未加星标

December 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup

字体大小 | |
[开发(php) 所属分类 开发(php) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

In this December 2016monthly roundup of WordPress core, plugins and themes reported vulnerabilities we only have a few WordPress plugins vulnerabilities reported. This vulnerabilities and security issues roundup is made possible through WP Security Bloggers , an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Subscribe to the WP Security Bloggers newsletter to keep yourself up to date with what is happening in the world of WordPress security.

Overview of WordPress Plugins Vulnerabilities in December2016

In December 27WordPress plugin vulnerabilities were reported.We are also still noticing that the number of plugins being taken offline from the WordPress repository is increasing. Plugins are taken offline when developers do not fix the vulnerabilities, or the developers cannot be reached hence the vulnerabilities are not fixed. This is a good initiative since it ensures that the majority of WordPress plugins on the repository are being maintained and above all, are secure.

Below is the complete list of all the WordPress plugins and themes vulnerabilities reported in December 2016:

WordPress Plugins Vulnerabilities CSRF security issue in Copy-Me plugin SSRF vulnerability in Nelio AB Testing plugin SQL Injection in Xtreme Locator Dealer Locator plugin Blind Injection in ZM Gallery plugin SQL Injection in WP Private Messages plugin CSRF / Database Update vulnerability in ZX_CSV Upload plugin SQL Injection in Single Personal Message plugin SQL Injection in WP Support Plus Responsive Ticket System plugin Authenticated Information Disclosure in Backup & Restore Dropbox plugin Stored XSS and CSRF in Quiz and Survey Master plugin Multiple SQL Injection and XSS vulnerabilities in Podlove Podcast Publisher Reflected XSS vulnerability in MailChimp for WordPress plugin Arbitraty File Upload vulnerability in Delete All Comments plugin Reflected Cross-site Scripting in Social Pug Easy Social Share Buttons plugin CSRF vulnerability in Multisite Post Duplicator plugin php Object Injection in BP Profile Search CSRF & XSS vulnerabilities in Twitter Cards Meta plugin Information Disclosure vulnerability in WooCommerce Email Test plugin Arbitrary file deletion vulnerability in Image Slider plugin Unauthenticated change of password critical security issue in Ultimate Member plugin SQL Injection in WA Form Builder SQL Injection vulnerability in Product Catalog plugin Unauthenticated SQL Injection in BBS e-Franchise plugin Local File Inclusion in WP Vault plugin WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting , protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service .

本文开发(php)相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师

主题: SQLWordPHPVaultTwitter
分页:12
转载请注明
本文标题:December 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup
本站链接:http://www.codesec.net/view/520108.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(php) | 评论(0) | 阅读(17)