Blog: Vulnerable WordPress Plugins Report for the Week of June 14, 2019

Vulnerable Plugins

There are nineteen issues this week, with five unfixed.  The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and in LionScripts IP Blocker Lite (unfixed, remove immediately) plugins, an Authenticated Arbitrary File Upload vulnerability in Shipping Servientrega Woocommerce (unfixed, remove immediately), and an Authenticated Code Execution vulnerability in Insert or Embed Articulate Content into WordPress (fix available as of June 24. 2019).

EDIT: Corrected information on Embed Articulate Content into WordPress to indicate fix available as of June 24, 2019.

View this week’s vulnerable plugins list.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Pat Lockley

Owner, Pgogy webstuff@Pgogy

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress