Despite being one of the most important aspects of website management, security is often overlooked, especially by newbie website owners. But you are not one of them, right? You use only premium WordPress themes, trusted plugins from WordPress.org, and never install any suspicious scripts.
Wrong
The pitfall is that even such giants as WooCommerce and BuddyPress sometimes receive vulnerable updates. It is extremely dangerous, as these plugins are used by millions of users, and such vulnerabilities can lead to massive hacker attacks targeted at thousands of websites at once.
Here is where WPScan Vulnerability Database comes to your aid. This is a regularly updated list of vulnerabilities found in WordPress themes, plugins and core files, which will help you detect potentially dangerous components on your website. WPScan Vulnerability Database is powered by Sucuri – an online platform offering security solutions for WordPress, Joomla, Drupal, Magento and many other CMSs.
We have scanned their database, picked the most recent vulnerabilities, and made them up into a convenient table, which you can see below.
In this table, you will see the latest plugin vulnerabilities spotted by Sucuri starting from the beginning of 2017. If phrases like “Stored XSS” don’t ring any bells, here are some definitions to get you covered:
Stored XSS (also known as persistent XSS) occurs when a malicious script is injected directly into a vulnerable web application.
Reflected XSS occurs when a malicious script is reflected off of a website to a victim’s browser.
Many of them haven’t been updated for several years, so better delete them completely from your websites, as simple deactivation of a plugin doesn’t always solve the problem.
| Snippet | Name of the plugin | Version | Issue | Spotted on |
| alpine-photo-tile-for-instagram | Alpine PhotoTile | 1.2.7.6 | Authenticated Reflected XSS | 2017-03-03 |
| anyvar | AnyVar | 0.1.1 | Stored Cross-Site Scripting (XSS) | 2017-03-06 |
| 404-redirection-manager | 404 to 301 SEO Redirection | 1.0 | SQL Injection | 2017-01-14 |
| contact-form-manager | Contact Form Manager | 1.4.2 | CSRF & Cross-Site Scripting (XSS) | 2017-03-02 |
| directdownload | Direct Download for WooCommerce | 1.15 | Unauthenticated LFI | 2017-01-18 |
| download-manager | Download Manager | 2.9.45 | Cross-Site Request Forgery (CSRF) | 2017-03-03 |
| dtracker | Dtracker | 1.5 | Multiple Unauthenticated Blind SQL Injections | 2017-03-09 |
| easy-table | Easy Table | Authenticated Stored XSS | 2017-02-20 | |
| global-content-blocks | Global Content Blocks | Cross-Site Request Forgery (CSRF) | 2017-03-03 | |
| google-analytics-dashboard | Google Analytics Dashboard | Authenticated XSS | 2017-03-02 | |
| google-mp3-audio-player | CodeArt Google MP3 Player | File Disclosure | 2017-02-09 | |
| google-sitemap-generator | Google XML Sitemaps | 4.0.8 | Authenticated Reflected XSS (via HOST header) | 2017-03-03 |
| kama-clic-counter | Kama Click Counter | Authenticated Blind SQL Injection | 2017-02-28 | |
| mail-masta | Mail Masta | 1.0 | Multiple SQL Injection | 2017-02-23 |
| mobile-app-builder-by-wappress | WordPress Mobile app Builder | 1.05 | Unauthenticated File Upload | 2017-03-08 |
| mobile-friendly-app-builder-by-easytouch | How to Create an App for Android iPhone Easytouch | 3.0 | Unauthenticated File Upload | 2017-03-08 |
| popup-by-supsystic | Popup by Supsystic | Cross-Site Request Forgery (CSRF) | 2017-03-02 | |
| responsive-poll | Responsive Poll | 1.7.4 | Cross-Site Scripting (XSS) | 2017-01-11 |
| rockhoist-badges | Rockhoist Badges | 1.2.2 | Authenticated Stored XSS | 2017-03-06 |
| simple-ads-manager | Simple Ads Manager | Unauthenticated PHP Object Injection | 2017-03-03 | |
| stats-counter | Analytics Stats Counter Statistics | Unauthenticated PHP Object Injection | 2017-03-03 | |
| trust-form | Trust Form | Authenticated Reflected XSS | 2017-03-03 | |
| user-login-log | User Login Log | Stored Cross-Site Scripting (XSS) | 2017-03-02 | |
| webapp-builder | Webapp builder 2.0 | 2.0 | Unauthenticated File Upload | 2017-03-08 |
| wp-spamfree | WP-SpamFree Anti-Spam | Authenticated Reflected XSS | 2017-03-02 | |
| wp2android-turn-wp-site-into-android-app | Wp2android | 1.1.4 | Unauthenticated File Upload | 2017-03-08 |
| zen-mobile-app-native | Mobile App Native | 3.0 | Remote File Upload | 2017-03-01 |
These 16 plugins are used by 4+ million WordPress websites. The list includes WooCommerce, BuddyPress, VaultPress and other world-renowned extensions. Luckily, developers of popular plugins fix critical issues quickly, so make sure that all of your plugins are always up-to-date. Enable auto updates and regularly check if the plugins installed on your WordPress website are of the latest version.
