Feedback

WordPress Vulnerability Report #8 – April 2019

#Uncategorised

30th April 2019

The 8th issue of WordPress Vulnerability Report arrives together with the end of our April maintenance cycle. We have tracked the best plugins once again to identify loopholes in 4 popular WordPress extensions, each with at least 100,000 active installations.

With all of our plugins of choice fully secure for the month of April, we have reached outside of our regular list to check the security of other popular extensions.

This time the flavour of the month is unfiltered data. All 4 featured vulnerabilities are caused by code that doesn’t process user input safely.

As a result, the attackers can use the plugins – even without authentication – to execute malicious scripts or queries to a database. Read on to discover the details.


Learn why we launched the WordPress Vulnerability Report in the video message from our Technical Director, Tomasz Lisiecki.

If you’re looking for more information please read our introductory article.

WP GOOGLE MAPS 7.11.00-7.11.17 – UNAUTHENTICATED SQL INJECTION

Problem
The API of the popular Google Maps plugin doesn’t filter certain data input in a secure manner.

Is it safe?
The vulnerability can lead to an SQL injection, allowing the attacker to execute malicious queries in the database. On top of that, the vulnerability doesn’t require authenticated account which makes it even more dangerous.

Our recommendation
You should update to at least version 7.11.18 of the plugin. WP Google Maps has received 4 updates since the vulnerability was discovered and all of them include the security patch.

Level of warning
High

DUPLICATE PAGE 3.3 – AUTHENTICATED SQL INJECTION

Problem
Duplicate Page 3.3 uses an URL parameter to determine the desired action of its user. However, the plugin is missing an additional privilege check and a logged-in user could manipulate the URL to compromise your site.

Is it safe?
While the plugin requires authentication, the loophole can be used by a logged-in user regardless of their role.

Our recommendation
A fix for the issue is available in version 3.4 of the plugin and we recommend updating to version 3.4 or higher.

Level of warning
Moderate

WORDPRESS DOWNLOAD MANAGER 2.9.93 – AUTHENTICATED CROSS-SITE SCRIPTING

Problem
Invalid handling of user input in the URL of a “Category” shortcode in the Pro version and the “Advanced Search” feature of the plugin.

Is it safe?
Authenticated users can manipulate the URL to execute a malicious script on the website.

Our recommendation
We recommend updating to at least security update 2.9.94.

Level of warning
Moderate

WP STATISTICS 12.6.3 – CROSS-SITE SCRIPTING

Problem
A function intended to get the title of a page returns unfiltered data.

Is it safe?
Manipulating the input in the vulnerable version of WP Statistics can lead to script execution on the site.

Our recommendation
Even though there’s no mention of that in the changelog, the code repository of the plugin and further security tests show the version 12.6.4 fixes the issue and we recommend updating at your earliest convenience.

Level of warning
Moderate

Here’s What You Should Do Next

If you’d like us to work on your website to increase your profits, please get in touch. No matter where you are in the world.

Talk to us

If you are a little unusure whether we are a good fit for each other, head over to this page to learn about our typical clients.

See who we work with