Connect with us

WordPress News

WordPress Vulnerability Report: January 2022, Part 2

Published

on

WordPress Vulnerability Report: September 2021, Part 4


Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. New in this report: vulnerabilities are now listed in order by the number of active installs, rather than the date of the disclosure.

Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Want this report delivered to your inbox each week?

WordPress Core Vulnerabilities

The latest version of WordPress core was released on January 6, 2022 as a short-cycle security release. Because WordPress 5.8.3 is a security release, we recommend that you update all your sites immediately.

You can update to WordPress 5.8.3 by downloading from WordPress.org or visiting your WordPress admin dashboard > Updates and clicking Update Now.

If you have sites that have enabled automatic background updates, they should have already updated successfully.

WordPress Core

Vulnerability: SQL Injection via WP_Query
Patched in Version: 5.8.3
Explanation: Due to lack of proper sanitization in WP_Meta_Query, there’s potential for blind SQL Injection.

The vulnerability has been patched, so make sure you are running WordPress 5.8.3.

Vulnerability: Author+ Stored XSS via Post Slugs
Patched in Version: 5.8.3
Explanation: Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack via post slugs, which can affect high-privileged users.

The vulnerability has been patched, so make sure you are running WordPress 5.8.3.

Vulnerability: Super Admin Object Injection in Multisites
Patched in Version: 5.8.3
Explanation: On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection.

The vulnerability has been patched, so make sure you are running WordPress 5.8.3.

Vulnerability: SQL Injection via WP_Meta_Query
Patched in Version: 5.8.3
Explanation: Due to lack of proper sanitization in WP_Meta_Query, there’s potential for blind SQL Injection.

The vulnerability has been patched, so make sure you are running WordPress 5.8.3.

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

1. SVG Support

Plugin: SVG Support
Vulnerability: Admin+ Stored Cross-Site Scripting
Active Installation: 800,000+
Patched in Version: 2.3.20
Severity Score: Low

The vulnerability is patched, so you should update to version 2.3.20.

2. Asset CleanUp

Plugin: Asset CleanUp
Vulnerability: Reflected Cross-Site Scripting via AJAX Action
Active Installation: 100,000+
Patched in Version: 1.3.8.5
Severity Score: High

The vulnerability is patched, so you should update to version 1.3.8.5.

Plugin: Asset CleanUp
Vulnerability: Reflected Cross-Site Scripting
Active Installation: 100,000+
Patched in Version: 1.3.8.5
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.3.8.5.

3. Paid Memberships Pro

Plugin: Paid Memberships Pro
Vulnerability: Unauthenticated Blind SQL Injection
Active Installation: 100,000+
Patched in Version: 2.6.7
Severity Score: Critical

The vulnerability is patched, so you should update to version 2.6.7.

4. NextScripts: Social Networks Auto-Poster 

Plugin: NextScripts: Social Networks Auto-Poster 
Vulnerability: Arbitrary Post Deletion via CSRF
Active Installation: 90,000+
Patched in Version: 4.3.25
Severity Score: Medium

The vulnerability is patched, so you should update to version 4.3.25.

Plugin: NextScripts: Social Networks Auto-Poster 
Vulnerability: Unauthenticated Stored XSS
Active Installation: 90,000+
Patched in Version: 4.3.25
Severity Score: High

The vulnerability is patched, so you should update to version 4.3.25.

Plugin: Ivory Search
Vulnerability: Contributor+ Stored Cross-Site Scripting
Active Installation: 80,000+
Patched in Version: 5.4.1
Severity Score: High

The vulnerability is patched, so you should update to version 5.4.1.

6. Easy Social Feed

Plugin: Easy Social Feed
Vulnerability: Reflected Cross-Site Scripting (XSS)
Active Installation: 70,000+
Patched in Version: 6.2.7
Severity Score: High

The vulnerability is patched, so you should update to version 6.2.7.

7. Visual CSS Style Editor

Plugin: Visual CSS Style Editor
Vulnerability: Reflected Cross-Site Scripting
Active Installation: 50,000+
Patched in Version: 7.5.4
Severity Score: High

The vulnerability is patched, so you should update to version 7.5.4.

