The plugin ‘Download Plugins and Themes from Dashboard’ (https://wordpress.org/plugins/download-plugins-dashboard/) , a plugin that lets you download installed plugins and themes ZIP files directly from your admin dashboard without using FTP with 10,000+ installs has been identified to have multiple security flaws in version less than 1.6. NinTechNet discovered a multiple security issues within the Download […]
Plugin Vulnerabilities
Plugin Vulnerability: Theme Editor
The plugin Theme Editor (https://en-gb.wordpress.org/plugins/visualizer/) , a plugin that allows you to edit theme files, create folders and more with 30,000+ installs has been identified to have multiple security flaws in version 2.1 and lower. These vulnerabilities were reported by WebArxSecurity (and details can be found here https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/. The author release a fixed version (2.2) […]
Plugin Vulnerability: Visualizer
The plugin Visulalizer (https://en-gb.wordpress.org/plugins/visualizer/) , a tables and charts management plugin with over 40,000 installs has been identified to have a security weakness in versions less than 3.3.1 by security researcher Nathan Davidon ( https://nathandavison.com/ ). The plugin developers released an update yesterday including a fix. Recommendation Our recommendation is to immediately update to version […]
Plugin Vulnerability: Rich Reviews
The plugin Rich Reviews (https://en-gb.wordpress.org/plugins/rich-reviews/) has been closed on the WordPress repository since March 2019 for security issues. However security researchers at WordFence ( https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/) have reported that this vulnerability is being exploited in the wild. Recommendation Our recommendation is to immediately remove the Rich Reviews plugin and find an alternative. Users of FullWorks Security […]
Plugin Vulnerability: Delucks SEO
The plugin Delucks SEO (https://en-gb.wordpress.org/plugins/visualizer/) , has been identified to have a security weakness in versions less than 2.1.7 as reported on The Ninja Technologies Network (https://blog.nintechnet.com/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited/) The plugin developers released an update including a fix. Recommendation Our recommendation is to immediately update to version 2.1.7 or above. Users of FullWorks Security will have been […]