• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report – February 2, 2022

WordPress Vulnerability Report – February 2, 2022

Written by

Michael Moore

on

February 2, 2022

Last Updated on February 2, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. New in this report: vulnerabilities are now listed in order by the number of active installs, rather than the date of the disclosure.

Please share this post with your friends to help get the word out and make WordPress safer for everyone!

Contents of the February 2, 2022 Report

WordPress 5.9: Core Major Version Update Now Available

WordPress 5.9 “Joséphine” was released on January 25, 2022, as the first major WordPress core release of the year. The biggest thing to know about WordPress 5.9 is simply this: Full Site Editing (FSE) using the WordPress block editor is here (well, if you want to use it or your theme supports it).

WordPress 5.9 represents the largest release of Gutenberg features since the initial Gutenberg launch in WordPress 5.0. In addition, WordPress 5.9 includes 99 enhancements and 100 bug fixes.

In this post, we unpack what’s new and noteworthy in WordPress 5.9 so you can get the most out of the latest version of WordPress.

You can update to WordPress 5.9 by downloading from WordPress.org or visiting your WordPress admin dashboard > Updates and clicking Update Now.

If you have sites that have enabled automatic background updates, they should have already updated successfully. Just be sure to verify that all your WordPress sites are on WordPress 5.9.

WordPress Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed. Each plugin listing includes the type of vulnerability, the active installations, the version number if patched, and the severity rating.

Essential Addons for Elementor

Product image for Essential Addons for Elementor.

Plugin
Essential Addons for Elementor

Installations
1,000,000+

Vulnerability
Unauthenticated LFI

Patched in Version
5.0.5

Severity Score
Critical

The vulnerability has been patched, so you should update to version 5.0.5.

Use Any Font

Product image for Use Any Font | Custom Font Uploader.

Plugin
Use Any Font | Custom Font Uploader

Installations
200,000+

Vulnerability
Unauthenticated Arbitrary CSS Appending

Patched in Version
6.2.1

Severity Score
High

The vulnerability has been patched, so you should update to version 6.2.1.

TI WooCommerce Wishlist

Product image for TI WooCommerce Wishlist.

Plugin
TI WooCommerce Wishlist

Installations
100,000+

Vulnerability
Unauthenticated Blind SQL Injection

Patched in Version
1.40.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.40.1.

StatCounter

Plugin
StatCounter – Free Real Time Visitor Stats

Installations
100,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
2.0.7

Severity Score
Low

The vulnerability has been patched, so you should update to version 2.0.7.

WPvivid Backup and Migration Plugin

Product image for Migration, Backup, Staging – WPvivid Backup and Migration Plugin.

Plugin
Migration, Backup, Staging – WPvivid Backup and Migration Plugin

Installations
100,000+

Vulnerability
Unauthenticated Stored Cross-Site Scripting

Patched in Version
0.9.69

Severity Score
Critical

The vulnerability has been patched, so you should update to version 0.9.69.

LearnPress

Product image for LearnPress – WordPress LMS Plugin.

Plugin
LearnPress – WordPress LMS Plugin

Installations
100,000+

Vulnerability
Arbitrary Image Renaming

Patched in Version
4.1.5

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.1.5.

WP RSS Aggregator

Product image for WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More.

Plugin
WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More

Installations
60,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
4.20

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.20.

Simple Membership

Product image for Simple Membership.

Plugin
Simple Membership

Installations
50,000+

Vulnerability
Arbitrary Member Deletion via CSRF

Patched in Version
4.0.9

Severity Score
Medium

The vulnerability has been patched, so you should update to version 4.0.9.

Better Notifications for WP

Product image for Customize WordPress Emails and Alerts – Better Notifications for WP.

Plugin
Customize WordPress Emails and Alerts – Better Notifications for WP

Installations
40,000+

Vulnerability
Email Address Disclosure

Patched in Version
1.8.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.7.

Post Snippets

Product image for Post Snippets.

Plugin
Post Snippets

Installations
30,000+

Vulnerability
CSRF to Stored Cross-Site Scripting

Patched in Version
3.1.4

Severity Score
High

The vulnerability has been patched, so you should update to version 3.1.4.

Blackhole for Bad Bots

Product image for Blackhole for Bad Bots.

Plugin
Blackhole for Bad Bots

Installations
30,000+

Vulnerability
Arbitrary IP Address Blocking via IP Spoofing

Patched in Version
3.3.2

Severity Score
High

The vulnerability has been patched, so you should update to version 3.3.2.

WP Visitor Statistics (Real Time Traffic)

Product image for WP Visitor Statistics (Real Time Traffic).

Plugin
WP Visitor Statistics (Real Time Traffic)

Installations
20,000+

Vulnerability
Arbitrary IP Address Exclusion to Stored XSS

Patched in Version
5.5

Severity Score
High

The vulnerability has been patched, so you should update to version 5.5.

WP Accessibility Helper (WAH)

Product image for WP Accessibility Helper (WAH).

Plugin
WP Accessibility Helper (WAH)

Installations
20,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
0.6.0.7

Severity Score
Medium

The vulnerability has been patched, so you should update to version 0.6.0.7.

Asgaros Forum

Product image for Asgaros Forum.

Plugin
Asgaros Forum

Installations
20,000+

Vulnerability
Subscriber+ Blind SQL Injection

Patched in Version
2.0.0

Severity Score
High

The vulnerability has been patched, so you should update to version 2.0.0.

WP Google Map

Product image for Maps Plugin using Google Maps for WordPress – WP Google Map.

