It's WebARX Birthday Month

We challenge you to a game to win 1 YEAR FREE subscription.

Wordpress security

WordPress Vulnerability News, December 2019


Updated: January 7, 2020 by Agnes Talalaev

WordPress vulnerability news is a weekly digest of highlighted WordPress plugin security vulnerabilities or vulnerability discloses that have been published (there are other, less critical vulnerabilities on smaller plugins that unfortunately don’t make it to the list). 

Keeping up to date with security vulnerabilities in WordPress and other CMS’s is an important part of security. That is why we are analyzing WordPress plugins and newly disclosed vulnerabilities to make sure the sites using the mentioned plugins or themes are protected.

All the vulnerabilities you find from this article have received a virtual patch to the WebARX firewall. It means that if you use the WebARX web application firewall, your site is safe from these vulnerabilities, but it’s always strongly advised to update or delete vulnerable plugins from your site.

Is your WordPress site secured? Take a look at how to secure your site here.

If you are a WordPress plugin developer read how to secure plugins from an attackers’ perspective.

Stored Cross-Site Scripting via Shortcode in Donorbox Plugin

A powerful and secure donation management plugin, from initial setup to end-year reporting. Donorbox offers a fast feature-filled solution so anyone can raise funds.

Vulnerability: Stored cross-site scripting via shortcode
Vulnerable version: 7.1
Number of sites affected: 5 000+

In the Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in version 7.1 and fixed in version 7.1.2.

Read more about the WordPress plugin vulnerabilities here.

Authenticated Arbitrary Plugin Deactivation in Photo Gallery – Image Gallery by Ape Plugin

Photo Gallery – Image Gallery by Ape is a gallery plugin for WordPress with features like a responsive gallery on the front end, navigation menu, zoom and link buttons and more.

Vulnerability: Authenticated arbitrary plugin deactivation
Vulnerable version: 2.0.6 and below
Number of sites affected: 6 000+

The WordPress Ape Gallery plugin (6,000+ active installations) fixed a vulnerability in version 2.0.6 and below that could allow an authenticated user to deactivate any plugins on the blog.

Read more about the WordPress plugin vulnerabilities here.

Authenticated Settings Reset in GDPR Cookie Compliance Plugin

GDPR Cookie Compliance can assist you with GDPR, PIPEDA, CCPA, LGPD, AAP, cookie law and consent notice requirements on your website.

Vulnerability: Authenticated settings reset
Vulnerable version: 4.0.2 and below
Number of sites affected: 90 000+

The WordPress GDPR Cookie Compliance plugin (90,000+ active installations), fixed a vulnerability in version 4.0.2 and below that could allow an authenticated user to delete its settings.

Read more about the WordPress plugin vulnerabilities here.

CSRF to Stored XSS in bbPress Login Register Links On Forum Topic Pages Plugin

bbPress Login Register Links On Forum Topic Pages is a plugin with features like forum login/register links, login/logout auto redirect based on user roles, forums protection against brute force attacks and bots from proxy and more.

Vulnerability: CSRF to stored XSS
Vulnerable version: 2.7.5 and below
Number of sites affected: 1 000+

The PoC will be displayed on January 08, 2020, to give users the time to update.

Read more about the WordPress plugin vulnerabilities here.

CSRF on Optional Settings page in bbPress Members Only Plugin

bbPress Members Only Plugin helps you to make your bbPress site only viewable to logged-in member users.

Vulnerability: CSRF on optional settings page
Vulnerable version: 1.2.1 and below
Number of sites affected: 200+

The PoC will be displayed on January 09, 2020, to give users the time to update.

Read more about the WordPress plugin vulnerabilities here.

Missing Access Controls on REST routes in Featured Image from URL Plugin

Featured Image from URL plugin allows you to use an external image as Featured Image of your post, page and Custom Post Type, such as WooCommerce Product and more.

Vulnerability: Missing Access Controls on REST routes
Vulnerable version: 2.7.7 and below
Number of sites affected: 70 000+

The PoC will be displayed on January 07, 2020, to give users the time to update.

Read more about the WordPress plugin vulnerabilities here.

Multiple CSRF in Rencontre Plugin

This WordPress plugin allows you to create a professional dating website with WordPress. It is simple to install and administer with numerous possibilities.

Vulnerability: Multiple CSRF
Vulnerable version: 3.2.2 and below
Number of sites affected: 600+

The plugin is affected by multiple CSRF issues, allowing arbitrary changes in the plugin’s settings. The PoC will be displayed on January 05, 2020, to give users the time to update.

