Dec 2020 WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities

1. WPJobBoard

WPJobBoard versions below 5.7.0 have Unauthenticated SQL Injection, Reflected XSS, & XFS vulnerabilities.

The vulnerability is patched, and you should update to version 5.7.0.

2. WP Google Map Plugin

WP Google Map Plugin versions below 4.1.4 have an Authenticated SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 4.1.4.

3. BuddyPress

BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability.

The vulnerability is patched, and you should update to version 6.4.0.

4. Events Manager

Events Manager versions below 5.9.8 have a Cross-Site Scripting & an SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 5.9.8.

5. Age Gate

Age Gate versions below 2.13.5 have an Unauthenticated Open Redirect vulnerability.

The vulnerability is patched, and you should update to version 2.13.5.

6. Canto

All versions of Canto have an Unauthenticated Blind SSRF vulnerability.

Remove the plugin until a security fix is released.

7. Profile Builder

Profile Builder versions below 3.3.3 have an Authenticated Blind SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 2.2.9.

8. Paid Memberships Pro

Paid Memberships Pro versions below 2.5.1 have an Authenticated Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.5.1.

9. Themify Portfolio Post

Themify Portfolio Post versions below 1.1.6 an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.1.6.

10. Easy WP SMTP

Easy WP SMTP versions below 1.4.3 have a Debug Log Disclosure vulnerability.

The vulnerability is patched, and you should update to version 1.4.3.

WordPress Theme Vulnerabilities

1. Wibar

Wibar versions below 1.2.1 has an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.2.1.