Skip to content
From our Community Blog:

Vulnerable WordPress Plugins Report for the Week of August 23, 2019

Subscribe to Community Blog updates

Vulnerable Plugins

There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren't showing as available yet in the public repository.  The most critical this week are a Privilege Escalation vulnerability in WP Front End Profile (fix available), a CSV Injection vulnerability in Import Export WordPress Users (fix available) and a SQL Injection vulnerability in Web Librarian (fix available). There's also an unfixed Cross-Site Request Forgery to CRM reset (where it deletes the associated data) vulnerability in Zero BS WordPress CRM.

View this week's vulnerable plugins list.


Login to WordPress