WordPress Vulnerabilities, 2019-05-10

It is important to keep your WordPress website updated to maintain security. If you need help maintaining the security of your WordPress website, please contact us. We provide automatic backups and updates with all of our hosting packages.

Here are a list of recent vulnerabilities as reported by the WP Vulnerability Database:

Latest WordPress Vulnerabilities


2019-03-13 WordPress 3.9-5.1 – Comment Cross-Site Scripting (XSS)
2019-02-19 WordPress 3.7-5.0 (except 4.9.9) – Authenticated Code Execution
2018-12-13 WordPress <= 5.0 – Authenticated File Delete
2018-12-13 WordPress <= 5.0 – Authenticated Post Type Bypass
2018-12-13 WordPress <= 5.0 – PHP Object Injection via Meta Data
2018-12-13 WordPress <= 5.0 – Authenticated Cross-Site Scripting (XSS)
2018-12-13 WordPress <= 5.0 – Cross-Site Scripting (XSS) that could affect plugins

Latest Plugin Vulnerabilities


2019-05-08 Custom Field Suite <= 2.5.14 – Authenticated Cross-Site Scripting (XSS)
2019-05-06 W3 Total Cache < 0.9.7.3 – Cryptographic Signature Bypass
2019-05-06 W3 Total Cache <= 0.9.7.3 – Cross-Site Scripting (XSS)
2019-05-06 W3 Total Cache <= 0.9.7.3 – SSRF / RCE via phar
2019-05-04 All-in-One Event Calendar <= 2.5.38 – Cross-Site Scripting (XSS)
2019-05-01 Blog Designer <= 1.8.10 – Unauthenticated Stored Cross-Site Scripting (XSS)
2019-04-30 My Calendar <= 3.1.9 – Unauthenticated Cross-Site Scripting (XSS)

Latest Theme Vulnerabilities


2019-04-18 CarSpot Theme <= 2.1.6 – Authenticated Stored XSS
2019-02-14 Newspaper Theme <= 9.2.2 – Cross-Site Scripting (XSS)
2018-12-04 JobCareer | Job Board Responsive WordPress Theme <= 2.4 – User enumeration & …
2018-10-30 ElegantThemes (divi, extra, divi-builder) – Authenticated Stored Cross-Site S…
2018-08-19 Supreme Directory Theme <= 1.1.8 – Unauthenticated Cross-Site Scripting (XSS)
2018-05-10 BBE Theme <= 1.52 – Direct Object Reference
2018-02-08 Swape Theme – Authentication Bypass and Stored XSS

Leave a Reply

Your email address will not be published. Required fields are marked *