WordPress Vulnerabilities, 2019-04-11

It is important to keep your WordPress website updated to maintain security. If you need help maintaining the security of your WordPress website, please contact us. We provide automatic backups and updates with all of our hosting packages.

Here are a list of recent vulnerabilities as reported by the WP Vulnerability Database:

Latest WordPress Vulnerabilities


2019-03-13 WordPress 3.9-5.1 – Comment Cross-Site Scripting (XSS)
2019-02-19 WordPress 3.7-5.0 (except 4.9.9) – Authenticated Code Execution
2018-12-13 WordPress <= 5.0 – Authenticated File Delete
2018-12-13 WordPress <= 5.0 – Authenticated Post Type Bypass
2018-12-13 WordPress <= 5.0 – PHP Object Injection via Meta Data
2018-12-13 WordPress <= 5.0 – Authenticated Cross-Site Scripting (XSS)
2018-12-13 WordPress <= 5.0 – Cross-Site Scripting (XSS) that could affect plugins

Latest Plugin Vulnerabilities


2019-04-11 Download Advanced Contact form 7 DB <= 1.6.0 – Authenticated SQL Injection
2019-04-10 Yuzo Related Posts – Unauthenticated Call Any Action or Update Any Option
2019-04-05 Duplicate Page <= 3.3 – Authenticated SQL Injection
2019-04-05 Contact Form by WD <= 1.13.4 – Cross-Site Request Forgery to LFI
2019-04-05 Form Maker by 10Web <= 1.13.4 – Cross-Site Request Forgery (CSRF) to LFI
2019-04-02 WP Google Maps 7.11.00-7.11.17 – Unauthenticated SQL Injection
2019-04-01 Ultimate Member <= 2.0.39 – Cross-Site Request Forgery (CSRF)

Latest Theme Vulnerabilities


2019-02-14 Newspaper Theme <= 9.2.2 – Cross-Site Scripting (XSS)
2018-12-04 JobCareer | Job Board Responsive WordPress Theme <= 2.4 – User enumeration & …
2018-10-30 ElegantThemes (divi, extra, divi-builder) – Authenticated Stored Cross-Site S…
2018-08-19 Supreme Directory Theme <= 1.1.8 – Unauthenticated Cross-Site Scripting (XSS)
2018-05-10 BBE Theme <= 1.52 – Direct Object Reference
2018-02-08 Swape Theme – Authentication Bypass and Stored XSS
2018-01-27 Enfold Theme <= 4.2 – Rewrite Portfolio Permalink Structure & Information Dis…