Plugin Vulnerabilities Updates – Week of 7/1/2016
Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Authenticated arbitrary file upload vulnerability in WordPress Download Manager
- Reflected cross-site scripting (XSS) vulnerability in WP Security Audit Log
- Authenticated option deletion vulnerability in Social Media and Share Icons (Ultimate Social Media)
- Authenticated option deletion vulnerability in Social Media
- Authenticated persistent cross-site scripting (XSS) vulnerability in Cherry Plugin
Plugin Vulnerabilities We Helped Get Fixed This Week
- Reflected cross-site scripting (XSS) vulnerability in WP Security Audit Log, discovered by us
- Authenticated option deletion vulnerability in Social Media and Share Icons (Ultimate Social Media), discovered by us
- Authenticated option deletion vulnerability in Social Media, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Authenticated arbitrary file upload vulnerability in WordPress Download Manager, discovered by us
- Authenticated persistent cross-site scripting (XSS) vulnerability in Cherry Plugin, discovered by us
Additional Vulnerabilities Added This Week
- Reflected cross-site scripting (XSS) vulnerability in WP Security Audit Log, discovered by us
- Authenticated option deletion vulnerability in Social Media and Share Icons (Ultimate Social Media), discovered by us
- Authenticated option deletion vulnerability in Social Media, discovered by us
- Authenticated Privilege Escalation vulnerability in PeepSo, discovered by James Golovich
- Session management vulnerability in Welcart e-Commerce, discovered by TRADE WORKS Co