| Snippet | Name of the plugin | Version | Issue | Update to |
| buddypress | BuddyPress | 2.7.3 | Arbitrary File Deletion | 2.7.4 |
| contact-form-plugin | Contact Form by BestWebSoft | 4.0.1 | Stored Cross-Site Scripting (XSS) | 4.0.2 |
| chained-quiz | Chained Quiz | 0.9.8 | Cross-Site Scripting (XSS) | 0.9.9 |
| cms-commander-client | CMS Commander Client | 2.21 | Unauthenticated PHP Object Injection | 2.22 |
| formbuilder | FormBuilder | 1.0.7 | Multiple Authenticated SQL Injection
Cross-Site Request Forgery (CSRF) |
1.0.8 |
| image-slider-widget | Slider | 1.1.89 | Authenticated Arbitrary File Deletion | 1.1.90 |
| iwp-client | InfiniteWP Client | 1.6.0 | Unauthenticated PHP Object Injection | 1.6.1.1 |
| magic-fields | Magic Fields | 1.7.1 | Authenticated XSS | 1.7.2 |
| newstatpress | NewStatPress | 1.2.4 | Stored Cross-Site Scripting (XSS) | 1.2.5 |
| nextgen-gallery | NextGEN Gallery | 2.1.77 | Unauthenticated SQL Injection | 2.1.79 |
| stop-user-enumeration | Stop User Enumeration | 1.3.7 | Unauthenticated Reflected XSS | 1.3.8 |
| vaultpress | VaultPress | 1.8.6 | Backend Server SSL Verification Disabled | 1.8.7 |
| xcloner-backup-and-restore | XCloner - Backup and Restore | 3.1.4 | Authenticated Path Traversal | 3.1.5 |
| wangguard | WangGuard | 1.7.2 | Authenticated Reflected XSS | 1.7.3 |
| woocommerce | WooCommerce | 2.6.8 | Authenticated Tax-Rate CSV XSS | 2.6.9 |
| wpgform | Google Forms | 0.87 | Unauthenticated PHP Object Injection | 0.91 |
Of course, you can't ensure absolute security of your website, but you can make it 99% secure, which is pretty much enough for any business :). All you need to do is update your themes and plugins promptly, keep your passwords in a safe place, and never trust other people regularly monitor user activity. Take the first step towards your peace of mind and grab a vulnerability-free WordPress theme from our collection.
Coffee addict, social media junkie, data miner contributing technical articles and informative pieces to MonsterPost. Reach him on Medium.
Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.
What a stuff of un-ambiguity and preserveness of precious familiarity regarding unpredicted emotions.
First off I would like to say great blog! I had a quick question that I’d like to ask if you don’t mind.
I was curious to find out how you center yourself and clear
your head before writing. I’ve had a difficult time clearing
my mind in getting my thoughts out. I do take pleasure in writing however it just seems like the first 10 to
15 minutes are generally wasted simply just trying to
figure out how to begin. Any ideas or tips? Thank you!
I am genuinely happy to read this blog posts which contains lots of helpful data, thanks for providing such information.
Thanks for one’s marvelous posting! I quite enjoyed reading
it, you could be a great author.I will remember to bookmark your
blog and will often come back down the road. I want to encourage
you to definitely continue your great work, have a nice holiday weekend!
I think the admin of this website is actually working hard in favor of his
web page, for the reason that here every data is quality
based material.
Excellent post. Keep posting such kind of info on your page.
Im really impressed by it.
Hello there, You’ve performed a fantastic job. I’ll certainly digg it and in my view suggest to my friends.
I am sure they will be benefited from this website.
I blog often and I genuinely appreciate your information. The article has
really peaked my interest. I’m going to book mark your site and keep checking for new details about once per week.
I subscribed to your Feed as well.
I don’t know whether it’s just me or if everybody else encountering issues with your site.
It appears as if some of the text in your posts
are running off the screen. Can somebody else please comment and let me
know if this is happening to them as well? This might be a problem with my web browser because
I’ve had this happen previously. Kudos
Hey there are using WordPress for your site platform?
I’m new to the blog world but I’m trying to get started and create my own. Do you require any html coding
knowledge to make your own blog? Any help would be greatly appreciated!
Someone essentially lend a hand to make severely
articles I might state. That is the first time I frequented
your web page and up to now? I surprised with the research you made to
create this actual put up incredible. Great task!
You’ve made some good points there. I looked on the web to
learn more about the issue and found most people will go along
with your views on this web site.
Hi there! Would you mind if I share your blog with my twitter group?
There’s a lot of folks that I think would really appreciate your content.
Please let me know. Thanks
You really make it seem so easy with your presentation but I find this matter to be really
something that I think I would never understand.
It seems too complicated and extremely broad for me. I’m looking forward for your next
post, I will try to get the hang of it!
excellent points altogether, you just received a new
reader. What could you suggest in regards to your put up that you
simply made some days ago? Any sure?
Its like you read my mind! You seem to know so much about this, like
you wrote the book in it or something. I
think that you can do with a few pics to drive the message home a
little bit, but instead of that, this is excellent blog. A great read.
I’ll certainly be back.
Good post. I learn something totally new and challenging on websites I stumbleupon on a daily basis.
It will always be helpful to read through content from other
writers and practice something from other sites.
Howdy would you mind letting me know which hosting company you’re using?
I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot faster
then most. Can you recommend a good web hosting provider at a reasonable price?
Thanks, I appreciate it!
I have been exploring for a little for any high quality articles or weblog posts on this sort of house .
Exploring in Yahoo I at last stumbled upon this website.
Studying this information So i am satisfied to exhibit that I
have a very excellent uncanny feeling I discovered just what I needed.
I so much definitely will make sure to don?t omit this
site and provides it a look on a relentless basis.
Excellent blog here! Also your website loads up fast!
What web host are you using? Can I get your affiliate link to your
host? I wish my web site loaded up as fast as yours lol
I need to to thank you for this excellent read!! I certainly loved every bit of
it. I have you bookmarked to look at new things you
post…
This paragraph gives clear idea in favor of the new users of blogging,
that really how to do running a blog.
It’s amazing to pay a visit this web site and reading the
views of all mates regarding this post, while I am also zealous of getting knowledge.
Definitely consider that which you stated. Your favorite reason appeared to be on the
internet the simplest factor to have in mind of.
I say to you, I certainly get annoyed even as other people consider issues that
they just don’t realize about. You managed to hit the nail upon the highest as well as defined out the
entire thing with no need side-effects , folks could take a signal.
Will likely be back to get more. Thank you
I was recommended this web site by my cousin. I am not
sure whether this post is written by him as no one else know such detailed about my trouble.
You’re incredible! Thanks!
Wonderful goods from you, man. I have understand
your stuff previous to and you’re just too great. I actually
like what you’ve acquired here, really like what you are stating and the way in which you say it.
You make it enjoyable and you still care for to keep it sensible.
I can’t wait to read far more from you. This is actually a great site.
I have been surfing online more than 2 hours today, yet I never found
any interesting article like yours. It’s pretty worth enough for me.
Personally, if all webmasters and bloggers made good content as
you did, the web will be a lot more useful than ever before.
For most recent news you have to visit the web and on world-wide-web I found this site as
a best web site for newest updates.
I like the helpful information you provide in your articles.
I will bookmark your weblog and check again here frequently.
I’m quite sure I’ll learn many new stuff right here! Good luck for the next!
Hey just wanted to give you a brief heads up and let you know a few of the images aren’t loading properly.
