In a never-ending quest to get webmasters to think about WordPress security, here is the latest update from the U.S. Dept. of Homeland Security’s National Cyber Awareness System. There were five new vulnerabilities discovered in four plugins in the WordPress ecosystem over the past couple of weeks. They are all cross-site scripting (XSS) WordPress vulnerabilities. The two vulnerabilities found in the UltimateMember 2.0 plugin include failing to sanitize both file uploads and image uploads. The severities of these issues have not yet been calculated as of this writing.
Bottom line: If you are using any of these plugins, please make sure they are updated.
Vulnerable WordPress Plugins:
- Ninja Forms 1M Installs (prior to 3.2.14)
- Photo Gallery 300K Installs (prior to 1.2.13)
- UltimateMember 2.0 90K Installs
- Bookly Lite 10K Installs (prior to 14.5)
Links to Patches for WordPress Vulnerabilities:
SB18-057: Vulnerability Summary for the Week of February 19, 2018
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| wordpress — wordpress | Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. | 2018-02-19 | not yet calculated | CVE-2015-2324 MISC CONFIRM |
| wordpress — wordpress | core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 2018-02-16 | not yet calculated | CVE-2018-6944 MISC |
| wordpress — wordpress | The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | 2018-02-21 | not yet calculated | CVE-2018-7280 CONFIRM |
| wordpress — wordpress | core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | 2018-02-16 | not yet calculated | CVE-2018-6943 MISC |
| wordpress — wordpress | Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | 2018-02-11 | not yet calculated | CVE-2018-6891 MISC MISC |
For More Information:
A History of WordPress Security Exploits and What They Mean – WPMU DEV
