NEWS
WordPress Vulnerabilities Digest - June 2021 Part 5
Each vulnerability will have a severity rating ofLow,Medium,High, orCritical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.
WordPress Core Vulnerabilities
No new WordPress core vulnerabilities have been disclosed this month.
WordPress Plugin Vulnerabilities
1. Browser Screenshots
Plugin: Browser Screenshots Vulnerability: Stored Cross-Site Scripting Patched in Version: 1.7.6 Severity: Medium
The vulnerability is patched, so you should update to version 1.7.6+.
2. Sign-up Sheets
Plugin: Sign-up Sheets Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 1.0.14 Severity Score: Medium
Plugin: Sign-up Sheets Vulnerability: Authenticated CSV Injection Patched in Version: 1.0.14 Severity Score: Medium
The vulnerabilities have been patched, so you should update to version 1.0.14+.
3. Prismatic
Plugin: Prismatic Vulnerability: Reflected Cross-Site Scripting Patched in Version: 2.8 Severity Score: High
Plugin: Prismatic Vulnerability: Stored Cross-Site Scripting Patched in Version: 2.8 Severity Score: Medium
The vulnerabilities have been patched, so you should update to version 2.8+.
4. Glass
Plugin: Glass Vulnerability: CSRF to Stored Cross-Site Scripting Patched in Version: No known fix Severity Score: High
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
5. Simple Sort&Search
Plugin: Simple Sort&Search Vulnerability: Stored Cross-Site Scripting Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
6. Salon Booking System
Plugin: Salon Booking System Vulnerability: Unauthenticated Stored Cross-Site Scripting Patched in Version: 6.3.1 Severity Score: Critical
The vulnerability is patched, so you should update to version 6.3.1+.
7. Qtranslate Slug
Plugin: Qtranslate Slug Vulnerability: CSRF Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
8. Multivendor Marketplace Solution for WooCommerce
Plugin: Multivendor Marketplace Solution for WooCommerce Vulnerability: CSRF Patched in Version: 3.7.4 Severity Score: Medium
The vulnerability is patched, so you should update to version 3.7.4+.
9. Custom css-js-php
Plugin: Custom css-js-php Vulnerability: CSRF Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
10. Absolute Reviews
Plugin: Absolute Reviews Vulnerability: CSRF Patched in Version: 1.0.9 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.0.9+.
11. Advanced Popups
Plugin: Advanced Popups Vulnerability: CSRF Patched in Version: 1.1.2 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.1.2+.
12. Remove Schema
Plugin: Remove Schema Vulnerability: CSRF Patched in Version: 1.6 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.6+.
13. Multiple Roles
Plugin: Multiple Roles Vulnerability: CSRF Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
14. Sunshine Photo Cart
Plugin: Sunshine Photo Cart Vulnerability: CSRF Patched in Version: 2.8.29 Severity Score: Medium
The vulnerability is patched, so you should update to version 2.8.29+.
15. Ultimate Gift Cards
Plugin: Ultimate Gift Cards Vulnerability: CSRF Patched in Version: 2.1.2 Severity Score: Medium
The vulnerability is patched, so you should update to version 2.1.2+.
16. wp-mpdf
Plugin: wp-mpdf Vulnerability: CSRF Patched in Version: 3.5.2 Severity Score: Medium
The vulnerability is patched, so you should update to version 3.5.2+.
17. Export Users With Meta
Plugin: Export Users With Meta Vulnerability: Authenticated SQL Injection Patched in Version: 0.6.5 Severity Score: Medium
The vulnerability is patched, so you should update to version 0.6.5+.
18. YOP Poll
Plugin: YOP Poll Vulnerability: 6.2.8 Patched in Version: Unauthenticated Stored Cross-Site Scripting Severity Score: Medium
The vulnerability is patched, so you should update to version 6.2.8+.
19. Fudousan
Plugin: Fudousan Vulnerability: Authenticated Cross-Site Scripting Patched in Version: 5.7.2 Severity Score: Medium
The vulnerability is patched, so you should update to version 5.7.2+.
20. Poll, Survey, Questionnaire and Voting system
Plugin: Poll, Survey, Questionnaire and Voting system Vulnerability: Unauthenticated Blind SQL Injection Patched in Version: 1.5.3 Severity Score: Critical
The vulnerability is patched, so you should update to version 1.5.3+.
21. CiviCRM
Plugin: CiviCRM Vulnerability: CSRF to Stored Cross-Site Scripting Patched in Version: 5.28.1 Severity Score: Medium
The vulnerability is patched, so you should update to version 5.28.1+.
22. WP Image Zoom
Plugin: WP Image Zoom Vulnerability: Local File Inclusion Patched in Version: 1.47 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.47+
23. ZoomSounds
Plugin: ZoomSounds Vulnerability: Unauthenticated Arbitrary File Upload Patched in Version: 6.05 Severity Score: Critical
The vulnerability is patched, so you should update to version 6.05+.
24. Include Me
Plugin: Include Me Vulnerability: Authenticated Remote Code Execution Patched in Version: No known fix Severity Score: High
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
WordPress Themes Vulnerabilities
No new WordPress theme vulnerabilities to report.
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
The information for this blog post was taken from iThemes Vulnerability Roundup
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!