WordPress Vulnerabilities, 2019-04-25

It is important to keep your WordPress website updated to maintain security. If you need help maintaining the security of your WordPress website, please contact us. We provide automatic backups and updates with all of our hosting packages.

Here are a list of recent vulnerabilities as reported by the WP Vulnerability Database:

Latest WordPress Vulnerabilities


2019-03-13 WordPress 3.9-5.1 – Comment Cross-Site Scripting (XSS)
2019-02-19 WordPress 3.7-5.0 (except 4.9.9) – Authenticated Code Execution
2018-12-13 WordPress <= 5.0 – Authenticated File Delete
2018-12-13 WordPress <= 5.0 – Authenticated Post Type Bypass
2018-12-13 WordPress <= 5.0 – PHP Object Injection via Meta Data
2018-12-13 WordPress <= 5.0 – Authenticated Cross-Site Scripting (XSS)
2018-12-13 WordPress <= 5.0 – Cross-Site Scripting (XSS) that could affect plugins

Latest Plugin Vulnerabilities


2019-04-23 Contact Form Builder <= 1.0.68 – CSRF to LFI
2019-04-17 WordPress Download Manager <= 2.9.93 – Authenticated Cross-Site Scripting (XSS)
2019-04-11 Download Advanced Contact form 7 DB <= 1.6.0 – Authenticated SQL Injection
2019-04-11 YellowPencil Visual CSS Style Editor – Unauthenticated Arbitrary Options Updates
2019-04-10 Yuzo Related Posts – Unauthenticated Call Any Action or Update Any Option
2019-04-09 WP Statistics <= 12.6.3 – Cross-Site Scripting (XSS)
2019-04-05 Duplicate Page <= 3.3 – Authenticated SQL Injection

Latest Theme Vulnerabilities


2019-04-18 CarSpot Theme <= 2.1.6 – Authenticated Stored XSS
2019-02-14 Newspaper Theme <= 9.2.2 – Cross-Site Scripting (XSS)
2018-12-04 JobCareer | Job Board Responsive WordPress Theme <= 2.4 – User enumeration & …
2018-10-30 ElegantThemes (divi, extra, divi-builder) – Authenticated Stored Cross-Site S…
2018-08-19 Supreme Directory Theme <= 1.1.8 – Unauthenticated Cross-Site Scripting (XSS)
2018-05-10 BBE Theme <= 1.52 – Direct Object Reference
2018-02-08 Swape Theme – Authentication Bypass and Stored XSS

 

Leave a Reply

Your email address will not be published. Required fields are marked *