Bayonne, France, January 12th 2021, WordPress security company, WPScan, has announced that it has been named a Common Vulnerability and Exposures Numbering Authority authorized by the CVE Program to assign CVE IDs to vulnerabilities in Wordpress.

With 75 million users, WordPress is the most popular content management platform in the world and powers 39.6% of all websites, including the New York Times, Forbes, The White House and CNN. WordPress online retail platform, WooCommerce, is used by 27% of the ecommerce market.

Because it is the most popular CMS platform, WordPress also attracts the attention of cyber criminals. To help keep a third of the world’s websites protected against hackers, botnet operators and malware merchants, an international army of enthusiasts and cyber security experts constantly check for vulnerabilities that could be exploited. New vulnerabilities are assigned an identification number and added to the Common Vulnerability and Exposures (CVE) List, which is overseen by CVE Numbering Authorities (CNAs).

More

It’s that time of year again where we donate 2% of our profits to a charity that positively impacts climate change, and this year we chose Sea Shepherd France again. We do this every year as part of our Hack the Planet pledge.

We launched several new versions of our WPScan WordPress security plugin, which now contains additional security checks, rather than just the API checks. This included the following checks:

More

WordPress Plugin Vulnerabilities

• BuddyPress < 6.4.0 – Lack of Capability Check on Profile Page
• WP Google Map Plugin <= 4.1.3 – Authenticated SQL Injection
• WPJobBoard < 5.7.0 – Unauthenticated SQL Injection
• WPJobBoard < 5.7.0 – Unauthenticated Reflected XSS & XFS
• Media Library Assistant < 2.90 – Authenticated Blind SQL Injection
• Secure File Manager – Authenticated Remote Command Execution
• WooCommerce Anti-Fraud <= 3.2 – Unauthenticated Order Status Manipulation
• Anti-Spam by CleanTalk < 5.149 – Multiple Authenticated SQL Injections
• Weforms <= 1.4.7 – CSV Injection
• Easy Registration Forms <= 2.0.6 – CSV Injection
• Import and export users and customers < 1.16.3.6 – CSV Injection
• Contextual Related Posts < 2.9.4 – CSRF Nonce Validation Bypass
• Fancy Product Designer < 4.5.1 – Unauthenticated Stored Cross-Site Scripting
• [0day] AIT CSV Import / Export <= 3.0.3 – Unauthenticated Arbitrary File Upload
• BA Book Everything < 1.3.25 – Unauthenticated Reflected XSS & XFS
• Good LMS < 2.1.5 – Unauthenticated SQL Injection
• Ultimate Reviews < 2.1.33 – Unauthenticated PHP Object Injection
• Ultimate Member < 2.1.12 – Unauthenticated Privilege Escalation via User Meta
• Ultimate Member < 2.1.12 – Authenticated Privilege Escalation via Profile Update
• Ultimate Member < 2.1.12 – Unauthenticated Privilege Escalation via User Roles
• Abandoned Cart Lite for WooCommerce < 5.8.3 – Unauthenticated SQL Injection
• WooCommerce Blocks < 3.7.1 – Guest Account Creation
• WooCommerce < 4.6.2 – Guest Account Creation
• Welcart e-Commerce < 1.9.36 – Authenticated PHP Object Injection
• Augmented Reality <= 1.2.0 – Unauthenticated PHP File Upload leading to RCE
• GDPR CCPA Compliance Support < 2.4 – Unauthenticated PHP Object Injection
• WP Activity Log < 4.1.5 – SQL Injection in External Database Module
• AccessPress Social Icons < 1.8.1 – Authenticated SQL Injection

More

Here at WPScan we launched our brand new website, which we’re super happy with, and feedback so far has been overwhelmingly positive!

We released three new versions of our WPScan WordPress security scanner, adding the login-uri option to specify the wp-login.php file location.

We also released two new versions of our WordPress security plugin, implementing new features such as the ability to configure the scan time.

More

WordPress 5.5.2 was released on October 30th 2020, reportedly fixing 10 security vulnerabilities. Below are the vulnerabilities that were mentioned in the release notes and that have been added to the WPScan WordPress Vulnerability Database so far, including one from our very own security researcher, Erwan.More

After several months work we have launched our brand new website for the WPScan WordPress Vulnerability Database:

