December 17

WordPress Vulnerability Information, December 2019

WordPress Security

0  comments

This post was originally published on this site

WordPress vulnerability news is really a every week digest of highlighted WordPress plugin safety vulnerabilities or even vulnerability discloses which have been published (you can find additional, less critical vulnerabilities on smaller plugins that unfortunately don’t ensure it is to the checklist). 

Keeping up-to-date with security vulnerabilities within WordPress along with other CMS’s can be an important section of security. This is why we have been analyzing WordPress plugins and recently disclosed vulnerabilities to ensure the sites utilizing the described plugins or designs are protected.

Just about all the vulnerabilities you discover from this content have obtained a virtual patch to the WebARX firewall. This means that if you utilize the WebARX web program firewall, your website is secure from these vulnerabilities, but it’s constantly strongly advised to update or even delete vulnerable plugins from your own site.

Is your WordPress web site secured? Take a glance at how to secure your website here.

If you’re a WordPress plugin programmer read how to secure plugins from an attackers’ perspective.

Stored Cross-Site Scripting via Shortcode within Donorbox Plugin

A robust and secure donation administration plugin, from initial set up to end-year reporting. Donorbox supplies a fast feature-filled remedy so anyone can boost funds.

Vulnerability: Stored cross-web site scripting via shortcode
Vulnerable edition: 7.1
Number of sites impacted: 5 000+

Within the Donorbox WordPress plugin, you can perform an XSS strike via the integrated shortcode by inserting arbitrary HTML features. This vulnerability was released in edition 7.1 and fixed in version 7.1.2.

Read more concerning the WordPress plugin vulnerabilities here.

Authenticated Arbitrary Plugin Deactivation within Photo Gallery – Picture Gallery by Ape Plugin

Photo Gallery – Picture Gallery by Ape is really a gallery plugin for WordPress with functions such as a responsive gallery on leading end, navigation menus, zoom and hyperlink buttons and much more.

Vulnerability: Authenticated arbitrary plugin deactivation
Vulnerable edition: 2.0.6 and below
Amount of websites affected: 6 000+

The WordPress Ape Gallery plugin (6,000+ energetic installations) fixed the vulnerability in version 2.0.6 and below which could allow a good authenticated consumer to deactivate any plugins on your blog.

Read more concerning the WordPress plugin vulnerabilities here.

Authenticated Settings Reset within GDPR Cookie Compliance Plugin

GDPR Cookie Compliance can help you with GDPR, PIPEDA, CCPA, LGPD, AAP, cookie regulation and consent observe requirements on your own website.

Vulnerability: Authenticated configurations reset
Vulnerable edition: 4.0.2 and below
Quantity of sites affected: 90 000+

The WordPress GDPR Cookie Compliance plugin (90,000+ energetic installations), fixed the vulnerability in version 4.0.2 and below which could allow an authenticated consumer to delete its configurations.

Read more concerning the WordPress plugin vulnerabilities here.

CSRF to Stored XSS within bbPress Login Register Hyperlinks On Forum Subject Pages Plugin

bbPress Login Register Hyperlinks On Forum Topic Pages is really a plugin with functions like forum login/register hyperlinks, login/logout auto redirect predicated on consumer roles, forums security against brute force episodes and bots from proxy and much more.

Vulnerability: CSRF to stored XSS
Vulnerable edition: 2.7.5 and below
Amount of sites affected: 1 000+

The PoC will undoubtedly be displayed on January 08, 2020, to provide users enough time to update.

Read more concerning the WordPress plugin vulnerabilities here.

CSRF on Optional Configurations page in bbPress Associates Only Plugin

bbPress Users Only Plugin allows you to make your bbPress web site just viewable to logged-in associate users.

Vulnerability: CSRF on optional configurations page
Vulnerable edition: 1.2.1 and below
Quantity of sites affected: 200+

The PoC will undoubtedly be displayed on January 09, 2020, to provide users enough time to update.

Read more concerning the WordPress plugin vulnerabilities here.

Missing Access Handles on REST routes within Featured Image through URL Plugin

Featured Picture from URL plugin enables you to make use of an external picture as Featured Picture of one’s post, page and Customized Write-up Type, such as for example WooCommerce Product and much more.

Vulnerability: Missing Access Regulates on Relax routes
Vulnerable edition: 2.7.7 and below
Amount of websites affected: 70 000+

The PoC will undoubtedly be displayed on January 07, 2020, to provide users enough time to update.

Read more concerning the WordPress plugin vulnerabilities here.

Multiple CSRF within Rencontre Plugin

This WordPress plugin enables you to develop a professional dating website with WordPress. It really is simple to set up and administer with many possibilities.

Vulnerability: Several CSRF
Vulnerable edition: 3.2.2 and below
Quantity of sites affected: 600+

The plugin is suffering from several CSRF issues, allowing arbitrary changes in the plugin’s configurations. The PoC will undoubtedly be shown on January 05, 2020, to provide users enough time to update.

Read more concerning the WordPress plugin vulnerabilities here.

Essential Vulnerability Patched in 301 Redirects – Easy Redirect Manager Plugin

301 Redirects can help you manage and generate 301 & 302 redirects for the WordPress web site to improve Search engine optimization and visitor encounter.

