Blog: Vulnerable WordPress Plugins Report for the Week of August 23, 2019

Vulnerable Plugins

There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren’t showing as available yet in the public repository.  The most critical this week are a Privilege Escalation vulnerability in WP Front End Profile (fix available), a CSV Injection vulnerability in Import Export WordPress Users (fix available) and a SQL Injection vulnerability in Web Librarian (fix available). There’s also an unfixed Cross-Site Request Forgery to CRM reset (where it deletes the associated data) vulnerability in Zero BS WordPress CRM.

View this week’s vulnerable plugins list.


Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Pat Lockley

Owner, Pgogy webstuff@Pgogy

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress