January 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

• Strong Testimonials < 2.40.1 – Stored Cross Site Scripting (XSS)
• GistPress < 3.0.2 – Authenticated Stored XSS
• Code Snippets < 2.14.0 – CSRF to RCE
• Elementor Page Builder < 2.8.5 – Authenticated Reflected XSS
• Elementor Page Builder < 2.7.6 – Authenticated Stored XSS
• WPS Hide Login < 1.5.5 – Secret Login Page Disclosure
• WP DS FAQ Plus < 1.4.2 – Stored Cross-Site Scripting (XSS)
• wpCentral < 1.4.8 – Privilege Escalation
• Contact Form Clean and Simple <= 4.7.0 – Authenticated Stored XSS
• Calculated Fields Form < 1.0.354 – Authenticated Stored XSS
• Chatbot with IBM Watson < 0.8.21 – DOM Cross-Site Scripting (XSS)
• AccessAlly < 3.3.2 – Arbitrary PHP Execution
• 2J SlideShow < 1.3.40 – Authenticated Arbitrary Plugin Deactivation
• Batch-Move Posts <= 1.5 – Broken Authentication leading to Unauthenticated Stored XSS
• Contextual Adminbar Color < 0.3 – Authenticated Stored Cross-Site Scripting Issue
• Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS
• WP Database Reset < 3.15 – Unauthenticated Database Reset
• WP Database Reset < 3.15 – Privilege Escalation
• Chained Quiz < 1.1.8.2 – Unauthenticated Reflected XSS
• Resim Ara <= 3.0 – Unauthenticated Reflected XSS
• LearnDash < 3.1.2 – Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.
• Flamingo < 2.1.1 – CSV Injection
• Backup and Staging by WP Time Capsule < 1.21.16 – Authentication Bypass
• InfiniteWP Client < 1.9.4.5 – Authentication Bypass
• Computer Repair Shop < 2.0 – Authenticated Stored XSS
• Ultimate Member < 2.1.3 – Insecure Direct Object Reference (IDOR)
• Video on Admin Dashboard < 1.1.4 – Authenticated Stored XSS
• WooCommerce – Store Exporter < 2.4 – CSV Injection
• Minimal Coming Soon & Maintenance Mode < 2.15 – CSRF to Stored XSS and Setting Changes
• Minimal Coming Soon & Maintenance Mode < 2.15 – Insecure Permissions: Enable and Disable Maintenance Mode
• Minimal Coming Soon & Maintenance Mode < 2.17 – Insecure permissions: Export Settings/Theme Change
• WP Simple Spreadsheet Fetcher For Google < 0.3.7 – Arbitrary API Key update via CSRF
• Ultimate FAQ < 1.8.30 – Unauthenticated Reflected XSS
• WooCommerce Conversion Tracking < 2.0.5 – CSRF to XSS
• ElegantThemes (divi, extra, divi-builder < 4.0.10) – Authenticated Code Injection
• Postie <= 1.9.40 – Post Submission Spoofing & Stored XSS
• Import Users From CSV with Meta 1.15 – Unauthorised Authenticated Users Export

WordPress Theme Vulnerabilities

• CarSpot < 2.2.1 – Multiple Vulnerabilities
• ListingPro < 2.5.4 – Unauthenticated Reflected XSS
• Real Estate 7 < 2.9.5 – Multiple Vulnerabilities
• Travel Booking < 2.7.8.6 – Reflected & Persistent XSS Issues
• Houzez < 1.8.4 – Unauthenticated Cross-Site Scripting (XSS)
• EasyBook < 1.2.2 – Multiple Vulnerabilities
• CityBook < 2.3.4 – Multiple Vulnerabilities
• TownHub < 1.0.6 – Multiple Vulnerabilities
• ElegantThemes (divi, extra, divi-builder < 4.0.10) – Authenticated Code Injection