This article was originally published on this site

Finding security vulnerabilities in WordPress and other CMS’s is an important part of securing our client’s sites. That is why WebARX is analyzing WordPress plugins and newly disclosed vulnerabilities to make sure WebARX users are safe.

WordPress vulnerability news is a weekly digest of vulnerability discloses that have been published. If you want to get weekly updates by email sign up here.

WebARX web application firewall gets virtual patches that are distributed automatically among the sites when vulnerabilities are discovered. Threat intelligence and prevention is our main focus and thus our firewall engine is updated on a daily basis.

Is your WordPress site secured? Take a look at how to secure your site here.

If you are a WordPress plugin developer read how to secure plugins from an attackers perspective.

Stored Cross-Site Scripting (XSS) in Rich Reviews Plugin

wordpress vulnerability

Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads.

Description: XSS Via Unauthenticated Plugin Options Update
Affected Plugin: Rich Reviews
Affected Versions: <= 1.7.4
CVSS Score: 8.3 (High)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

This plugin has been closed as of March 11, 2019, and is not available for download.
Reason: Security Issue.

It is strongly advised to remove the Rich Reviews plugin from websites for now.

Read more about the WordPress vulnerability Wordfence blog.

Multiple Issues in Motors Car Dealer & Classified Ads Plugin

wordpress vulnerability

The WordPress Motors Car Dealer & Classified Ads plugin, which has 10,000+ active installations, was prone to multiple vulnerabilities in version 1.4.0 and below.

Vulnerability description:
– Unauthenticated plugin’s settings import/export (leading to stored XSS)
– Authenticated settings import
– Unsanitized inputs
– Authenticated options change
Affected Versions: <= 1.4.1

Update as soon as possible if you have version 1.4.0 or below installed.

Read more about the WordPress vulnerability Nintechnet blog.

Unauthenticated Options Import Vulnerability in WordPress Ultimate FAQ Plugin

wordpress vulnerability

The WordPress Ultimate FAQ plugin, which has 30,000+ active installations, was prone to an unauthenticated options import vulnerability in version 1.8.24 and below that could lead to content injection.

A new version 1.8.25 was released on September 18, 2019.

Update as soon as possible if you have version 1.8.24 or below installed.

Read more about the WordPress vulnerability Nintechnet blog.

Cross-Site Scripting in WordPress Plugin Sell Downloads

wordpress vulnerability

The WordPress Sell Downloads plugin, which has 500+ active installations, was prone to a cross-site scripting vulnerability in version 1.0.86.

Researcher: Mr Winst0n
Discovery date: September 09, 2019
Tested version: 1.0.86
Tested on: WordPress 5.1.1
Available version: 1.0.89

Read more about the WordPress vulnerability cxsecurity.com.

Unauthenticated Options Update in Delucks SEO Plugin

wordpress vulnerability

The WordPress DELUCKS SEO plugin version 2.1.7 and below is prone to a vulnerability that is actively exploited by hackers.

The vulnerability allows an unauthenticated user to inject JS code in the plugin settings, which will be reflected on all pages. The vulnerability affects plugins to version 2.1.7 and below.

On the 26th of September, the author has released a new version available on their website.

Read more about the WordPress vulnerability Nintechnet blog.

Authentication Bypass Vulnerability in GiveWP Plugin

wordpress vulnerability

WordPress plugin GiveWP that is installed on over 70,000 websites allows in version 2.5.4 unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII). These can be names, addresses, IP addresses, and email addresses which should not be publicly accessible. 

Description: Authentication Bypass with Information Disclosure
CVSS v3.0 Score: 7.5 (High)
CVSS Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Plugin: GiveWP
Plugin Slug: give
Affected Versions: <= 2.5.4
Patched Version: 2.5.5

This is considered a high security issue, and websites running Give 2.5.4 or below should be updated to version 2.5.5 or later right away.

Read more about the WordPress vulnerability in WordFence blog.

Other Related News

Critical 0-Day RCE Exploit in vBulletin

wordpress vulnerabilityPicture from thehackernews.com

An anonymous hacker publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software.

One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn’t require authentication.

Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums.

Read more from thehackernews.com.

WordPress sites are being hacked and infected every day. Some statistics say that about 30,000 websites are infected with some type of malware daily. Every public website is a resource available on the internet and therefore it’s a target. It’s important to understand that as soon as your website is available to the public, it immediately becomes a target. 

It can take just days from a disclosed plugin vulnerability to a full-scale attack campaign. Attacks in this nature are almost always automated. To be able to fight back, you have a small time window to take action. In such cases, web application firewalls have critical importance.

Protect your websites from plugin vulnerabilities

Get started

website firewall webarx website security

WordPress security