Vulnerabilities Digest: July 2020

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities:

Plugin
Vulnerability
Patched Version
Installs

Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000

Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000

Comments – wpDiscuz 7.0.0 –
Arbitrary File Upload
7.0.5
70000

Real Estate 7
Reflected XSS
3.0.4
8000

CarePlus
Reflected XSS

5000

WooCommerce Subscriptions
Unauthenticated Stored XSS
2.6.3
10000

Careerfy
Reflected XSS
4.4.0
2300

JobSearch
Reflected XSS
1.5.6
1300

TC Custom JavaScript
Unauthenticated Stored XSS
1.2.2
10000

Email Subscribers & Newsletters
Authenticated SQL injection
4.5.1
100000

WP-Live Chat by 3CX
Authenticated Stored XSS
8.2.0
50000

InJob
Reflected XSS
3.4.1
1880

Travel Booking
Unauthenticated SQL Injection
2.8.4
8000

Travel Booking
Unauthenticated XSS
2.8.4
8000

Monalisa
Reflected XSS
2.1.3
600

Adning Advertising
Arbitrary File Upload
1.5.6
8000

Security & Malware scan
Security Nonce Leak
2.51
5000

Testimonials Widget
Authenticated Stored XSS

30000

Highlights for July 2020:

  • Cross site scripting is still the most common vulnerability in WordPress Plugins.

Continue reading Vulnerabilities Digest: July 2020 at Sucuri Blog.

Via Sucuri.net

Tags: , , ,