Vulnerabilities Digest: July 2020
Relevant Plugins and Vulnerabilities:
Plugin
Vulnerability
Patched Version
Installs
Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000
Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000
Comments – wpDiscuz 7.0.0 –
Arbitrary File Upload
7.0.5
70000
Real Estate 7
Reflected XSS
3.0.4
8000
CarePlus
Reflected XSS
—
5000
WooCommerce Subscriptions
Unauthenticated Stored XSS
2.6.3
10000
Careerfy
Reflected XSS
4.4.0
2300
JobSearch
Reflected XSS
1.5.6
1300
TC Custom JavaScript
Unauthenticated Stored XSS
1.2.2
10000
Email Subscribers & Newsletters
Authenticated SQL injection
4.5.1
100000
WP-Live Chat by 3CX
Authenticated Stored XSS
8.2.0
50000
InJob
Reflected XSS
3.4.1
1880
Travel Booking
Unauthenticated SQL Injection
2.8.4
8000
Travel Booking
Unauthenticated XSS
2.8.4
8000
Monalisa
Reflected XSS
2.1.3
600
Adning Advertising
Arbitrary File Upload
1.5.6
8000
Security & Malware scan
Security Nonce Leak
2.51
5000
Testimonials Widget
Authenticated Stored XSS
—
30000
Highlights for July 2020:
- Cross site scripting is still the most common vulnerability in WordPress Plugins.
Continue reading Vulnerabilities Digest: July 2020 at Sucuri Blog.
