wordpress vulnerabilities
- News, Security

Overview of WordPress Vulnerabilities in December 2016

In this December 2016 monthly roundup of WordPress core, plugins and themes reported vulnerabilities, very few WordPress plugins vulnerabilities were reported.

Overview of WordPress Plugins Vulnerabilities in December 2016

27 WordPress plugins vulnerabilities were discovered in December. Also in the month of December, the trend of plugins being removed from the WordPress repository still continues. It was noticed that that the number of plugins being taken offline from the WordPress repository is increasing. Plugins are taken offline when developers do not fix vulnerabilities, or the developers cannot be reached hence the vulnerabilities are not fixed. This is a good initiative since it ensures that the majority of WordPress plugins on the repository are being maintained and above all, are secure.

Below is the complete list of all the WordPress plugins a vulnerabilities reported in December 2016:

WordPress Plugins Vulnerabilities

  • CSRF security issue in Copy-Me plugin
  • SSRF vulnerability in Nelio AB Testing plugin
  • SQL Injection in Xtreme Locator Dealer Locator plugin
  • Blind Injection in ZM Gallery plugin
  • SQL Injection in WP Private Messages plugin
  • CSRF / Database Update vulnerability in ZX_CSV Upload plugin
  • SQL Injection in Single Personal Message plugin
  • SQL Injection in WP Support Plus Responsive Ticket System plugin
  • Authenticated Information Disclosure in Backup & Restore Dropbox plugin
  • Stored XSS and CSRF in Quiz and Survey Master plugin
  • Multiple SQL Injection and XSS vulnerabilities in Podlove Podcast Publisher
  • Reflected XSS vulnerability in MailChimp for WordPress plugin
  • Arbitraty File Upload vulnerability in Delete All Comments plugin
  • Reflected Cross-site Scripting in Social Pug – Easy Social Share Buttons plugin
  • CSRF vulnerability in Multisite Post Duplicator plugin
  • PHP Object Injection in BP Profile Search
  • CSRF & XSS vulnerabilities in Twitter Cards Meta plugin
  • Information Disclosure vulnerability in WooCommerce Email Test plugin
  • Arbitrary file deletion vulnerability in Image Slider plugin
  • Unauthenticated change of password critical security issue in Ultimate Member plugin
  • SQL Injection in WA Form Builder
  • SQL Injection vulnerability in Product Catalog plugin
  • Unauthenticated SQL Injection in BBS e-Franchise plugin
  • Local File Inclusion in WP Vault plugin

This vulnerabilities and security issues roundup is made possible through WP Security Bloggers.

Leave a Reply