8. Contact Form Entries

Plugin: Contact Form Entries
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Active Installation: 40,000+
Patched in Version: 1.1.7
Severity Score: High

The vulnerability is patched, so you should update to version 1.1.7.

9. Advanced Cron Manager

Plugin: Advanced Cron Manager
Vulnerability: Subscriber+ Arbitrary Events/Schedules Creation/Deletion
Active Installation: 30,000+
Patched in Version: 2.4.2
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.4.2.

10. WPLegalPages

Plugin: WPLegalPages
Vulnerability: Subscriber+ Arbitrary Settings Update to Stored XSS
Active Installation: 20,000+
Patched in Version: 2.7.1
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.7.1.

11. WP Visitor Statistics (Real Time Traffic)

Plugin: WP Visitor Statistics (Real Time Traffic)
Vulnerability: Subscriber+ SQL Injection
Active Installation: 20,000+
Patched in Version: 4.8
Severity Score: High

The vulnerability is patched, so you should update to version 4.8.

12. Wicked Folders

Plugin: Wicked Folders
Vulnerability: Subscriber+ SQL Injection
Active Installation: 10,000+
Patched in Version: 2.8.10
Severity Score: High

The vulnerability is patched, so you should update to version 2.8.10.

13. SupportCandy

Plugin: SupportCandy
Vulnerability: Contributor+ Stored Cross-Site Scripting
Active Installation: 10,000+
Patched in Version: 2.2.7
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.2.7.

Plugin: SupportCandy
Vulnerability: CSRF to Cross-Site Scripting
Active Installation: 10,000+
Patched in Version: 2.2.7
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.2.7.

Plugin: SupportCandy
Vulnerability: Arbitrary Ticket Deletion via CSRF
Active Installation: 10,000+
Patched in Version: 2.2.7
Severity Score: High

The vulnerability is patched, so you should update to version 2.2.7.

Plugin: SupportCandy
Vulnerability: Unauthenticated Arbitrary Ticket Deletion
Active Installation: 10,000+
Patched in Version: 2.2.7
Severity Score: High

The vulnerability is patched, so you should update to version 2.2.7.

Plugin: SupportCandy
Vulnerability: Reflected Cross-Site Scripting
Active Installation: 10,000+
Patched in Version: 2.2.7
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.2.7.

14. Rearrange Woocommerce Products

Plugin: Rearrange Woocommerce Products
Vulnerability: Subscriber+ SQL Injection
Active Installation: 10,000+
Patched in Version: 3.0.8
Severity Score: High

The vulnerability is patched, so you should update to version 3.0.8.

15. IP2Location Country Blocker

Plugin: IP2Location Country Blocker
Vulnerability: Arbitrary Country Ban via CSRF
Active Installation: 10,000+
Patched in Version: 2.26.6
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.26.6.

Plugin: IP2Location Country Blocker
Vulnerability: Subscriber+ Arbitrary Country Ban
Active Installation: 10,000+
Patched in Version: 2.26.6
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.26.6.

Plugin: IP2Location Country Blocker
Vulnerability: Ban Bypass
Active Installation: 10,000+
Patched in Version: 2.26.6
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.26.6.

16. Awesome Support – WordPress HelpDesk & Support Plugin

Plugin: Awesome Support – Titan Framework
Vulnerability: Reflected Cross-Site Scripting (XSS)
Active Installation: 10,000+
Patched in Version: 6.0.11
Severity Score: High

The vulnerability is patched, so you should update to version 6.0.11.

17. Ultimate Product Catalog

Plugin: Ultimate Product Catalog
Vulnerability: Subscriber+ Arbitrary Product Creation & Settings Update
Active Installation: 10,000
Patched in Version: 5.0.26
Severity Score: Medium

The vulnerability is patched, so you should update to version 5.0.26.

18. Document Embedder

Plugin: Document Embedder
Vulnerability: Subscriber+ Arbitrary Private/Draft Post Title Disclosure
Active Installation: 9,000+
Patched in Version: 1.7.9
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.7.9.

Plugin: Document Embedder
Vulnerability: Unauthenticated Arbitrary Private/Draft Post Title Disclosure
Active Installation: 9,000+
Patched in Version: 1.7.9
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.7.9.

