In a never-ending quest to get webmasters to think about WordPress security, here is the latest update from the U.S. Dept. of Homeland Security’s National Cyber Awareness System. There were five new vulnerabilities discovered in four plugins in the WordPress ecosystem over the past couple of weeks. They are all cross-site scripting (XSS) WordPress vulnerabilities. The two vulnerabilities found in the UltimateMember 2.0 plugin include failing to sanitize both file uploads and image uploads. The severities of these issues have not yet been calculated as of this writing.
Bottom line: If you are using any of these plugins, please make sure they are updated.
Vulnerable WordPress Plugins:
- Ninja Forms 1M Installs (prior to 3.2.14)
- Photo Gallery 300K Installs (prior to 1.2.13)
- UltimateMember 2.0 90K Installs
- Bookly Lite 10K Installs (prior to 14.5)
Links to Patches for WordPress Vulnerabilities:
Vendor — Product
|Description||Published||CVSS Score||Source & Patch Info|
|wordpress — wordpress||Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.||2018-02-19||not yet calculated||CVE-2015-2324|
|wordpress — wordpress||core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.||2018-02-16||not yet calculated||CVE-2018-6944|
|wordpress — wordpress||The Ninja Forms plugin before 3.2.14 for WordPress has XSS.||2018-02-21||not yet calculated||CVE-2018-7280|
|wordpress — wordpress||core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.||2018-02-16||not yet calculated||CVE-2018-6943|
|wordpress — wordpress||Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.||2018-02-11||not yet calculated||CVE-2018-6891|