More

WordPress Plugin Vulnerabilities

• Slider by 10Web < 1.2.36 – Multiple Authenticated SQL Injection
• WP Courses < 2.0.29 – Broken Access Controls leading to Courses Content Disclosure
• Simple:Press < 6.6.1 – Broken Access Control leading to RCE
• XCloner Backup and Restore < 4.2.153 – Cross-Site Request Forgery
• XCloner Backup and Restore 4.2.1 – 4.2.12 – Unprotected AJAX Action
• Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 – Unauthenticated Remote Code Execution
• Discount Rules for WooCommerce < 2.2.1 – Multiple Authorization Bypass
• MetaSlider < 3.17.2 – Authenticated Stored Cross-Site Scripting (XSS)
• Multiple Plugins/Themes – Cross-Site Request Forgery (CSRF)
• Affiliate Manager < 2.7.8 – Unauthenticated Stored Cross-Site Scripting (XSS)
• 10Web Social Post Feed < 1.1.27 – Authenticated SQL Injection
• Email Subscribers & Newsletters < 4.5.6 – Unauthenticated email forgery/spoofing
• Sticky Menu, Sticky Header (or anything!) on Scroll < 2.21 – CSRF & XSS
• LearnPress < 3.2.7.3 – CSRF & XSS
• Elementor Addon Elements < 1.6.4 – CSRF & XSS
• Cookiebot < 3.6.1 – CSRF & XSS
• Asset CleanUp: Page Speed Booster < 1.3.6.7 – CSRF & XSS
• All In One WP Security & Firewall < 4.4.4 – CSRF & XSS
• Absolutely Glamorous Custom Admin < 6.5.5 – CSRF & XSS
• Advanced Database Cleaner < 3.0.2 – Authenticated SQL injection
• ActiveCampaign < 8.0.2 – Cross-Site Request Forgery in Settings
• Constant Contact Forms < 1.8.8 – Multiple Authenticated Stored XSS
• NextScripts: Social Networks Auto-Poster < 4.3.18 – Insufficient Privilege Validation
• File Manager < 6.9 – Arbitrary File Upload leading to RCE

More

(We are not closing any of our other products or services, just the online WPScan.io SaaS!)

WPScan.io started life in 2015 when we contracted a Rails development company to create a SaaS web front end on top of our WPScan CLI tool. Unfortunately, at that time, we only had the budget to complete around 50% of the work, as we were still a community project making hardly any money.

The project sat in this half finished state for three years, until 2018, when we had a little bit more money to hire a freelance Rails developer.

More

WordPress Plugin Vulnerabilities

• Recall Products <= 0.8 – Authenticated Cross-Site Scripting
• Recall Products <= 0.8 – Authenticated SQL Injection
• WP Smart CRM & Invoices FREE <= 1.8.7 – Authenticated Stored Cross-Site Scripting
• Ceceppa Multilingua <= 1.5.17 – Authenticated Reflected Cross-Site Scripting
• Bulk Change <= 1.0 – Authenticated Reflected Cross-Site Scripting
• WP Floating Menu < 1.4.1 – Authenticated Reflected Cross-Site Scripting
• Subscribe Sidebar <= 1.3.1 – Authenticated Reflected Cross-Site Scripting
• Quiz and Survey Master < 7.0.2 – Unauthenticated Arbitrary File Upload
• FooGallery < 1.9.25 – Authenticated Cross-Site Scripting (XSS)
• Autoptimize < 2.7.7 – Authenticated Arbitrary File Upload
• RSVPMaker < 7.8.2 – Unauthenticated SQL Injection
• WooCommerce – NAB Transact < 2.1.2 – Payment Bypass
• Contact Form – Form builder by Kali Forms < 2.1.2 – Multiple CSRF Bypass Issues
• Contact Form – Form builder by Kali Forms < 2.1.2 – Authenticated Plugin’s Settings Change
• Contact Form – Form builder by Kali Forms < 2.1.2 – Unauthenticated Arbitrary Post Deletion
• Advanced Access Manager < 6.6.2 – Authenticated Information Disclosure
• Advanced Access Manager < 6.6.2 – Authenticated Authorization Bypass and Privilege Escalation
• Discount Rules for WooCommerce < 2.1.0 – Multiple Vulnerabilities
• WP Customer Reviews < 3.4.3 – Multiple Unauthenticated and Low Priv Authenticated Stored XSS
• Elegant Testimonial <= 1.1.6 – Multiple Authenticated Stored Cross-Site Scripting
• Click to Top <= 1.2.7 – Authenticated Stored Cross-Site Scripting
• Change WordPress Login Logo <= 1.1.4 – Authenticated Stored Cross-Site Scripting
• Internal Links Manager <= 2.0.2 – Multiple Authenticated Stored Cross-Site Scripting
• Fancy Lightbox < 1.0.2 – Authenticated Stored Cross-Site Scripting
• Easy Media Download < 1.1.5 – Authenticated Stored Cross-Site Scripting
• NextGEN Gallery Sell Photo <= 1.0.4 – Authenticated Stored Cross-Site Scripting
• Responsive Lightbox2 < 1.0.3 – Authenticated Stored Cross-Site Scripting
• Colorbox Lightbox <= 1.1.2 – Authenticated Stored Cross-Site Scripting
• Sell Photo <= 1.0.5 – Authenticated Stored Cross-Site Scripting
• Sell Media < 2.4.2 – Unauthenticated Reflected Cross-Site Scripting (XSS)
• Quiz and Survey Master < 7.0.1 – Arbitrary File Upload
• Quiz and Survey Master < 7.0.1 – Unauthenticated Arbitrary File Deletion
• Ultimate Member < 2.1.7 – Unauthenticated Open Redirect
• Very Simple Quiz – Multiple Authenticated Stored Cross-Site Scripting (XSS)
• Admin Menu <= 1.1 – Authenticated Cross-Site Scripting (XSS)
• Cardoza WordPress Poll <= 36 – Authenticated SQL Injection
• Ultimate Appointment Booking & Scheduling < 1.1.10 – Authenticated Cross-Site Scripting (XSS)
• RSS Feed Widget < 2.8.1 – Authenticated Cross-Site Scripting (XSS)
• File Manager < 6.5 – Backup File Directory Listing
• The Official WordPress Facebook Chat Plugin < 1.6 – Authenticated Options Change to Chat Takeover
• CMP – Coming Soon & Maintenance < 3.8.2 – Improper Access Controls on AJAX Calls
• Elegant Themes (Divi 3.0 – 4.5.2, Extra 2.0 – 4.5.2, Divi Builder 2.0 – 4.5.2) – Authenticated Arbitrary File Upload
• Newsletter < 6.8.2 – Authenticated PHP Object Injection
• Newsletter < 6.8.2 – Authenticated Cross-Site Scripting (XSS)
• Product Input Fields for WooCommerce < 1.2.7 – Unauthenticated File Download

