What Happened With WordPress Plugin Vulnerabilities in April 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during April (and what you have been missing out on if you haven’t signed up yet):

Plugin Security Reviews

Customers of the service can suggest and vote on plugins to have a security review done by us. This month we released details for reviews of:

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Month

We don’t just collect data on vulnerabilities in plugins that others have discovered, we also discover vulnerabilities while monitoring hackers activity, reviewing other vulnerabilities, and by doing additional checking on the security of plugins.

Plugin Vulnerabilities We Helped Get Fixed This Month

Letting you know that you are using a vulnerable version of plugin is useful, but it is much more useful if you can fully protect yourself by simple updating to a new version. So we work with plugin developers and the Plugin Directory to make sure that vulnerabilities get fixed.

Cross-site request forgery (CSRF)/cross-site scripting (XSS) in Twitter Cards Meta, discovered by us
Reflected cross-site scripting (XSS) vulnerability in WP Statistics, discovered by us
Reflected cross-site scripting (XSS) vulnerability in Google AdSense by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Google Analytics by BestWebSoft, discovered by us, DefenseCode and ?
Reflected cross-site scripting (XSS) vulnerability in Google Captcha (reCAPTCHA) by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Google Maps by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Htaccess by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Job Board by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Latest Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in LinkedIn by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Pagination by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in PDF & Print by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Pinterest by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Popular Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Portfolio by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in PromoBar by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Rating by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Realty by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Relevant – Related Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Sender by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in SMTP by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Social Buttons Pack by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Social Login by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Subscriber by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Testimonials by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Timesheet by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Twitter Button by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Updater by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in User Role by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Visitors Online by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Zendesk Help Center by BestWebSoft, discovered by us, DefenseCode, and ?
Arbitrary file upload vulnerability in WooCommerce Catalog Enquiry, discovered by us
Reflected cross-site scripting (XSS) vulnerability in Contact Form 7 Database, discovered by us
Cross-site request forgery (CSRF)/form submission deletion vulnerability in Contact Form 7 Database, discovered by us
SQL injection vulnerability in Wow Forms, discovered by TAD GROUP

Plugin Vulnerabilities Added This Month That Are In The Current Version of the Plugins

Keeping your plugins up to date isn’t enough to keep you secure as these vulnerabilities in the current versions of plugins show.

Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Image Gallery with Slideshow, discovered by Larry W. Cashdollar
Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in WordPress Firewall 2, discovered by dxwsecurity
Remote code execution vulnerability in Analytic, discovered by ?
SQL injection vulnerability in Marketing-WP, discovered by TAD GROUP
SQL injection vulnerability in Wow Viral Signups, discovered by TAD GROUP
SQL injection vulnreabililty in KittyCatfish, discovered by TAD GROUP
Cross-site request forgery (CSRF)/arbitrary file deletion vulnerability in Triagis® Security Evaluation, discovered by us
Cross-site request forgery (CSRF)/user rename vulnerability in Triagis® Security Evaluation, discovered by us
Cross-site request forgery (CSRF)/database prefx rename vulnerability in Triagis® Security Evaluation, discovered by us
Captcha bypass vulnerability in WM Simple Captcha, discovered by Gennady Kovshenin
SQL injection vulnerability in WP Athletics, discovered by pwoo
Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in TheCartPress, discovered by us
Information disclosure vulnerability in BackUpWordPress, discovered by us

Additional Vulnerabilities Added This Month

As usual, there were plenty of other vulnerabilities that were disclosed this month that we added to our data this month:

Arbitrary file deletion vulnerability in Secure Image Protection, discovered by ?
Authenticated local file inclusion (LFI) vulnerability in WordPress Ad Widget, discovered by ?
PHP object injection vulnerability in blogVault Real-time Backup, discovered by ?
Authenticated information disclosure vulnerability in Duplicate Post, discovered by ?
Authenticated persistent cross-site scripting (XSS) vulnerability in YOP Poll, discovered by Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd.
Authenticated SQL injection vulnerability in Gallery – Video Gallery, discovered by ?
Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Email Post Approval, discovered by ?
Cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in Rimons Twitter Widget, discovered by ?
Reflected cross-site scripting (XSS) vulnerability in Simple Job Board, discovered by ?
SQL injection vulnerability in WP Session Manager, discovered by zitrusblau
Local file inclusion (LFI) vulnerability in Booking Calendar, discovered by ASAI Ken and DefenseCode
Reflected cross-site scripting (XSS) vulnerability in Ultimate Form Builder Lite, discovered by 0xSec Team
Reflected cross-site scripting (XSS) vulnerability in WP Statistics, discovered by us
Donate by BestWebSoft, discovered by ?
Facebook Button by BestWebSoft, discovered by ?
Gallery by BestWebSoft, discovered by DefenseCode and ?
Gallery Categories by BestWebSoft, discovered by ?
Google Shortlink by BestWebSoft, discovered by ?
Google Sitemap by BestWebSoft, discovered by DefenseCode and ?
Limit Attempts by BestWebSoft, discovered by ?
Multilanguage by BestWebSoft, discovered by ?
Post to CSV by BestWebSoft, discovered by ?
Profile Extra Fields by BestWebSoft, discovered by ?
Quotes and Tips by BestWebSoft, discovered by ?
Re-attacher by BestWebSoft, discovered by ?
Reflected cross-site scripting (XSS) vulnerability in Captcha by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Car Rental by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Contact Form by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Contact Form Multi by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Contact Form to DB by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Custom Admin Page by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Custom Fields Search by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Custom Search by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Email Queue by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Error Log Viewer by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Featured Posts by BestWebSoft, discovered by us, DefenseCode and ?
Reflected cross-site scripting (XSS) vulnerability in Google +1 by BestWebSoft, discovered by us, DefenseCode and ?
Reflected cross-site scripting (XSS) vulnerability in Google AdSense by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Google Analytics by BestWebSoft, discovered by us, DefenseCode and ?
Reflected cross-site scripting (XSS) vulnerability in Google Captcha (reCAPTCHA) by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Google Maps by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Htaccess by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Job Board by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Latest Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in LinkedIn by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Pagination by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in PDF & Print by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Pinterest by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Popular Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Portfolio by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in PromoBar by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Rating by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Realty by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Relevant – Related Posts by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Sender by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in SMTP by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Social Buttons Pack by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Social Login by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Subscriber by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Testimonials by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Timesheet by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Twitter Button by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Updater by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in User Role by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Visitors Online by BestWebSoft, discovered by us, DefenseCode, and ?
Reflected cross-site scripting (XSS) vulnerability in Zendesk Help Center by BestWebSoft, discovered by us, DefenseCode, and ?
Arbitrary file upload vulnerability in WooCommerce Catalog Enquiry, discovered by us
Reflected cross-site scripting (XSS) vulenrability in All-in-One Event Calendar, discovered by stacyvlasits
Reflected cross-site scripting (XSS) vulnerability in Contact Form 7 Database, discovered by us
Cross-site request forgery (CSRF)/form submission deletion vulnerability in Contact Form 7 Database, discovered by us
SQL injection vulnerability in Wow Forms, discovered by TAD GROUP

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.