Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Arbitrary file upload vulnerability in WP Mobile Detector
• Authenticated arbitrary file upload vulnerability in Magic Fields
• Arbitrary file upload vulnerability in BePro Listings
• Post deletion vulnerability in BePro Listings
• Cross-site request forgery (CSRF)/cross-site scripting vulnerability in Viddler WordPress plugin

Plugin Vulnerabilities We Helped Get Fixed This Week

• Arbitrary file upload vulnerability in WP Mobile Detector

  [Read more]

[Read more]

[Read more]

[Read more]

Plugin Vulnerabilities We Helped Get Fixed This Week

• Cross-site request forgery (CSRF)/SQL injection vulnerability in Wp Multiple Meta Box, discovered Dr.Malware

Plugin Vulnerabilities Added This Week

• Information disclosure vulnerability in Ghosts, discovered by Josh Brody
• Persistent cross-site scripting (XSS) vulnerability in MainWP Dashboard, discovered by Jouko Pynnönen
• Authenticated information disclosure vulnerability in Yoast SEO, discovered by Wordfence
• Authenticated persistent cross-site (XSS) vulnerability in bbPress, discovered by Sucuri
• Arbitrary file upload vulnerability in Tevolution, discovered by developer
• Arbitrary file upload vulnerability in Ninja Forms, discovered by James Golovich
• Persistent cross-site scripting (XSS) vulnerability in Ninja Forms, discovered by James Golovich

  [Read more]

[Read more]

[Read more]

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Reflected cross-site scripting (XSS) vulnerability in ALO EasyMail Newsletter
• Reflected cross-site scripting (XSS) vulnerability in Pretty Link Lite
• Privilege escalation vulnerability in Robo Gallery

Plugin Vulnerabilities We Helped Get Fixed This Week

• Reflected cross-site scripting (XSS) vulnerability in ALO EasyMail Newsletter, discovered by us
• Reflected cross-site scripting (XSS) vulnerability in Pretty Link Lite, discovered by us
• Reflected cross-site scripting (XSS) vulnerability in MiniMax – Page Layout Builder, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in WHIZZ, discovered by Larry W. Cashdollar

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Cross-site request forgery (CSRF)/SQL injection vulnerability in Wp Multiple Meta Box, discovered Dr.Malware
• Privilege escalation vulnerability in Robo Gallery, discovered by us
• Reflected cross-site scripting (XSS) vulnerability in PhotoXhibit, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in PhotoXhibit, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Gravity Forms Infusionsoft Add-On, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Admin Font Editor, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in S3 Video Plugin, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in WPSOLR, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Tidio Gallery, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Anti Plagiarism, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Hero Maps Pro, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in HDW Tube, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in HDW Tube, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in AJAX Random Post, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in New Year Firework, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Easy Contact Form Builder, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Indexisto, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Defa Online Image Protector Free Edition, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in E-Search, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in E-Search, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Pondol Form to Mail, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Simpel Reserveren 3, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Heat Trackr, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in Simplified Content, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in CM Tooltip Glossary, discovered by Larry W. Cashdollar

Additional Plugin Vulnerabilities Added This Week

• Reflected cross-site scripting (XSS) vulnerability in ALO EasyMail Newsletter, discovered by us
• Reflected cross-site scripting (XSS) vulnerability in Pretty Link Lite, discovered by us
• Information disclosure vulnerability in Stop User Enumeration, discovered by Carlos Montiers Aguilera
• Reflected cross-site scripting (XSS) vulnerability in MiniMax – Page Layout Builder, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in MW Font Changer, discovered by Larry W. Cashdollar
• Reflected cross-site scripting (XSS) vulnerability in WHIZZ, discovered by Larry W. Cashdollar

[Read more]

[Read more]