The WPCampus Blog: Uncategorized

Blog: Vulnerable WordPress Plugins Report for the Week of March 22, 2019

Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Unauthenticated Arbitrary wp_options import vulnerability in Easy WP SMTP, and the Unauthenticated SQL Injection vulnerability in Better Search both of which have been fixed in their most recent updates. View this week’s vulnerable plugins […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 15, 2019

Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera Forms Pro, and the Privilege Escalation vulnerability in SiteGround Optimizer. Both issues were discovered by Sucuri. View this week’s vulnerable plugins list. Other WordPress Security […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of December 29, 2017 and January 5, 2018

Vulnerable Plugins Ten disclosures over the last two weeks, with four issues unfixed. View this week’s vulnerable plugins list. I hope everyone had a wonderful and relaxing holiday break. Unfortunately, vulnerabilities and disclosures did not rest. Two critical situations were disclosed during that time: an Unauthenticated Arbitrary File Upload discovered in the LearnDash LMS plugin by […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 15, 2017

Vulnerable Plugins Eight disclosures this week, with two issues unfixed, and two where I’m not sure. View this week’s vulnerable plugins list. The two I’m unsure of this week are with iTheme’s Backupbuddy plugin.  Backupbuddy is a paid plugin, so I do not have access to the source files.  The last changelog mention I can […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 8, 2017

Vulnerable Plugins Seventeen disclosures this week, with eight issues unfixed. View this week’s vulnerable plugins list. Other Security News The big disclosure this week was the breach at Equifax. If you haven’t head about it yet, I strongly recommend you read the write up by Brian Krebs over at krebsonsecurity.com. The TL;DR is Equifax, one […]

Blog: Vulnerable WordPress Plugins/Themes Report for the Week of August 18, 2017

Vulnerable Plugins/Themes Eleven disclosures this week, with three issues unfixed. View week’s vulnerable plugin list. Going to highlight a couple from this week. The first is the discovery by researcher Lenon Leite who discovered a SQL Injection vulnerability in the plugin Link Library.  Just like with last week’s SQL Injection examples, this vulnerability requires an authenticated user […]

Blog: Vulnerable WordPress Plugins Report for the week of August 4, 2017

Vulnerable Plugins Six disclosures this week, with three issues unfixed. View this week’s vulnerable plugin list. One of the disclosures is actually from last week that I intended to include but forgot.  I want to bring attention to it because it highlights how vulnerabilities can, and often are, stacked.  Wordfence recently wrote about how attackers […]