March 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

• LifterLMS < 3.37.15 – Arbitrary File Writing
• WordPress SEO Plugin – Rank Math < 1.0.41 – Redirect Creation via Unprotected REST API Endpoint
• WordPress SEO Plugin – Rank Math < 1.0.41 – Privilege Escalation via Unprotected REST API Endpoint
• Elementor Page Builder < 2.9.6 – Authenticated Safe Mode Privilege Escalation
• CM Pop-Up banners < 1.4.11 – Authenticated Stored XSS
• IMPress for IDX Broker < 2.6.2 – Authenticated Post Creation, Modification, and Deletion
• IMPress for IDX Broker < 2.6.2 – Authenticated Stored Cross-Site Scripting (XSS) via unprotected ‘idx_update_recaptcha_key’ AJAX
• All-in-One WP Migration < 7.15 – Arbitrary Backup Download
• Product Lister for Walmart <= 1.0.0 – Unauthenticated RCE via Outdated PHPUnit
• Multiple plugins – Unauthenticated Dompdf Local File Inclusion (LFI)
• Data Tables Generator By Supsystic < 1.9.92 – CSRF to Stored XSS, Data Table Creations, Settings Modification
• Data Tables Generator By Supsystic < 1.9.92 – Authenticated Stored XSS
• Data Tables Generator By Supsystic < 1.9.92 – Insecure Permissions on AJAX Actions
• Cookiebot < 3.6.1 – Authenticated Reflected Cross-Site Scripting (XSS)
• WPvivid Backup < 0.9.36 – Missing Authorization Leading To Database Leak
• Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 – Unprotected AJAX Endpoints
• Advanced Ads < 1.17.4 – Authenticated Reflected XSS via Admin Dashboard
• Custom Post Type UI < 1.7.4 – CSRF to Stored XSS
• Newsletter < 6.5.4 – CSV Injection
• LearnPress < 3.2.6.7 – Privilege Escalation
• WordPress File Upload < 4.13.0 – Directory Traversal to RCE
• Popup Builder < 3.64.1 – Multiple Issues
• Multiple WebToffee Plugins – Cross-Site Request Forgery (CSRF) Issue
• Import Export WordPress Users < 1.3.9 – Authenticated Arbitrary User Creation
• Search Meter <= 2.13.2 – CSV Injection
• MStore API < 2.1.6 – Unauthenticated Arbitrary Account Creation/Edition
• Font Awesome 4.0.0-RC15 & RC16 – API Token & Access Token Disclosure
• WPML < 4.3.7 – Authenticated Cross Site Request Forgery leading to Remote Code Execution
• WP Security Audit Log < 4.0.2 – Broken Access Control in First-Time Install Wizard
• Custom Searchable Data Entry System <= 1.7.1 – Unauthenticated Data Modification and Deletion (0-day, being exploited)
• RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 – Multiple Critical Issues
• WP Advanced Search < 3.3.4 – Unauthenticated Database Access and Remote Code Execution (RCE)
• WPForms < 1.5.9 – Authenticated Cross Site Scripting (XSS)
• Brizy – Page Builder < 1.0.114 – Unauthenticated Site Settings Update
• Appointment Booking Calendar < 1.3.35 – CSV Injection
• Appointment Booking Calendar < 1.3.35 – Authenticated Stored Cross-Site Scripting (XSS)
• WooCommerce Smart Coupons < 4.6.5 – Unauthenticated Coupon Creation
• Testimonial < 2.1.7 – Authenticated Stored Cross-Site Scripting (XSS)

WordPress Theme Vulnerabilities

• Fruitful < 3.8.2 – Authenticated Stored XSS & Theme Options Deletion