WordPress Theme Vulnerabilities

More

WordPress Plugin Vulnerabilities

• Quiz And Survey Master < 7.0.0 – Authenticated Stored Cross-Site Scripting (XSS)
• Gallery PhotoBlocks < 1.2.0 – Authenticated Cross-Site Scripting (XSS)
• Comments – wpDiscuz 7.0.0 – 7.0.4 – Unauthenticated Arbitrary File Upload
• WooCommerce Subscriptions < 2.6.3 – Unauthenticated Stored Cross-Site Scripting (XSS)
• JobSearch < 1.5.6 – Unauthenticated Reflected XSS
• Social Sharing Plugin < 1.2.10 – Cross-Site Request Forgery in Settings
• TC Custom JavaScript < 1.2.2 – Unauthenticated Stored Cross-Site Scripting (XSS)
• JobSearch < 1.5.5 – Unauthenticated Reflected Cross-Site Scripting
• Email Subscribers & Newsletters < 4.5.1 – Authenticated SQL injection in es_newsletters_settings_callback()
• Email Subscribers & Newsletters < 4.5.1 – Cross-site Request Forgery in send_test_email()
• All in One SEO Pack < 3.6.2 – Authenticated Stored Cross-Site Scripting
• Email Verification for WooCommerce < 1.8.2 – Loose Comparison to Authentication Bypass
• SendPress Newsletter < 1.20.7.13 – Authenticated Stored Cross-Site Scripting (XSS)
• Form Maker by 10Web < 1.13.40 – Authenticated Reflected XSS
• Newsletter < 6.7.7 – Authenticated Stored Cross-Site Scripting
• WP-Live Chat by 3CX < 8.2.0 – Authenticated Stored Cross-Site Scripting
• SRS Simple Hits Counter <= 1.0.4 – Unauthenticated Blind SQL Injection
• Powie’s WHOIS Domain Check < 0.9.33 – Authenticated Stored Cross-Site Scripting
• Wise Chat < 2.8.4 – CSV Injection
• Knight Lab Timeline < 3.7.0.0 – Outdated TimelineJS library could Lead to Stored XSS
• KingComposer < 2.9.5 – Unauthenticated Reflected Cross-Site Scripting
• Adning Advertising < 1.5.6 – Unauthenticated Arbitrary File Upload/Deletion
• Security & Malware scan by CleanTalk < 2.51 – Security Nonce Leak leading to Unauthorised AJAX call
• JobSearch < 1.5.3 – Multiple Cross-Site Scripting Issues
• Testimonials Widget <= 3.5.1 – Multiple Authenticated Stored (XSS)
• Payment Form For Paypal Pro < 1.1.65 – Unauthenticated SQL Injection
• WPForms < 1.6.0.2 – Authenticated Stored Cross-Site Scripting (XSS)

More