NEWS

WordPress Vulnerabilities Digest - July 2022 Part 1

Threat Alerts / July 15, 2022

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Each vulnerability will have a severity rating of low, medium, high, or critical.

Each vulnerability will have a severity rating oflow, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

WordPress Core Vulnerabilities

WordPress 6.0 Arturo was released on May 24, 2022. This major version release of WordPress was built to help you unlock your creative aspirations and make your site-building experience more intuitive, including almost 1,000 enhancements and bug fixes. See whats new in WordPress 6.0.

No new WordPress core vulnerabilities were disclosed this week.

WordPress Plugin Vulnerabilities

1. Header Footer Code Manager

PLUGIN Header Footer Code Manager INSTALLATIONS 300,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 1.1.24 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.1.24.

2. Unyson

PLUGIN Unyson INSTALLATIONS 200,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.7.27 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.7.27.

3. WordPress Popular Posts

PLUGIN WordPress Popular Posts INSTALLATIONS 200,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 6.0.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 6.0.0.

4. Custom Product Tabs for WooCommerce

PLUGIN Custom Product Tabs for WooCommerce INSTALLATIONS 100,000+ VULNERABILITY Unauthenticated Toggle Content Setting Update PATCHED IN VERSION 1.7.8 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.7.8.

5. WP All Import

PLUGIN Import any XML or CSV File to WordPress INSTALLATIONS 100,000+ VULNERABILITY Admin+ Arbitrary File Upload PATCHED IN VERSION 3.6.8 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 3.6.8.

6. Ivory Search

PLUGIN Ivory Search WordPress Search Plugin INSTALLATIONS 80,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 5.4.7 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 5.4.7.

7. NextScripts: Social Networks Auto-Poster

PLUGIN NextScripts: Social Networks Auto-Poster INSTALLATIONS 80,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 4.3.26 EVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 4.3.26.

8. Booster for WooCommerce

PLUGIN Booster for WooCommerce INSTALLATIONS 70,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 5.6.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 5.6.0.

9. WP Video Lightbox

PLUGIN WP Video Lightbox INSTALLATIONS 50,000+ VULNERABILITY Admin+ Stored Cross-Site Scripting; Reflected Cross-Site Scripting PATCHED IN VERSION 1.9.6 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 1.9.6.

10. Popup Anything

PLUGIN Popup Anything A Marketing Popup and Lead Generation Conversions INSTALLATIONS 50,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 2.1.7 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.1.7.

11. Visualizer: Tables and Charts Manager for WordPress

PLUGIN Visualizer: Tables and Charts Manager for WordPress INSTALLATIONS 40,000+ VULNERABILITY Contributor+ PHAR Deserialization PATCHED IN VERSION 3.7.10 SEVERITY SCORE High

The vulnerability has been patched, so you should update to version 3.7.10.

12. Shareaholic

PLUGIN Professional Social Sharing Buttons, Icons & Related Posts Shareaholic INSTALLATIONS 40,000+ VULNERABILITY Information Disclosure PATCHED IN VERSION 9.7.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 9.7.6.

13. Advanced WordPress Reset

PLUGIN Advanced WordPress Reset INSTALLATIONS 40,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 1.6 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.6.

14. Name Directory

PLUGIN Name Directory INSTALLATIONS 3,000+ VULNERABILITY Reflected Cross-Site Scripting; Arbitrary Directory/Name Deletion via CSRF; Stored Cross-Site Scripting via CSRF PATCHED IN VERSION 1.25.3 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.25.3.

15. Exports and Reports

PLUGIN Exports and Reports VULNERABILITY Contributor+ CSV Injection PATCHED IN VERSION 0.9.2 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 0.9.2.

WordPress Plugin Vulnerabilities No Known Fix

Until a patch is available, immediately uninstall and delete the plugin.

SP Project & Document Manager

PLUGIN SP Project & Document Manager INSTALLATIONS 3,000+ VULNERABILITY Sensitive File Disclosure PATCHED IN VERSION No Fix SEVERITY SCORE Medium

The vulnerability has not been patched. You should deactivate the plugin.

Login with phone number

PLUGIN Login with phone number INSTALLATIONS 900+ VULNERABILITY multiple Admin+ Stored XSS PATCHED IN VERSION No Fix SEVERITY SCORE Low

The vulnerability has not been patched. You should deactivate the plugin.

Request a Quote

PLUGIN Request a Quote VULNERABILITY Admin+ Stored Cross-Site Scripting; CSV Injection PATCHED IN VERSION No Fix SEVERITY SCORE Low