Plugin Vulnerabilities Updates – Week of 9/9/2016
Here is what we have been doing to keep our customer’s websites secure from WordPress plugin vulnerabilities this week (if you haven’t signed up, what are you waiting for):
Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week
- Persistent cross-site scripting (XSS) vulnerability in 404 to 301
- Cross-site request forgery (CSRF)/user import vulnerability in Members Import
Plugin Vulnerabilities We Helped Get Fixed This Week
Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins
- Cross-site request forgery (CSRF)/user import vulnerability in Members Import, discovered by us
Additional Vulnerabilities Added This Week
- Arbitrary file viewing vulnerability in CYSTEME Finder, discovered by t0w3ntum
- Arbitrary file upload vulnreability in CYSTEME Finder, discovered by t0w3ntum