April 2020 Monthly Vulnerability Roundup

WordPress Core Vulnerabilities

• WordPress < 5.4.1 – Stored Cross-Site Scripting (XSS) in Customizer
• WordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in File Uploads
• WordPress < 5.4.1 – Cross-Site Scripting (XSS) in wp-object-cache
• WordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in Search Block
• WordPress < 5.4.1 – Authenticated Cross-Site Scripting (XSS) in Customizer
• WordPress < 5.4.1 – Unauthenticated Users View Private Posts
• WordPress < 5.4.1 – Password Reset Tokens Failed to Be Properly Invalidated

WordPress Plugin Vulnerabilities

• Learnpress < 3.2.6.8 – Authenticated Time Based Blind SQL Injection
• Ninja Forms < 3.4.24.2 – CSRF to XSS
• WP-Advanced-Search < 3.3.7 – Authenticated SQL Injection
• Quick Page/Post redirect <= 5.1.9 – Authenticated Settings Update
• Gmedia Photo Gallery < 1.18.5 – Multiple Cross-Site Scripting (XSS)
• LearnPress < 3.2.6.9 – Privilege Escalation to “LP Instructor”
• LearnPress < 3.2.6.9 – Authenticated Post Creation and Status Modification
• Real-Time Find and Replace < 4.0.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting
• Simple File List < 4.2.3 – Unauthenticated Arbitrary File Upload RCE
• Duplicate Page and Post < 2.5.7 & WP Post Page Clone – SQL Injections due to Duplicated Snippets
• YOP Poll < 6.1.5 – Authenticated Stored XSS
• MapPress Maps Pro < 2.53.9 – Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
• MapPress Maps < 2.53.9 – Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS)
• WP GDPR <= 2.1.1 – Multiple Unauthenticated Issues
• Advanced Woo Search < 2.00 – SQL query leak in ajax search
• Catch Breadcrumb < 1.5.7 – Unauthenticated Reflected XSS
• M-Shield & kingof – Fake Malware Backdoor Plugins
• GTranslate < 2.8.52 – Reflected Cross Site Scripting (XSS)
• Media Library Assistant < 2.82 – Authenticated RCE
• Widget Settings Importer/Exporter <= 1.5.3 – Authenticated Stored XSS
• Accordion < 2.2.9 – Unprotected AJAX Action to Stored/Reflected XSS
• Responsive Poll < 1.3.4 – Broken Authentication and Missing Capability Checks on AJAX calls
• Media Library Assistant < 2.82 – Unauthenticated Limited Local File Inclusion
• Media Library Assistant < 2.82 – Authenticated Stored Cross-Site Scripting (XSS)
• Support Ticket System By Phoeniixx <= 2.7 – Unauthenticated Reflected XSS
• Tickera WordPress Event Ticketing < 3.4.6.9 – Unauthenticated Sensitive Data Exposure
• BigBlueButton < 2.2.4 – Reflected Cross-Site Scripting (XSS)
• Klarna Checkout for WooCommerce < 2.0.10 – Authenticated Arbitrary Plugin Deactivation, Activation and Installation
• Gutenberg Blocks – Ultimate Addons for Gutenberg < 1.14.8 – Authenticated Settings Change
• WP Lead Plus X <= 0.99 – Multiple Cross-Site Request Forgery (CSRF)
• WP Lead Plus X < 0.99 – Unauthenticated Stored Cross-Site Scripting (XSS)
• WP Lead Plus X < 0.99 – Authenticated Stored Cross-Site Scripting (XSS)
• Car Rental System <= 1.3 – Unauthenticated Stored Cross-Site Scripting (XSS)
• Online Hotel Booking System Pro <= 1.1 – Unauthenticated Stored Cross-Site Scripting (XSS)
• WP Last Modified Info < 1.6.6 – Authenticated Stored XSS
• Contact Form 7 Datepicker <= 2.6.0 – Authenticated Stored Cross-Site Scripting (XSS)
• Art-Picture-Gallery <= 1.2.9 – Unauthenticated Arbitrary File Upload
• WP Advanced Search < 3.3.6 – Unauthenticated SQL Injection
• LearnDash < 3.1.6 – Unauthenticated SQL Injection
• Login by Auth0 < 4.0.0 – Multiple Vulnerabilities

WordPress Theme Vulnerabilities

• OneTone <= 3.0.6 – Unauthenticated Stored Cross-Site Scripting (XSS)