Category Archives: Security

PluginsSecurity

Jan 2021 Plugin vulnerabilities

WordPress Plugin Vulnerabilities 1. LiteSpeed Cache – Low LiteSpeed Cache versions below 3.6.1 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 3.6.1. 2. Newsletter Manager – High All versions of Newsletter Manager have a Unauthenticated Insecure Deserialization vulnerability. Remove the plugin until a security fix is released. 3. Site Offline – Medium Site Offline versions below […]...
PluginsSecurity

More December Vulnerabilities

WordPress Plugin Vulnerabilities 1. DiveBook DiveBook versions below 1.1.4 have an Improper Authorization Check, Unauthenticated SQL Injection, & Unauthenticated Reflected XSS vulnerabilities. Remove the plugin until a security fix is released. 2. Pagelayer Pagelayer versions below 1.3.5 have Multiple Reflected Cross-Site Scripting vulnerabilities. The vulnerability is patched, and you should update to version 1.3.5. 3. Ultimate Category Excluder Ultimate […]...
PluginsSecurity

Dec 2020 WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities 1. WPJobBoard WPJobBoard versions below 5.7.0 have Unauthenticated SQL Injection, Reflected XSS, & XFS vulnerabilities. The vulnerability is patched, and you should update to version 5.7.0. 2. WP Google Map Plugin WP Google Map Plugin versions below 4.1.4 have an Authenticated SQL Injection vulnerability. The vulnerability is patched, and you should update to version 4.1.4. 3. […]...
PluginsSecurityWordPress

November 2020 Vulnerabilities

WordPress Core Vulnerabilities WordPress 5.5.2 was released on October 29th and included 10 WordPress core security fixes. Here is the list of security fixes mentioned in the WordPress 5.5.2 release post. Hardened deserialization requests. Fix to disable spam embeds from disabled sites on a multisite network. Fixed a security issue that could lead to an XSS from global […]...
PluginsSecurity

October 2020 WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities 1. Live Chat – Live support Live Chat – Live support versions below 3.2.0 have a Cross-Site Request Forgery vulnerability. The vulnerability is patched, and you should update to version 3.2.0. 2. Quick Chat All versions of Quick Chat have an Unauthenticated Stored Cross-Site Scripting vulnerability. Remove the plugin until a security fix is released. 3. Child […]...
Security

WordPress Plugin Vulnerabilities for October

WordPress Plugin Vulnerabilities for October. If you have any of these plugins make sure you upgrade to their lastest versions. 1. XCloner XCloner versions below 4.2.15 have a Cross-Site Request Forgery vulnerability. The vulnerability is patched, and you should update to version 4.2.15 . 2. Ninja Forms Contact Form Ninja Forms Contact Form versions below 3.4.27.1 have a […]...
Security

WordPress Vulnerabilities September 2020

WordPress Core Vulnerabilities No WordPress core vulnerabilities were disclosed in the second of September. Just make sure you are running the latest version of WordPress, which is version 5.5.1. WordPress Plugin Vulnerabilities 1. Asset CleanUp Asset CleanUp versions below 1.3.6.7 have a Cross-Site Request Forgery and a Cross-Site Scripting vulnerabilities. The vulnerability is patched, and you should […]...