Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities.
Plugin
Vulnerability
Patched Version
Installs
Elementor Page Builder
Authenticated Stored XSS
2.9.10
5000000
AdRotate
Authenticated SQL Injection
5.8.4
40000
Brizy – Page Builder
Improper Access Controls
1.0.126
60000
Careerfy
Unauthenticated XSS
3.9.0
5000
SportsPress
Authenticated Stored XSS
2.7.2
20000
JobSearch
Unauthenticated XSS
1.5.1
5000
Newspaper
Unauthenticated XSS
10.3.4
6000
Multi Scheduler
Record Deletion CSRF
—
20
Highlights
- Cross-site scripting is the most common vulnerability in WordPress plugins
- None of these plugins have been identified in massive attacks
Relevant Plugins
SportsPress
Sportspress fixed an authenticated stored cross-site scripting vulnerability in version 2.7.2.
Continue reading Vulnerable Plugins: June 2020 Update at Sucuri Blog.