19. RVM – Responsive Vector Maps

Plugin: RVM – Responsive Vector Maps
Vulnerability: Subscriber+ Arbitrary File Read
Active Installation: 6,000+
Patched in Version: 6.4.2
Severity Score: High

The vulnerability is patched, so you should update to version 6.4.2.

20. Mediamatic 

Plugin: Mediamatic 
Vulnerability: Subscriber+ SQL Injection
Active Installation: 3,000+
Patched in Version: 2.8.1
Severity Score: High

The vulnerability is patched, so you should update to version 2.8.1.

21. Woopra

Plugin: Woopra
Vulnerability: Unauthenticated Arbitrary File Upload
Active Installation: 2,000+
Patched in Version: 1.4.3.2
Severity Score: Critical

The vulnerability is patched, so you should update to version 1.4.3.2.

22. User Rights Access Manager

Plugin: User Rights Access Manager
Vulnerability: Access Restriction Bypass
Active Installation: 900+
Patched in Version: 1.0.8
Severity Score: Medium

The vulnerability is patched, so you should update to version 1.0.8.

23. YuMoney button

Plugin: YuMoney button – Titan Framework
Vulnerability: Reflected Cross-Site Scripting (XSS)
Active Installation: 900+
Patched in Version: 2.4.0
Severity Score: High

The vulnerability is patched, so you should update to version 2.4.0.

24. TrustMate.io integration for WooCommerce

Plugin: TrustMate.io integration for WooCommerce
Vulnerability: Subscriber+ Arbitrary Plugin’s Settings Update
Active Installation: 300+
Patched in Version: 1.8.12
Severity Score: High

The vulnerability is patched, so you should update to version 1.8.12.

Plugin: TrustMate.io integration for WooCommerce
Vulnerability: Subscriber+ Arbitrary Blog Option Update
Active Installation: 300+
Patched in Version: 1.7.1
Severity Score: High

The vulnerability is patched, so you should update to version 1.8.12.

25. True Ranker

Plugin: True Ranker
Vulnerability: Unauthenticated Arbitrary File Access via Path Traversal
Active Installation: 300+
Patched in Version: 2.2.4
Severity Score: High

The vulnerability is patched, so you should update to version 2.2.4.

26. WebHotelier for WordPress

Plugin: WebHotelier for WordPress – Titan Framework
Vulnerability: Reflected Cross-Site Scripting (XSS)
Active Installation: 200+
Patched in Version: 1.6.1
Severity Score: High

The vulnerability is patched, so you should update to version 1.6.1.

Premium Plugin Vulnerabilities

In this section, the latest WordPress premium plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the version number if patched, and the severity rating.

27. Advanced Cron Manager Pro

Plugin: Advanced Cron Manager Pro  
Vulnerability: Subscriber+ Arbitrary Events/Schedules Creation/Deletion
Patched in Version: 2.5.3
Severity Score: Medium

The vulnerability is patched, so you should update to version 2.5.3.

WordPress Plugin Vulnerabilities: No Known Fix

In this section, the latest WordPress plugin vulnerabilities have been disclosed in closed plugins. Each plugin listing includes the type of vulnerability, the severity rating, and the date of closure.

28. Contact Form 7 Skins

Plugin: Contact Form 7 Skins
Vulnerability: Reflected Cross-Site Scripting (XSS)
Active Installation: 30,000+
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

29. WooRockets Nitro

Plugin: WooRockets Nitro
Vulnerability: Unauthenticated Arbitrary Plugin Installation
Patched in Version: No known fix
Severity Score: Critical

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

30. Amazon Affiliate

Plugin: Amazon Affiliate
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: No known fix
Severity Score: Medium

This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.

How to Protect Your WordPress Website From Vulnerable Plugins and Themes

As you can see from this report, lots of new WordPress plugin and theme vulnerabilities are disclosed each week. We know it can be difficult to stay on top of every reported vulnerability disclosure, so the iThemes Security Pro plugin makes it easy to make sure your site isn’t running a theme, plugin, or WordPress core version with a known vulnerability.

Get iThemes Security Pro with 24/7 Website Security Monitoring

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.

Get iThemes Security Pro





Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.