget
- Infographic Maker iList
- Kiwi Social Share
- Loginpress
- Minimal Coming Soon & Maintenance Mode
- NextScripts: Social Networks Auto-Poster
- Nifty Coming Soon & Maintenance page
- Ninja Forms
- OptionTree
- PeepSO
- Portfolio X
- PropertyHive
- Simple Business Directory with Maps
- Simple Link Directory
- Slider Hero
- Ultimate Member
- Under Construction
- User Spam Remover
- WooCommerce Product Feed
- WP GDPR Compliance
- WP Live Chat Support
- WP Security Audit Log
- Yet Another Related Posts Plugin (YARPP)
- Yet Another Stars Rating
- Yoast SEO
- YOP Poll
We had discovered and disclosed vulnerabilities in the following of those plugins during the month:
- Anti-Spam by CleanTalk
- Contact Form Email
- Feedify
- FooGallery
- Google Maps Widget
- Kiwi Social Share
- NextScripts: Social Networks Auto-Poster
- Nifty Coming Soon & Maintenance page
- OptionTree
- PropertyHive
- Simple Business Directory with Maps,
- Simple Link Directory
- Ultimate Member
- WooCommerce Product Feed
- WP Security Audit Log
- Yet Another Related Posts Plugin (YARPP)
- Yet Another Stars Rating
Other vulnerabilities we added were discovered by Alaistair Jerrom-Smith, Alvaro J. Gene (Socket_0x03), boombyte, Dimopoulos Elias, En_dust, Gabriel Avramescu, KingSkrupellos from Cyberizm Digital Security, Muhammad Talha Khan, and Tim Coen.
During the month we helped to get vulnerabilities in the following plugins with over 300,000 installs fixed:
- Anti-Spam by CleanTalk
- Feedify
- Google Maps Widget
- Kiwi Social Share
- Patreon WordPress
- PeepSO
- Simple Business Directory with Maps
- Simple Link Directory
- Ultimate Member