Read more about the WordPress plugin vulnerabilities here.

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager Plugin

301 Redirects helps you manage and create 301 & 302 redirects for your WordPress site to improve SEO and visitor experience.

Vulnerability: Authenticated arbitrary redirect injection and modification, XSS, and CSRF
Vulnerable version: 2.40 and below
Number of sites affected: 70 000+

The weaknesses allow for any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability, in addition to XSS and CSRF.

The PoC will be displayed on January 02, 2020, to give users the time to update.

Read more about the WordPress plugin vulnerability here and here.

Authenticated Reflected XSS in CSS Hero Plugin

Screenshot from www.csshero.org

CSS Hero is the definitive WordPress plugin to easily customize the look of your site, with an easy and intuitive point and click interface.

Vulnerability: Authenticated Reflected XSS
Vulnerable version: 4.03 and below
Number of sites affected: N/A

CSS Hero is vulnerable to a reflected XSS attack (authenticated).

Read more about the WordPress plugin vulnerabilities here.

WordPress 5.3 – Cross-Site Scripting

5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site.

Vulnerability: Cross-site scripting (XSS)
Vulnerable version: 5.3 and earlier
The number of sites affected: N/A

This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes.

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.

  • Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
  • Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Read more here.

Stored Cross-Site Scripting (XSS) in Scoutnet Kalender Plugin

“Scoutnet Kalender” is a plug-in for WordPress to display one oder manyScoutnet calendars as a widget, on a page or an article.

Vulnerability type: Cross-Site Scripting (XSS)
Vulnerable version: 1.1.0
Number of sites affected: 300+

The plugin does not sanitize the ‘Info’ field from embedded calendars (which are retrieved from Scoutnet and are not necessarily owned/managed by the administrator of the blog).

Read more about the WordPress plugin vulnerabilities here.

Authentication Bypass in Ultimate Addons for Elementor Plugin

plugin vulnerabilities

A library of unique Elementor Widgets to add more functionality and flexibility to your favorite page builder.

Vulnerability type: Authentication bypass
Vulnerable version: 1.20.0 and below
Number of sites affected: N/A

The vulnerability is fixed in version 1.24.1.

Read more about the WordPress plugin vulnerabilities here.

Authentication Bypass in Ultimate Addons for Beaver Builder Plugin

plugin vulnerabilities

Transform your productivity with custom Beaver Builder modules and templates.

Vulnerability type: Authentication bypass
Vulnerable version: 1.24.0 and below
Number of sites affected: N/A

The vulnerability is fixed in version 1.24.1.

Read more about the WordPress plugin vulnerabilities here.

Authenticated Reflected XSS in Quiz And Survey Master Plugin

plugin vulnerabilities

You can easily create surveys for your users. Everything from customer satisfaction surveys to employee surveys.

Vulnerability type: Authenticated Reflected XSS
Vulnerable version: 6.3.5 and below
Number of sites affected: 20 000+

Read more about the WordPress plugin vulnerabilities here.

Get 20% off from any WebARX plan with the code:
20offxmas

GET 20% OFF

Conclusion

WordPress sites are being hacked and infected every day. Some statistics say that about 30,000 websites are infected with some type of malware daily. Every public website is a resource available on the internet and therefore it’s a target. It’s important to understand that as soon as your website is available to the public, it immediately becomes a target. 

It can take just days from a disclosed plugin vulnerability to a full-scale attack campaign. Attacks in this nature are almost always automated. To be able to fight back, you have a small time window to take action. In such cases, web application firewalls have critical importance.

Always keep your plugins updated. If possible, enable automatic updates. If you are using any of the mentioned plugins, you need to update it with the latest version as soon as possible to make sure WordPress plugin security vulnerabilities won’t affect your sites.

WebARX web application firewall gets virtual patches that are distributed automatically among the sites when vulnerabilities are discovered. Threat intelligence and prevention are our main focus and thus our firewall engine is updated on a daily basis.

Websites with WebARX firewall installed are protected from the security issues mentioned in this article. If you are not protecting your WordPress site against plugin vulnerabilities yet go and start for free here.

Wordpress security

Start your free 7-day trial now

Protect your websites from malicious traffic - set-up in under 3 minutes.

Try it now

WebARX is compatible with the following platforms:

PHP
WordPress
Magento
Drupal
Joomla