In blog, CMS, News, SEO, WordPress

The WordPress Vulnerability report is as follows.

WordPress Plugin : 

1. WPJobBoard

  • WPJobBoard versions below 5.7.0 have Unauthenticated SQL Injection, Reflected XSS, & XFS vulnerabilities.
  • The vulnerability is patched, and you should update to version 5.7.0.

2. WP Google Map Plugin

  • WP Google Map Plugin versions below 4.1.4 have an Authenticated SQL Injection vulnerability.
  • The vulnerability is patched, and you should update to version 4.1.4.

3. BuddyPress

  • BuddyPress versions below 6.4.0 Lack of Capability Check vulnerability.
  • The vulnerability is patched, and you should update to version 6.4.0.

4. Events Manager

  • Events Manager versions below 5.9.8 have a Cross-Site Scripting & an SQL Injection vulnerability.
  • The vulnerability is patched, and you should update to version 5.9.8.

5. Age Gate

  • Age Gate versions below 2.13.5 have an Unauthenticated Open Redirect vulnerability.
  • The vulnerability is patched, and you should update to version 2.13.5.

6. Canto

  • All versions of Canto have an Unauthenticated Blind SSRF vulnerability.
  • Remove the plugin until a security fix is released.

7. Profile Builder

  • Profile Builder versions below 3.3.3 have an Authenticated Blind SQL Injection vulnerability.
  • The vulnerability is patched, and you should update to version 2.2.9.

8. Paid Memberships Pro

  • Paid Memberships Pro versions below 2.5.1 have an Authenticated Cross-Site Scripting vulnerability.
  • The vulnerability is patched, and you should update to version 2.5.1.

9. Themify Portfolio Post

  • Themify Portfolio Post versions below 1.1.6 an Authenticated Stored Cross-Site Scripting vulnerability.
  • The vulnerability is patched, and you should update to version 1.1.6.

10. Easy WP SMTP

  • Easy WP SMTP versions below 1.4.3 have a Debug Log Disclosure vulnerability.
  • The vulnerability is patched, and you should update to version 1.4.3.

WordPress Theme : 

1. Wibar

  • Wibar versions below 1.2.1 has an Authenticated Stored Cross-Site Scripting vulnerability.
  • The vulnerability is patched, and you should update to version 1.2.1.

It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.

 

Contact Us

Contact Us

Not readable? Change text. captcha txt
WordPress Vulnerability Report: January 2020WordPress Vulnerability Report: January 2020

Facing WordPress Issues?

Get Free Analysis Report Today!