Vulnerability: Authenticated arbitrary redirect injection and modification, XSS, and CSRF
Vulnerable edition: 2.40 and below
Amount of sites affected: 70 000+

The weaknesses enable any authenticated user, even clients, to change, delete, and inject redirect tips that could potentially create a lack of site availability, along with XSS and CSRF.

The PoC will undoubtedly be displayed on January 02, 2020, to provide users enough time to update.

Read more concerning the WordPress plugin vulnerability here and here.

Authenticated Reflected XSS in CSS Hero Plugin

Screenshot from www.csshero.org

CSS Hero may be the definitive WordPress plugin to easily customize the appearance of one’s site, having an easy and intuitive point and click interface.

Vulnerability: Authenticated Reflected XSS
Vulnerable version: 4.03 and below
Number of sites affected: N/A

CSS Hero is susceptible to a reflected XSS attack (authenticated).

Read more concerning the WordPress plugin vulnerabilities here.

WordPress 5.3 – Cross-Site Scripting

5.3 expands and refines the block editor with an increase of intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to permit designers more control on the look of a niche site.

Vulnerability: Cross-site scripting (XSS)
Vulnerable version: 5.3 and earlier
The amount of sites affected: N/A

This security and maintenance release features 46 fixes and enhancements. Plus, it adds several security fixes.

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll desire to upgrade. In the event that you haven’t yet updated to 5.3, there’s also updated versions of 5.2 and earlier that fix the security issues.

  • Props to Daniel Bachhuber for finding a concern where an unprivileged user will make a post sticky via the others API.
  • Props to Simon Scannell of RIPS Technologies for finding and disclosing a concern where cross-site scripting (XSS) could possibly be stored in well-crafted links.
  • Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to make sure that it is alert to the named colon attribute.
  • Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Read more here.

Stored Cross-Site Scripting (XSS) in Scoutnet Kalender Plugin

“Scoutnet Kalender” is really a plug-in for WordPress to show one oder manyScoutnet calendars as a widget, on a full page or articles.

Vulnerability type: Cross-Site Scripting (XSS)
Vulnerable version: 1.1.0
Number of sites affected: 300+

The plugin will not sanitize the ‘Info’ field from embedded calendars (which are retrieved from Scoutnet and so are definitely not owned/managed by the administrator of your blog).

Read more concerning the WordPress plugin vulnerabilities here.

Authentication Bypass in Ultimate Addons for Elementor Plugin

plugin vulnerabilities

A library of unique Elementor Widgets to include more functionality and flexibility to your preferred page builder.

Vulnerability type: Authentication bypass
Vulnerable version: 1.20.0 and below
Number of sites affected: N/A

The vulnerability is fixed in version 1.24.1.

Read more concerning the WordPress plugin vulnerabilities here.

Authentication Bypass in Ultimate Addons for Beaver Builder Plugin

plugin vulnerabilities

Transform your productivity with custom Beaver Builder modules and templates.

Vulnerability type: Authentication bypass
Vulnerable version: 1.24.0 and below
Number of sites affected: N/A

The vulnerability is fixed in version 1.24.1.

Read more concerning the WordPress plugin vulnerabilities here.

Authenticated Reflected XSS in Quiz And Survey Master Plugin

plugin vulnerabilities

You can simply create surveys for the users. Everything from client satisfaction surveys to employee surveys.

Vulnerability type: Authenticated Reflected XSS
Vulnerable version: 6.3.5 and below
Number of sites affected: 20 000+

Read more concerning the WordPress plugin vulnerabilities here.

Protect Websites From Plugin Vulnerabilities


Start free trial

Google Blacklist

Conclusion

WordPress sites are increasingly being hacked and infected each day. Some statistics say that about 30,000 websites are infected with some form of malware daily. Every public website is really a resource available on the web and for that reason it’s a target. It’s vital that you understand that when your website can be acquired to the general public, it immediately becomes a target. 

It may take just days from the disclosed plugin vulnerability to a full-scale attack campaign. Attacks in this nature are nearly always automated. In order to fight back, you’ve got a small time window to do this. In such instances, web application firewalls have critical importance.

Always keep your plugins updated. When possible, enable automatic updates. If you work with the mentioned plugins, you will need to update it with the latest version at the earliest opportunity to be sure WordPress plugin security vulnerabilities won’t affect your sites.

WebARX web application firewall gets virtual patches which are distributed automatically on the list of sites when vulnerabilities are discovered. Threat intelligence and prevention are our main focus and therefore our firewall engine is updated on a regular basis.

Websites with WebARX firewall installed are protected from the security issues mentioned in this specific article. If you’re not protecting your WordPress site against plugin vulnerabilities yet go and start free of charge here.

The post WordPress Vulnerability News, December 2019 appeared first on WebARX.

About the author 

WP Maintain Support Protect

You may also like

WordPress Vulnerability Information, October 2020

Vulnerability Exposes Over 4 Million Sites Using WPBakery

High Severity Vulnerabilities within Post Grid and Group Showcase Plugins

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!