02 Oct

What Plugin Vulnerabilities Was Up to in September

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service. Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during September (and what you have been missing out on if you haven’t signed up yet).

Paid customers of the service can suggest and vote on plugins to have a security review done by us (you can also order a review separately). This month we released details of our reviews of Redis Object Cache and Nginx Cache.

During the month we added data on 79 vulnerabilities. Many of those vulnerabilities were ones that we discovered (33 of them) or ones where no report was put out on the vulnerability and we determined the details from other information we ran across (another 21 of them).

By comparison other data sources added less new vulnerabilities in total than ones we discovered, as the WPScan Vulnerability Database only added 25 vulnerabilities and ThreatPress also only added 25. ThreatPress seems to almost entirely copy data from the WPScan Vulnerability Database and WPScan Vulnerability Database intentionally doesn’t include a lot of vulnerabilities for a reason that doesn’t make sense to us (and probably one that wouldn’t make sense to you either).

As of the end of the month, 26 of the vulnerabilities we had added to the data set still had yet to be fixed.

We added vulnerabilities in the following plugins to our data set during the month:

  • About Author
  • Advanced Access Manager
  • Advanced AJAX Product Filters
  • API Bearer Auth
  • Apply Online 2.0
  • Checklist
  • Click to Chat
  • DELUCKS SEO
  • Easy Pixels by JEVNET
  • Easy Social Feed
  • ECPay Logistics for WooCommerce
  • Event Tickets
  • Export Users to CSV
  • FileBird Lite
  • Font
  • Formidable Forms
  • Give (GiveWP)
  • Groundhogg
  • Human Presence
  • Melhor Envio v2
  • Memphis Documents Library
  • Mitsol Social Post Feed
  • NBDesigner
  • Photo Gallery by 10Web
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Portrait-Archiv.com Photostor
  • Premium Addons for Elementor
  • Premium Blocks for Gutenberg
  • Prevent Files / Folders Access
  • Product Subtitle For WooCommerce
  • Qwizcard
  • Request a Quote
  • SagePay Server Gateway for WooCommerce
  • Search Exclude
  • Simple Fields
  • SKU Shortlink For WooCommerce
  • SlickQuiz
  • Slimstat Analytics
  • Social Metrics Tracker
  • Spryng Payments WooCommerce
  • Swift Landing Page
  • Theme Editor
  • Travelpayouts
  • Ultimate Google Analytics
  • Visualizer: Tables and Charts Manager for WordPress
  • WooCommerce One Click Upsell Funnel
  • Woocommerce Quick Buy
  • Woody ad snippets
  • WP BASE Booking of Appointments, Services and Events
  • WP Google Map Plugin
  • WP human resource management
  • WP Live Chat Support
  • WPeMatico RSS Feed Fetcher
  • Youtube Showcase (YouTube Gallery)
  • Zedna Contact form

We discovered and disclosed vulnerabilities in the following plugins during the month:

  • Easy Social FeedClick to Chat
  • FileBird Lite
  • Font
  • Formidable Forms
  • Groundhogg
  • DELUCKS SEO
  • NBDesigner
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Premium Addons for Elementor
  • Prevent Files / Folders Access
  • Request a Quote
  • Search Exclude
  • Simple Fields
  • Social Metrics Tracker
  • Travelpayouts
  • Ultimate Google Analytics
  • Woocommerce Quick Buy
  • WP BASE Booking of Appointments, Services and Events
  • WP Google Map Plugin
  • WP human resource management
  • WPeMatico RSS Feed Fetcher
  • Youtube Showcase (YouTube Gallery)
  • Zedna Contact form

Other vulnerabilities we added were discovered by GeneralEG 0x01, Julien Ahrens, MTK, Nathan Davison, NinTechNet, Ov3rfly, Ricardo Sanchez, WebARX, and Wordfence.

During the month we helped to get vulnerabilities in the following plugins with over 810,380 installs fixed:

  • DELUCKS SEO
  • Event Tickets
  • FileBird Lite
  • Formidable Forms
  • Forms: 3rd-Party Inject Results
  • GA Top Posts
  • Groundhogg
  • Limb Gallery
  • Ovic Addon Toolkit
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Post SMTP
  • Premium Addons for Elementor
  • Prevent Files / Folders Access
  • Product Subtitle For WooCommerce
  • Search Exclude
  • SKU Shortlink For WooCommerce
  • Travelpayouts
  • Woocommerce Quick Buy
  • Woody ad snippets
  • WP BASE Booking of Appointments, Services and Events
  • WP Google Map Plugin
  • WP human resource management
  • WPeMatico RSS Feed Fetcher
  • Youtube Showcase (YouTube Gallery)

Leave a Reply

Your email address will not be published. Required fields are marked *