05 Sep

What Plugin Vulnerabilities Was Up to in August

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during August (and what you have been missing out on if you haven’t signed up yet).

Paid customers of the service can suggest and vote on plugins to have a security review done by us (you can also order a review separately). This month we released details of our reviews of Post SMTP and DW Mega Menu.

During the month we added data on 76 vulnerabilities. Many of those vulnerabilities were ones that we discovered (31 of them) or ones where no report was put out on the vulnerability and we determined the details from other information we ran across (another 23 of them).

As of the end of the month, 16 of the vulnerabilities we had added to the data set still had yet to be fixed.

We added vulnerabilities in the following plugins to our data set during the month:

  • Additional Variation Images for WooCommerce
  • Backup and Staging by WP Time Capsule
  • Blog2Social: Social Media Auto Post & Scheduler
  • Bold Page Builder
  • Cache-Control
  • cforms2
  • Customize Feeds for Twitter
  • Download Manager (WordPress Download Manager, discovered by Princy Edward
  • DW Mega Menu
  • Easy Registration Forms
  • Easy2Map
  • Essential Grid Portfolio – Photo Gallery
  • Formidable Forms
  • Fortinet
  • Gravity Forms Advanced File Uploader
  • Grid Kit
  • HandL UTM Grabber
  • Import Social Events
  • Instagram Feed by 10Web (10Web Social Feed for Instagram)
  • JoomSport
  • JSON API
  • Login or Logout Menu Item
  • Maintenance
  • Maps Widget for Google Maps
  • ND Booking
  • ND Donations
  • ND Learning (Learning Courses)
  • ND Restaurant Reservations
  • Ninja Forms
  • Ovic Addon Toolkit
  • Photo Gallery Portfolio
  • Popup Builder
  • Post SMTP
  • PPOM for WooCommerce
  • Shortcodes Ultimate
  • Simple 301 Redirects – Addon – Bulk CSV Uploader
  • Simple Membership
  • Social LikeBox & Feed
  • Travel Management
  • Ultimate FAQ
  • WooCommerce Address Book
  • WooCommerce Live Checkout Field Capture
  • Woody ad snippets
  • WordPress to Jekyll Exporter (Jekyll Exporter)
  • WordPress Users & WooCommerce Customers Import Export(BASIC)
  • WP 1 Slider
  • WP Add Mime Types, discovered by Princy Edward
  • WP DSGVO Tools (GDPR)
  • WP Mega Menu
  • WP Photo Album Plus
  • WP Private Content Plus
  • WP Shopify
  • WP Social Feed Gallery
  • WP Symposium
  • Zero BS WordPress CRM

We discovered and disclosed vulnerabilities in the following plugins during the month:

  • Backup and Staging by WP Time Capsule
  • Blog2Social: Social Media Auto Post & Scheduler
  • Cin Social LikeBox & Feed
  • Customize Feeds for Twitter
  • DW Mega Menu
  • Easy Registration Forms
  • Easy2Map
  • Essential Grid Portfolio – Photo Gallery
  • Formidable Forms
  • Gravity Forms Advanced File Uploader
  • HandL UTM Grabber
  • Import Social Events
  • Instagram Feed by 10Web (10Web Social Feed for Instagram)
  • JSON API
  • Maintenance
  • Maps Widget for Google Maps
  • Ovic Addon Toolkit
  • Post SMTP
  • PPOM for WooCommerce
  • Simple Membership
  • Woody ad snippets
  • WP DSGVO Tools (GDPR)
  • WP Shopify
  • Zero BS WordPress CRM

Other vulnerabilities we added were discovered by Fortinet, Javier Olmedo, NinTechNet, Pablo Santiago, PizzaHatHacker, and Princy Edward.

During the month we helped to get vulnerabilities in the following plugins with over 1,574,100 installs fixed:

  • Backup and Staging by WP Time Capsule
  • Blog2Social: Social Media Auto Post & Scheduler
  • Bold Page Builder
  • Customize Feeds for Twitter
  • Download Manager (WordPress Download Manager
  • Easy Registration Forms
  • HandL UTM Grabber
  • Import Social Events
  • JoomSport
  • Maintenance
  • Maps Widget for Google Maps,
  • PPOM for WooCommerce
  • Simple Membership
  • Social LikeBox & Feed
  • Theme Check
  • uListing
  • WooCommerce Variation Swatches (Variation Swatches for WooCommerce)
  • Woody ad snippets
  • WP DSGVO Tools (GDPR)
  • WP Shopify
  • WP Statistics
  • Zero BS WordPress CRM