Plugin
Maps Plugin using Google Maps for WordPress – WP Google Map

Installations
20,000+

Vulnerability
Arbitrary Post Deletion and Plugin’s Settings Update via CSRF

Patched in Version
1.8.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.8.4.

WHMCS Bridge

Product image for WHMCS Bridge.

Plugin
WHMCS Bridge

Installations
10,000+

Vulnerability
Reflected Cross-Site Scripting (XSS)

Patched in Version
6.4b

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.4b.

WP Review Slider

Product image for WP Review Slider.

Plugin
WP Review Slider

Installations
10,000+

Vulnerability
Admin+ SQL Injection

Patched in Version
11.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 11.0.

WP Ultimate CSV Importer

Product image for Easy Drag And drop All Import : WP Ultimate CSV Importer.

Plugin
Easy Drag And drop All Import : WP Ultimate CSV Importer

Installations
10,000+

Vulnerability
Admin+ Stored Cross-Site Scripting

Patched in Version
6.4.3

Severity Score
Low

The vulnerability has been patched, so you should update to version 6.4.3.

AP Custom Testimonial

Product image for Testimonial WordPress Plugin – AP Custom Testimonial.

Plugin
Testimonial WordPress Plugin – AP Custom Testimonial

Installations
4,000+

Vulnerability
Reflected Cross-Site Scripting; Admin+ SQL Injection

Patched in Version
1.4.8

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.4.8.

Logo Showcase with Slick Slider

Product image for Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid.

Plugin
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid

Installations
3,000+

Vulnerability
Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

Patched in Version
2.0.1

Severity Score
Medium

The vulnerability has been patched, so you should update to version 2.0.1.

WP User

Product image for WP User – Custom Registration Forms, Login and User Profile.

Plugin
WP User – Custom Registration Forms, Login and User Profile

Installations
2,000+

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
7.0

Severity Score
Medium

The vulnerability has been patched, so you should update to version 7.0.

WS Form

Product image for WS Form LITE – Drag & Drop Contact Form Builder for WordPress.

Plugin
WS Form LITE – Drag & Drop Contact Form Builder for WordPress

Installations
1,000+

Vulnerability
Admin+ Stored Cross-Site Scripting; Unauthenticated Stored Cross-Site Scripting

Patched in Version
1.8.176

Severity Score
High

The vulnerability has been patched, so you should update to version 1.8.176.

Premium Plugin Vulnerabilities

In this section, the latest WordPress plugin vulnerabilities have been disclosed in closed plugins. Each plugin listing includes the type of vulnerability, the severity rating, and the date of closure

Super Forms

Plugin
Super Forms – Drag & Drop Form Builder

Installations
Unknown (Premium Plugin)

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
6.0.4

Severity Score
Medium

The vulnerability has been patched, so you should update to version 6.0.4.

WordPress GDPR & CCPA

Plugin
WordPress GDPR

Installations
Unknown (Premium Plugin)

Vulnerability
Authenticated Reflected Cross-Site Scripting; Unauthenticated Reflected Cross-Site Scripting

Patched in Version
1.9.27

Severity Score
Medium

The vulnerability has been patched, so you should update to version 1.9.27.

Ti WooCommerce Wishlist Pro

Plugin
TI WooCommerce Wishlist Pro

Installations
Unknown (Premium Plugin)

Vulnerability
Unauthenticated Blind SQL Injection

Patched in Version
1.40.1

Severity Score
High

The vulnerability has been patched, so you should update to version 1.40.1.

AdSanity

Plugin
AdSanity

Installations
Unknown (Premium Plugin)

Vulnerability
Contributor Arbitrary File Upload

Patched in Version
1.8.2

Severity Score
Critical

The vulnerability has been patched, so you should update to version 1.8.2.

WordPress Plugin Vulnerabilities – No Known Fix

In this section, the latest WordPress plugin vulnerabilities have been disclosed in closed plugins. Each plugin listing includes the type of vulnerability, the severity rating, and the date of closure

Embed Swagger

Plugin
Embed Swagger

Vulnerability
Reflected Cross-Site Scripting

Patched in Version
No Fix

Severity Score
Medium

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

Crazy Bone

Plugin
Crazy Bone

Vulnerability
Unauthenticated Stored XSS

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WP Responsive Menu

Plugin
WP Responsive Menu

Vulnerability
Subscriber Settings Update to Stored XSS

Patched in Version
No Fix

Severity Score
High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

No new theme vulnerabilities were disclosed this week.

How to Protect Your WordPress Website From Vulnerable Plugins and Themes

As you can see from this report, lots of new WordPress plugin and theme vulnerabilities are disclosed each week. We know it can be difficult to stay on top of every reported vulnerability disclosure, so the iThemes Security Pro plugin makes it easy to make sure your site isn’t running a theme, plugin, or WordPress core version with a known vulnerability.

Get iThemes Security Pro with 24/7 Website Security Monitoring

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add extra layers of security to your website.

Get iThemes Security Pro

Michael Moore

Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.

wordpress vulnerability report

Source link

Written by:
Abdul Wahid
Published on:
February 6, 2022

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Latest News (284)
  • Plugins (323)
  • Themes (331)
  • Tutorials (414)
  • Videos (843)
  • Woocommerce (421)

Recent Articles

ecommerce website bangla tutorial | woocommerce store bangla tutorial | Martfury theme | part-01

Theme : …

Continue Reading about ecommerce website bangla tutorial | woocommerce store bangla tutorial | Martfury theme | part-01

Vehicles fire off multiple shots in Ascension

PRAIRIEVILLE, La. —- Residents in the area between …

Continue Reading about Vehicles fire off multiple shots in Ascension

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter