Recent posts

#1
WordPress Vulnerability / WordPress Photo Gallery by Sup...
Last post by Kailash - Jun 16, 2022, 06:28 AM
WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change

Plugin name: Photo Gallery by Supsystic
Vulnerable versions: <= 1.15.5
Fixed in: N/A
CVE ID: CVE-2021-36891
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change discovered by Rasi Afeef (Patchstack Alliance) in WordPress Photo Gallery by Supsystic plugin (versions <= 1.15.5).

Solution

No patched version available. It is recommended to disable and delete this plugin until there is a patch available to address this.

Plugin Link: https://wordpress.org/plugins/gallery-by-supsystic/
#2
WordPress Vulnerability / WordPress Ninja Forms plugin <...
Last post by Kailash - Jun 16, 2022, 06:24 AM
WordPress Ninja Forms Contact Form plugin <= 3.6.10 - Unauthenticated PHP Object Injection vulnerability

Plugin name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Vulnerable versions: <= 3.6.10
Fixed in: 3.6.11
CVE ID: N/A
Classification: PHP Object Injection
Publicly disclosed: 2022-06-15

Vulnerability Details

Unauthenticated PHP Object Injection vulnerability discovered in WordPress Ninja Forms plugin (versions <= 3.6.10).

Solution

Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.11).

Plugin Link: https://wordpress.org/plugins/ninja-forms/
#3
WordPress Vulnerability / WordPress Social Media Share B...
Last post by Kailash - Jun 16, 2022, 06:22 AM
WordPress Social Media Share Buttons | MashShare plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: Social Media Share Buttons | MashShare
Vulnerable versions: <= 3.8.1
Fixed in: N/A
CVE ID: CVE-2021-36849
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-16

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Share Buttons plugin (versions <= 3.8.1).

Solution

No patched version available hence it is recommended to disable and delete this plugin until an update is available to address this.

Plugin Link: https://wordpress.org/plugins/mashsharer/
#4
WordPress Vulnerability / WordPress WP Contact Slider pl...
Last post by Kailash - Jun 15, 2022, 10:29 AM
WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: WP Contact Slider
Vulnerable versions: <= 2.4.6
Fixed in: 2.4.7
CVE ID: CVE-2022-1301
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin (versions <= 2.4.6).

Solution

Update the WordPress WP Contact Slider plugin to the latest available version (at least 2.4.7).

Plugin Link: https://wordpress.org/plugins/wp-contact-slider/
#5
WordPress Vulnerability / WordPress Clearfy Cache plugin...
Last post by Kailash - Jun 15, 2022, 10:26 AM
WordPress Clearfy Cache plugin <= 2.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Vulnerable versions: <= 2.0.4
Fixed in: 2.0.5
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Clearfy Cache plugin (versions <= 2.0.4).

Solution

Update the WordPress Clearfy Cache plugin to the latest available version (at least 2.0.5).

Plugin Link: https://wordpress.org/plugins/clearfy/
#6
WordPress Vulnerability / WordPress Real Cookie Banner p...
Last post by Kailash - Jun 15, 2022, 10:23 AM
WordPress Real Cookie Banner plugin <= 2.18.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent
Vulnerable versions: <= 2.18.1
Fixed in: 2.18.2
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Real Cookie Banner plugin (versions <= 2.18.1).

Solution

Update the WordPress Real Cookie Banner plugin to the latest available version (at least 2.18.2).

Plugin Link: https://wordpress.org/plugins/real-cookie-banner/
#7
WordPress Vulnerability / WordPress WP Contact Slider pl...
Last post by Kailash - Jun 15, 2022, 10:21 AM
WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: WP Contact Slider
Vulnerable versions: <= 2.4.6
Fixed in: 2.4.7
CVE ID: CVE-2022-1301
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin (versions <= 2.4.6).

Solution

Update the WordPress WP Contact Slider plugin to the latest available version (at least 2.4.7).

Plugin Link: https://wordpress.org/plugins/wp-contact-slider/
#8
WordPress Vulnerability / WordPress Easy Testimonials pl...
Last post by Kailash - Jun 15, 2022, 10:18 AM
WordPress Easy Testimonials plugin <= 3.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Easy Testimonials
Vulnerable versions: <= 3.8
Fixed in: 3.9
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Easy Testimonials plugin (versions <= 3.8).

Solution

Update the WordPress Easy Testimonials plugin to the latest available version (at least 3.9).

Plugin Link: https://wordpress.org/plugins/easy-testimonials/
#9
WordPress Vulnerability / WordPress Checkout Fields Mana...
Last post by Kailash - Jun 15, 2022, 10:15 AM
WordPress Checkout Fields Manager for WooCommerce plugin <= 5.5.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Checkout Fields Manager for WooCommerce
Vulnerable versions: <= 5.5.6
Fixed in: 5.5.7
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Checkout Fields Manager for WooCommerce plugin (versions <= 5.5.6).

Solution

Update the WordPress Checkout Fields Manager for WooCommerce plugin to the latest available version (at least 5.5.7).

Plugin Link: https://wordpress.org/plugins/woocommerce-checkout-manager/
#10
WordPress Vulnerability / WordPress ShortPixel Image Opt...
Last post by Kailash - Jun 15, 2022, 10:12 AM
WordPress ShortPixel Image Optimizer plugin <= 4.22.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: ShortPixel Image Optimizer
Vulnerable versions: <= 4.22.9
Fixed in: 4.22.10
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress ShortPixel Image Optimizer plugin (versions <= 4.22.9).

Solution

Update the WordPress ShortPixel Image Optimizer plugin to the latest available version (at least 4.22.10).

Plugin Link: https://wordpress.org/plugins/shortpixel-image-optimiser/