Blog: Vulnerable WordPress Plugins Report for the Week of May 24, 2019

Vulnerable Plugins

There are fifteen issues this week, with five unfixed.  The most critical this week is in WPGraphQL which includes

  • Create administrative users
  • Post comments on articles bypassing article restrictions and global moderation
  • Retrieve content of password-protected posts/articles/pages
  • Retrieve full list of registered users in the platform
  • Retrieve full list of media, comments, themes and plugins with one simple request

These vulnerabilities were discovered by PenTestPartners. The vulnerabilities have been patched in version 0.3.0

View this week’s vulnerable plugins list.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Pat Lockley

Owner, Pgogy webstuff@Pgogy

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress