Vulnerabilities in Nine WordPress Plugins Affecting Over 1.3 Million Websites
Vulnerabilities in Nine WordPress Plugins – The United States Government Vulnerability Database and WordPress safety researchers revealed alerts of WordPress plugin vulnerabilities. Among these plugins, 9 of the most well-liked plugins have an effect on over 1.3 million web sites.
Vulnerabilities in Nine WordPress Plugins
While there have been many extra plugins discovered susceptible, the 9 hottest plugins affected effectively over 1.3 million web sites.
Header Footer Code Manager WordPress Plugin
The Header Footer Code Manager WordPress Plugin was found by Wordfence safety researchers to have a Reflected Cross-Site Scripting vulnerability.
The vulnerability requires the hacker to trick an administrator into clicking a hyperlink or different motion to be able to make it susceptible to a full website take over.
The researchers famous that as a result of this plugin impacts a delicate space of WordPress websites in that it’s for including code to web sites, the number of malicious actions might prolong to including backdoors and attacking website guests.
Publishers are advisable by Wordfence to replace their installations to at the very least model 1.1.17.
Ad Inserter – Ad Manager & AdSense Ads (Free and Pro Versions)
The Ad Inserter – Ad Manager & AdSense Ads was reported by WPScan to even have a vulnerability that may result in a Reflected Cross-Site Scripting exploit.
Publishers are suggested to replace to at the very least model 2.7.10.
This plugin incorporates a vulnerability that might result in SQL injection exploit.
According to the National Vulnerability Database:
“The Popup Builder WordPress plugin earlier than 4.0.7 doesn’t validate and correctly escape the orderby and order parameters earlier than utilizing them in a SQL assertion within the admin dashboard, which might permit excessive privilege customers to carry out SQL injection”
Publishers are advisable to replace to at the very least model 4.0.7 of the WordPress plugin.
Anti-Malware Security and Brute-Force Firewall
This WordPress plugin additionally incorporates a Reflected Cross-Site scripting vulnerability. An attacker will need to have admin stage credentials to be able to perform the assault.
Publishers are suggested to replace to at the very least model 4.20.94.
WP Content Copy Protection & No Right Click
This WordPress plugin was found by safety researchers at Patchstack who reported the plugin to have a Cross Site Request Forgery (CSRF) vulnerability.
Publishers are suggested to replace to at the very least model 3.4.5.
Database Backup for WordPress
Security researchers at WPScan reported a SQL Injection vulnerability affecting the Database Backup for WordPress plugin that handles probably the most delicate a part of any WordPress set up, the database.
WPScan notes:
“The plugin doesn’t correctly sanitise and escape the fragment parameter earlier than utilizing it in a SQL assertion within the admin dashboard, resulting in a SQL injection problem”
Publishers are suggested by the National Vulnerability Database to replace the Database Backup for WordPress plugin to at the very least model 2.5.1.
GiveWP – Donation Plugin and Fundraising Platform
The GiveWP Donation Plugin was discovered to comprise a Reflected Cross-Site Scripting vulnerability. Publishers are suggested to replace to at the very least model 2.17.3 of the plugin.
Download Manager WordPress Plugin
This plugin incorporates a SQL Injection exploit that might result in a Reflected Cross-Site Scripting assault. Publishers are suggested to replace to at the very least model 3.2.34.
Advanced Database Cleaner WordPress Plugin
This plugin was found by safety researchers to comprise a difficulty that might result in a Reflected Cross-Site Scripting assault. Publishers are suggested to replace to at the very least model 3.0.4 of the plugin.
Multiple WordPress Plugins Vulnerable
There have been many plugins reported to have vulnerabilities. But these 9 are the most well-liked plugins.
All of the plugins have obtained a patch that closes the vulnerability however it’s as much as publishers to ensure that they’re utilizing the most recent variations to be able to maintain their web sites and website guests secure.
Citations
Ad Inserter – Ad Manager & AdSense Ads
https://nvd.nist.gov/vuln/element/CVE-2022-0288
Popup Builder WordPress Plugin
https://nvd.nist.gov/vuln/element/CVE-2022-0228
Anti-Malware Security and Brute-Force Firewall
https://nvd.nist.gov/vuln/element/CVE-2021-25101
https://wpscan.com/vulnerability/5fd0380c-0d1d-4380-96f0-a07be5a61eba
WP Content Copy Protection & No Right Click
https://nvd.nist.gov/vuln/element/CVE-2022-23983
Database Backup for WordPress
https://nvd.nist.gov/vuln/element/CVE-2022-0255
GiveWP – Donation Plugin and Fundraising Platform
https://nvd.nist.gov/vuln/element/CVE-2021-25100
https://nvd.nist.gov/vuln/element/CVE-2021-25099
Download Manager
https://nvd.nist.gov/vuln/element/CVE-2021-25069
https://wpscan.com/vulnerability/4ff5e638-1b89-41df-b65a-f821de8934e8
Advanced Database Cleaner WordPress Plugin
https://nvd.nist.gov/vuln/element/CVE-2021-24921
That’s all from Vulnerabilities in Nine WordPress Plugins Affecting Over 1.3 Million Websites.
Related posts:
How to Fix the 500 Internal Server Error on Your WordPress Website
How to Make Your WordPress Site Load Faster in 2023
How to solve the 500 internal server error in WordPress?
7 Common WordPress Mistakes You Need to Avoid
How to Become Proficient in WordPress: A Comprehensive Guide
What Are The Best Free WordPress Themes?
Common WordPress Mistakes and How to Avoid Them
The Pros and Cons of Using WordPress for Your Business Website
Why WordPress Is the Perfect Choice for E-Commerce Websites
How to fix WordPress posts returning 404 error
10 Effective Ways to Speed Up Your WordPress Site
Awesome Shortcodes For Your WordPress Blog: A Comprehensive Guide
How To Reduce Your TTFB and Boost WordPress Page Speed
How to Fix Unable to Upload Images in WordPress?
The Top WordPress Plugins Every Website Needs in 2023
How To Migrate A WordPress Website From One Host To Another
How to fix the Error Establishing a Database Connection in WordPress?
How to Secure Your WordPress Website from Hackers
What is the fastest CMS for SEO?
How to Fix the 502 Bad Gateway Error in WordPress?
What is the difference between WordPress.com and WordPress.org?
7 Signs Your WordPress Site Has Been Hacked
15 Most Important Things You Need to Do After Installing WordPress
What is the Best SEO-Friendly CMS?
How to Add Custom JS to WordPress: A Beginner's Guide
How to Solve the Connection Timed Out Error in WordPress
How to Fix the Internal Server Error 500 in WordPress
Does CMS matter for SEO?
Why WordPress Is the Best CMS for SEO
How to Fix the Parse Error, Syntax Error, Unexpected in WordPress
10 Reasons Why WordPress is the Ultimate Website Platform
How to Start a Blog on WordPress
WordPress Errors and Their Solutions: Troubleshooting Your Website
How to Fix the WordPress Critical Error in Website
How to fix image upload issue in WordPress
How to Increase the PHP Memory Limit in WordPress
The Ultimate Guide to Troubleshooting WordPress Errors: Tips and Tricks!
10 Reasons Why Joomla Is The Best Content Management System You're Not Using
How to Create a WordPress Website in 5 Easy Steps
WordPress vs. Squarespace: Which is Better for Your Website?
WordPress Tips | 15 Tips and Tricks for Beginners
How to fix the White Screen of Death (WSoD) in WordPress
Best CMS for SEO: The Ultimate Guide