fbpx

Vulnerabilities Digest: July 2020

Some of the links in this article are "affiliate links", a link with a special tracking code. This means if you click on an affiliate link and purchase the item, we will receive an affiliate commission.The price of the item is the same whether it is an affiliate link or not. Regardless, we only recommend products or services we believe will add value to our readers.By using the affiliate links, you are helping support our Website, and we genuinely appreciate your support.
Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities:

Plugin
Vulnerability
Patched Version
Installs

Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000

Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000

Comments – wpDiscuz 7.0.0 –
Arbitrary File Upload
7.0.5
70000

Real Estate 7
Reflected XSS
3.0.4
8000

CarePlus
Reflected XSS

5000

WooCommerce Subscriptions
Unauthenticated Stored XSS
2.6.3
10000

Careerfy
Reflected XSS
4.4.0
2300

JobSearch
Reflected XSS
1.5.6
1300

TC Custom JavaScript
Unauthenticated Stored XSS
1.2.2
10000

Email Subscribers & Newsletters
Authenticated SQL injection
4.5.1
100000

WP-Live Chat by 3CX
Authenticated Stored XSS
8.2.0
50000

InJob
Reflected XSS
3.4.1
1880

Travel Booking
Unauthenticated SQL Injection
2.8.4
8000

Travel Booking
Unauthenticated XSS
2.8.4
8000

Monalisa
Reflected XSS
2.1.3
600

Adning Advertising
Arbitrary File Upload
1.5.6
8000

Security & Malware scan
Security Nonce Leak
2.51
5000

Testimonials Widget
Authenticated Stored XSS

30000

Highlights for July 2020:

  • Cross site scripting is still the most common vulnerability in WordPress Plugins.

Continue reading Vulnerabilities Digest: July 2020 at Sucuri Blog.