WPForms Plugin version 1.5.8.2 and below were found to be vulnerable to authenticated stored XSS while I was auditing the plugin. WPForms version 1.5.9 with improved data sanitization was released on March 5, 2020. CVE ID: CVE-2020-10385 Summary WPForms is a popular WordPress forms plugin with over 3 million active installations. It was found to be vulnerable to authenticated Cross-Site…
Export Users to CSV is a WordPress plugin that allows website owners/admins to export users list and metadata in a CSV file. While testing the plugin, I was able to find that it is vulnerable to CSV Injection. CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as…
While testing the popular WordPress LMS plugin, Tutor LMS, I was able to find that the plugin is vulnerable to Cross-Site Request Forgery (CSRF). All WordPress websites using Tutor LMS version 1.5.2 and below are affected. CVE ID: CVE-2020-8615 CWE ID: CWE-352 Summary The Tutor LMS WordPress plugin is a feature-packed plugin that enables users to create and sell courses.…
On testing the popular WordPress testimonials plugin, Strong Testimonials, I found multiple stored XSS vulnerabilities in the plugin. All WordPress websites using Strong Testimonials version 2.40.0 and below are affected. CVE ID: CVE-2020-8549 CWE ID: CWE-79 Summary Strong Testimonials is a popular and easily customizable WordPress testimonial plugin with over 90,000 active installations. The stored XSS vulnerabilities found in the…
While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version from 3.0.0 through 3.1.1 are affected. CVE ID: CVE-2020-7108 CWE ID: CWE-79 Summary LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the…
WP maintenance plugin has been found to be vulnerable to CSRF and stored XSS. On November 15th, WordFence reported the vulnerability to WP maintenance plugin's developers. Following which the plugin developers (Florent Malliefaud) urgently patched the vulnerability in just a day. Version 5.0.6 is free of vulnerabilities. We recommend you update your plugin from any previous version to this. About…
WordPress theme-Bridge has been found to have an open redirect vulnerability. As its name suggests, this vulnerability lets a hacker redirect a site's visitors to unauthentic & malicious domains. Anyone on the version <=18.2 faces risk. With this post, we intend to make you aware of the vulnerability and the quick mitigation measures you can take. Plus, we'll dissect the…
A severe XSS vulnerability has been uncovered inside the Rich Reviews plugin. An estimate has it that the plugin Rich Reviews has more than 16,000 active downloads. Even though critical, the discovery of the vulnerability isn't surprising, given the fact that the plugin has not been updated in more than two years. In fact, Rich Reviews has been removed from…
Plugin Name: GiveWP Vulnerability: Authentication Bypass with Information Disclosure Affected Versions: <= 2.5.4 Patched Version: 2.5.5 Just a few weeks ago, a vulnerability was detected in GiveWP, a WordPress plugin installed on more than 70,000 websites. Considered a high-security issue, this vulnerability is affecting the websites running Give 2.5.4 or below, as such must be updated to version 2.5.5. …
Plugin name: Data privacy extended (data protection law) - GDPR Module Vulnerability name: CSRF (Cross-Site Request Forgery) in the "Delete Account" Affected Prestashop versions: v1.6.0.4 - v1.7.6.0 Vulnerable Version: <3.7.8 Patched version: 3.7.8 Vulnerability Reported: 20th June 2019 Vulnerability Patched: 25th June 2019 While performing a security audit on one of our Prestashop clients at Astra, I found a critical…