I’m not sure why but I think its a linking issue. I’ve tried it in two different
web browsers and both show the same outcome.
Hi there i am kavin, its my first time to commenting anywhere, when i read this article
i thought i could also create comment due to this brilliant piece of writing.
WOW just what I was searching for. Came here by searching for
코인카지노
What’s up it’s me, I am also visiting this site on a regular basis, this web site is truly good and the viewers are in fact sharing
nice thoughts.
Hello There. I found your blog using msn. This is an extremely
well written article. I will be sure to bookmark it and return to read more of your useful information.
Thanks for the post. I will definitely return.
I every time emailed this blog post page to all my associates,
as if like to read it afterward my contacts will too.
I am really impressed with your writing skills and also with the layout on your blog.
Is this a paid theme or did you modify it yourself?
Anyway keep up the nice quality writing, it’s rare to see a great blog like this one these days.
Please let me know if you’re looking for a author for your blog.
You have some really great articles and I think I would be
a good asset. If you ever want to take some of the load
off, I’d really like to write some material for your blog in exchange for
a link back to mine. Please blast me an email if interested.
Many thanks!
Hello there I am so grateful I found your web site, I really found you by mistake,
while I was researching on Digg for something else, Anyhow I am here now and would just like to say kudos
for a remarkable post and a all round interesting
blog (I also love the theme/design), I don’t have time to go
through it all at the moment but I have book-marked it and also added in your RSS feeds,
so when I have time I will be back to read much more, Please do keep up the fantastic work.
This is very interesting, You’re a very skilled blogger. I have joined your
feed and look forward to seeking more of your fantastic post.
Also, I’ve shared your website in my social networks!
I really like your blog.. very nice colors & theme.
Did you design this website yourself or did you hire someone to do it for
you? Plz answer back as I’m looking to create my own blog
and would like to find out where u got this from. thank
you
Yesterday, while I was at work, my cousin stole my iphone and tested to see if it can survive a 25 foot drop, just so she can be a youtube sensation.
My apple ipad is now broken and she has 83 views.
I know this is entirely off topic but I had to
share it with someone!
My family always say that I am killing my time here at net, but I know I am getting know-how all the time by reading such nice posts.
This is my first time visit at here and i am truly happy to read all at alone place.
bookmarked!!, I like your website!
If you are going for most excellent contents like me, simply go to see this website every day for the reason that it gives
quality contents, thanks
It is not my first time to pay a visit this web site, i am browsing this web site dailly and take pleasant information from here
all the time.
Hey there, You’ve done an excellent job. I’ll certainly digg
it and personally suggest to my friends. I am confident they’ll be benefited from this website.
Hi, i feel that i noticed you visited my weblog so i came to return the desire?.I’m trying
to find issues to enhance my site!I guess its adequate to make use of a few of your concepts!!
Wow that was unusual. I just wrote an really long comment but after I clicked submit my
comment didn’t appear. Grrrr… well I’m not
writing all that over again. Anyway, just wanted
to say great blog!
Great post. I used to be checking constantly this weblog and
I’m inspired! Very useful info specially the closing section :
) I take care of such info much. I was seeking this certain information for a
long time. Thanks and best of luck.
Your style is really unique compared to other folks I have read stuff from.
I appreciate you for posting when you have the opportunity, Guess I’ll just book mark
this web site.
Hi outstanding blog! Does running a blog such as this take a great deal of work?
I’ve no expertise in computer programming but I was hoping to start my own blog soon. Anyhow, if you have any recommendations or tips for new blog
owners please share. I know this is off topic but I simply needed to ask.
Thanks a lot!
… [Trackback]
[…] Informations on that Topic: templatemonster.com/dangerous-wordpress-plugins-2017/ […]
Thanks for aware us.
Thanks Jeremy for putting and sharing all together. It’s really interesting to see that some really popular plugins like WooCommerce, Google XML Sitemaps, BuddyPress in the list. Based on your article it looks like, out of all plugins, “Google XML Sitemaps” is looking most vulnerable as it’s not updated from a year now and it’s having 2+ million active installs. Thanks for sharing and keep up the good work.
These 16 plugins are used by 4+ million WordPress websites. The list includes WooCommerce, BuddyPress, VaultPress and other world-