Blog: Vulnerable WordPress Plugins Report for the Week of June 15, 2018

Vulnerable Plugins

Ten disclosures since last week, with two issues unfixed.

View this week’s vulnerable plugins list.

Other Security

Came across a fun little security testing playground.  Allows you to spin up multiple vulnerable applications to practice security concepts and exploits and provide first-hand experience.  Each one has an explanation of the vulnerabilities in the environments and links out to more information.  Right now it includes WebGoat, DVWA, Juice Shop, SQLi Labs, and WordPress at version 4.8 which contained a SQL Injection vulnerability.  You’re limited to 11 minutes (don’t sign in when prompted), but that should give you enough time to play around and practice some of the techniques.  There isn’t anything here you couldn’t do by spinning up a docker container of one of these environments and using that, but it’s quick easy, and for now, free.

Last, I know several of you run Moodle on your campus. Please be aware that versions before 3.5.0 are vulnerable to a Remote Code Execution vulnerability that was disclosed earlier this week.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *