Discovered WordPress Vulnerabilities (August 2020)
Fortunately, last month, like July, no specific vulnerabilities were discovered or reported in the WordPress kernel. But a lot of vulnerabilities have been found in the various plugins and templates of this CMS, which we will introduce in the following.
If you also use and use this plugin, you need to update and fix it as soon as possible, otherwise there is a possibility that the site will be hacked.
Vulnerabilities discovered in WordPress plugins
In this section, we will examine the ways of hackers penetrating through the plugins that you have installed on WordPress.
XSS vulnerability in Recall Products plugin
This vulnerability is of the XSS Stored type and allows the hacker to execute malicious JavaScript code.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.
SQL Injection vulnerability in the Recall Products plugin
Manufactorer [] POST parameter in this plugin has SQL Injection vulnerability. This vulnerability is proven when a deletion request is sent.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.
XSS vulnerability in WP Smart CRM & Invoices plugin
The vulnerability is XSS Stored and allows the hacker to execute malicious JavaScript code using fields such as The Business Name and Tax Code.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.
XSS vulnerability in Ceceppa Multilingual plugin
This vulnerability is of the Reflected type and allows the hacker to execute its malicious code in the tab parameter.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.
XSS vulnerability in Bulk Change plugin
This vulnerability is of the Reflected type and affects the ‘s’ parameter due to the lack of security filters, and malicious JavaScript code can be injected through this parameter.
Vulnerable versions of this plugin: Up to now, all versions of this plugin are vulnerable.
XSS Vulnerability in WP Floating Menu Plugin
This vulnerability is of the Reflected type and the hacker will be able to execute his malicious JavaScript code through the status parameter in the subscribe_sidebar file.
Vulnerable versions of this plugin: 1.3.1 and earlier
Unauthenticated File Upload Vulnerability in Quiz and Survey Master Plugin
Because there is no validation on the names of the files uploaded in this plugin, the hacker can upload his malicious php files (such as web shells) as a double extension to the server. For example: shell.php.jpeg
Vulnerable versions of this plugin: 7.0.2 and earlier
XSS vulnerability in FooGallery plugin
The vulnerability was discovered due to the lack of proper filtering in the user input in the image title or caption, and the hacker will be able to execute his malicious code.
Vulnerable versions of this plugin: 1.9.25 and earlier.
Authenticated File Upload Vulnerability in Autoptimize Plugin
Due to the lack of review of uploaded files in AJAX requests sent by ao_ccss_import, a high-access user will be able to upload their php files, which could eventually lead to an RCE attack.
Vulnerable versions of this plugin: 2.7.7 and before
SQL Injection Vulnerability in RSVP Maker Plugin
This vulnerability was detected because there are no restrictions on user inputs in signed_up_ajax (). Using it, the hacker will be able to execute his queries.
Vulnerable versions of this plugin: 7.8.2 and before
Payment Bypass Vulnerability in WooCommerce Plugin – NAB Transact
In this plugin, due to the lack of validation of the request processing status, the hacker can send his fake request at the time of ordering and register his order as a paid order.
Vulnerable versions of this plugin: 2.1.2 and before
CSRF vulnerability in the Contact Form – Form builder by Kali Forms plugin
Due to the way this plugin is coded, the hacker will be able to bypass security nonces and eventually attack CSRF.
Vulnerable versions of this plugin: 2.1.2 and before
Information Disclosure vulnerability in Advanced Access Manager plugin
Using this vulnerability, it will be possible to reveal things like hashed managers’ passwords and their abilities and roles.
Vulnerable versions of this plugin: 6.6.2 and earlier.
Authorization Bypass and Privilege vulnerability in Advanced Access Manager plugin
Using this vulnerability, any admin with a low access level will be able to change their role and increase or decrease their access level. This will be possible by submitting a POST request and changing the role parameters.
Vulnerable versions of this plugin: 6.6.2 and we before that
Vulnerabilities discovered in WordPress themes
In this section, we will examine the ways of hackers penetrating through WordPress templates and remind the essential points.
XSS Vulnerability in Home Villas Theme
Several vulnerabilities such as Reflected XSS and Persistent XSS have been discovered in this theme and the hacker will be able to execute his code.
Vulnerable versions of this template: Up to now, all versions of this template are vulnerable.
XSS Vulnerability in Geo Magazine Theme
This vulnerability is of the Reflected XSS type and the hacker will be able to execute its malicious code.
Vulnerable versions of this template: Up to now, all versions of this template are vulnerable.
XSS vulnerability in Nova Lite theme
Vulnerable versions of this plugin: 1.3.9 and earlier.
XSS Vulnerability in FoodBakery Theme
This vulnerability is of Reflected XSS type and exists in the location parameter of the search query.
Vulnerable versions of this plugin: 2.0 and earlier.
File Upload Vulnerability in Elegant Themes
Using this vulnerability, a user with a contributor access level can upload their favorite php files, which may eventually lead to RCE.
Vulnerable versions of this plugin: 4.5.3 and earlier.
The last word
We emphasize again, if you use these plugins and templates on your website, update them as soon as possible so that your site does not have security problems.