Plugin Vulnerabilities Updates – Week of 8/19/2016
Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Arbitrary file upload vulnerability in Attachment Manager
- Authenticated Arbitrary file upload vulnerability in Estatik
Plugin Vulnerabilities We Helped Get Fixed This Week
- Arbitrary file upload vulnerability in Attachment Manager, discovered by us
- Arbitrary file upload vulnerability in Estatik, discovered by us
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Reflected cross-site scripting (XSS) vulnerability in Huge-IT Google Maps, discovered by Julien Rentrop
- Authenticated Arbitrary file upload vulnerability in Estatik
Additional Vulnerabilities Added This Week
- Cross-site request forgery (CSRF) vulnerability in Email Users, discovered by Julien Rentrop
- Reflected cross-site scripting (XSS) vulnerability in Link Library, discovered by Burak Kelebek
- Local file inclusion (LFI) vulnerability in Ajax Load More, discovered by Burak Kelebek
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Peter’s Login Redirect, discovered by Yorick Koster
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Photo Gallery by Supsystic, discovered by Umit Aksu
- SQL injection vulnerability in Ninja Forms, discovered by Sucuri
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Magic Fields, discovered by Burak Kelebek
- Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Magic Fields 2, discovered by Burak Kelebek