💥 Actualizaciones de seguridad en servidores Linux que requieren actualizar y reiniciar
ℹ️ https://www.linux.org/forums/linux-security-announcements-automated.14/
ℹ️ https://www.linux.org/forums/linux-security-announcements-automated.14/
💥 Duplicator < 1.3.28 - Unauthenticated Arbitrary File Download
✅ 1.3.28
🔗 https://wordpress.org/plugins/duplicator/
ℹ️ https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/
✅ 1.3.28
🔗 https://wordpress.org/plugins/duplicator/
ℹ️ https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/
WordPress.org
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More
The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.
💥 Chained Quiz < 1.1.9.1 - Authenticated Stored XSS
✅ 1.1.9.1
🔗 https://wordpress.org/plugins/chained-quiz/
ℹ️ https://plugins.trac.wordpress.org/changeset/2248087
✅ 1.1.9.1
🔗 https://wordpress.org/plugins/chained-quiz/
ℹ️ https://plugins.trac.wordpress.org/changeset/2248087
WordPress.org
Chained Quiz
Create a quiz where the next question depends on the answer to the previous question. Final quiz results depend on the amount of collected points.
💥 Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id
💥 Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS) Issues
✅ 4.6.0.3
🔗 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/
ℹ️ https://spider-security.co.uk/blog-cve-2020-8436
💥 Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS) Issues
✅ 4.6.0.3
🔗 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/
ℹ️ https://spider-security.co.uk/blog-cve-2020-8436
WordPress.org
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Create customized user registration forms, accept payments, track submissions, manage users, analyze stats, assign user roles and more!
💥 Fruitful Theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
🔗 https://wordpress.org/themes/fruitful/
ℹ️ https://github.com/Fruitfulcode/Fruitful/issues/58
🔗 https://wordpress.org/themes/fruitful/
ℹ️ https://github.com/Fruitfulcode/Fruitful/issues/58
💥 Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
💥 Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
✅ 8.7
🔗 https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253
💥 Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
✅ 8.7
🔗 https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253
CodeCanyon
UltimateMembershipPro - WordPress Membership Plugin – Restrict Content & Recurring Subscriptions
The Most Complete WordPress Membership Plugin
For nine years running, Ultimate Membership Pro has been voted the finest WordPress Membership Plugin. It enables you to build and manage multi-level ...
For nine years running, Ultimate Membership Pro has been voted the finest WordPress Membership Plugin. It enables you to build and manage multi-level ...
💥 Envira Photo Gallery < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS) Issue
✅ 1.7.7
🔗 https://wordpress.org/plugins/envira-gallery-lite/
ℹ️ https://fortiguard.com/zeroday/FG-VD-20-042
✅ 1.7.7
🔗 https://wordpress.org/plugins/envira-gallery-lite/
ℹ️ https://fortiguard.com/zeroday/FG-VD-20-042
WordPress.org
Gallery Plugin for WordPress – Envira Photo Gallery
Envira Gallery is the fastest, easiest, and most powerful WordPress image gallery. Lightbox with Drag & Drop builder that helps you create beautif …
💥 Pricing Table by Supsystic < 1.8.2 - Unauthenticated Stored XSS
✅ 1.8.2
🔗 https://wordpress.org/plugins/pricing-table-by-supsystic/
ℹ️ https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
✅ 1.8.2
🔗 https://wordpress.org/plugins/pricing-table-by-supsystic/
ℹ️ https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
WordPress.org
Pricing Table by Supsystic
Pricing Table generator by Supsystic allows you to create responsive pricing tables or comparison table without any programming skills
💥 Flexible Checkout Fields for WooCommerce < 2.3.2 - Unauthenticated Settings Update
✅ 2.3.2
🔗 https://wordpress.org/plugins/flexible-checkout-fields/
ℹ️ https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin/
✅ 2.3.2
🔗 https://wordpress.org/plugins/flexible-checkout-fields/
ℹ️ https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin/
WordPress.org
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager
The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.
💥 Export Users to CSV <= 1.4.2 - CSV Injection
🔗 https://wordpress.org/plugins/export-users/
ℹ️ https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/
🔗 https://wordpress.org/plugins/export-users/
ℹ️ https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/
WordPress.org
Export Users to CSV
Export Users to CSV Plugin allows you to export users list and their metadata in CSV file.
💥 Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
✅ 2.2.3
🔗 https://heroplugins.com/changelogs/hmaps/changelog.txt
ℹ️ https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
✅ 2.2.3
🔗 https://heroplugins.com/changelogs/hmaps/changelog.txt
ℹ️ https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
💥 CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing
✅ 3.1.16
🔗 https://wordpress.org/plugins/cardgate/
ℹ️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8819
✅ 3.1.16
🔗 https://wordpress.org/plugins/cardgate/
ℹ️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8819
WordPress.org
CardGate Payments for WooCommerce
CardGate Payment methods for WooCommerce
💥 Async Javascript < 2.20.02.27 - Subscriber+ Stored XSS via Plugin Settings Change
✅ 2.20.02.27
🔗 https://wordpress.org/plugins/async-javascript/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
✅ 2.20.02.27
🔗 https://wordpress.org/plugins/async-javascript/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
WordPress.org
Async JavaScript
Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres …
💥 Modern Events Calendar Lite <= 5.1.6 - Multiple Subscriber+ Stored XSS Vulnerabilities
🔗 https://wordpress.org/plugins/modern-events-calendar-lite/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
🔗 https://wordpress.org/plugins/modern-events-calendar-lite/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
WordPress.org
Modern Events Calendar Lite
WordPress event calendar plugin is the best tool used for managing events websites. Modern Events Calendar is a comprehensive events management plugin
💥 10Web Map Builder for Google Maps <= 1.0.63 - Unauthenticated Stored XSS via Plugin Settings Change
🔗 https://wordpress.org/plugins/wd-google-maps/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
🔗 https://wordpress.org/plugins/wd-google-maps/
ℹ️ https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
WordPress.org
10Web Map Builder for Google Maps
10Web Maps Builder for Google Maps is an intuitive tool for creating Google maps with advanced markers, custom layers and overlays for your website.
💥 Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV
✅ 2.2.6
🔗 https://codecanyon.net/item/booked-appointments-appointment-booking-for-wordpress/9466968
ℹ️ http://boxyupdates.com/changelog.php?p=booked
✅ 2.2.6
🔗 https://codecanyon.net/item/booked-appointments-appointment-booking-for-wordpress/9466968
ℹ️ http://boxyupdates.com/changelog.php?p=booked
💥 Testimonial < 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS)
✅ 2.1.7
🔗 https://wordpress.org/plugins/testimonial-free/
ℹ️ https://fortiguard.com/zeroday/FG-VD-20-030
✅ 2.1.7
🔗 https://wordpress.org/plugins/testimonial-free/
ℹ️ https://fortiguard.com/zeroday/FG-VD-20-030
WordPress.org
Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form |…
Best Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Review Form, Testimonial Slider, Grid & More to Grow Sales
💥 WooCommerce Smart Coupons < 4.6.5 - Unauthenticated Coupon Creation
✅ 4.6.5
🔗 https://woocommerce.com/products/smart-coupons/
ℹ️ https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/
✅ 4.6.5
🔗 https://woocommerce.com/products/smart-coupons/
ℹ️ https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/
WooCommerce
Smart Coupons
Advanced Smart Coupons for WooCommerce plugin. Gift cards, discount rules, store credits, BOGO, coupon code generator, URL coupons…everything to grow sales.