Contributor: Pat Lockley

Pat Lockley

Owner, Pgogy webstuff@Pgogyhttps://pgogywebstuff.com

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Blog: Vulnerable WordPress Plugins Report for the Week of August 16, 2019

Vulnerable Plugins There are eighteen issues this week, with eight unfixed.  The most critical this week is an Arbitrary File Upload vulnerability via Cross-Site Request Forgery vulnerability in the Maintenance plugin. No fix is available as of this publishing date, and the plugin has been closed in the public repository. View this week’s vulnerable plugins […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 9, 2019

Vulnerable Plugins There are eighteen issues this week, with three unfixed.  The most critical this week are Privilege Escalation vulnerabilities via Unauthenticated Option Update vulnerabilities in the Donations, Booking, Learning Courses, and Restaurant Reservations plugins (fixes available for all). View this week’s vulnerable plugins list. Other News I’m back! Huge thank you goes out to […]

Blog: Vulnerable Plugins report for the week of August 2nd, 2019

23 vulnerabilities this week, with 9 unfixed (some are commercial plugins where a change log isn’t easily available, some are dot org plugins are being worked on – see the notes column for more) View this week’s vulnerable plugins list        

Blog: Vulnerable Plugins report for the week of July 26th, 2019

27 vulnerabilities this week (which means so far in july we’ve had 105 issues), with 4 unfixed. It’s bad week for cache plugins, with WP Super Cache, WP fastest cache and breeze all having fixes. View this week’s vulnerable plugins list The WPCampus 2019 conference is currently happening! Check out the schedule for lots of […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 12, 2019

Vulnerable Plugins There are twenty nine issues this week, with only one unfixed.  The most critical this week are Authenticated (low privileged user) Arbitrary Options Update vulnerability in the One Click SSL plugin (fix available) and in the WPTF Hybrid Composer plugin (fix available), and multiple critical issues in the File Manager (by mndpsingh287) plugin […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 5, 2019

Vulnerable Plugins There are twenty four issues this week, with five unfixed.  The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin and an unfixed Authenticate Remote Code Execution vulnerability in the Newsletter plugin. Both plugins have been closed in the public plugin repository. In addition, there […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 14, 2019

Vulnerable Plugins There are nineteen issues this week, with five unfixed.  The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and in LionScripts IP Blocker Lite (unfixed, remove immediately) plugins, an Authenticated Arbitrary File Upload vulnerability in Shipping Servientrega Woocommerce (unfixed, remove immediately), and an Authenticated […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 31, 2019

Vulnerable Plugins There are sixteen issues this week, with two unfixed.  The most critical this week are a privilege escalation issue in Slick Popups and an Unauthenticated Administrator Creation vulnerability in Convert Plus. Both issues were discovered by WordFence/Defiant. View this week’s vulnerable plugins list.

Blog: Vulnerable WordPress Plugins Report for the Week of May 24, 2019

Vulnerable Plugins There are fifteen issues this week, with five unfixed.  The most critical this week is in WPGraphQL which includes Create administrative users Post comments on articles bypassing article restrictions and global moderation Retrieve content of password-protected posts/articles/pages Retrieve full list of registered users in the platform Retrieve full list of media, comments, themes […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 17, 2019

Vulnerable Plugins There are nineteen issues this week, with five unfixed.  The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in Ultimate Member discovered by Sucri earlier this week. There was also a Local File Inclusion vulnerability disclosed in Photo Gallery by 10Web that does not […]