Please, enter a valid email!
00 days
:
00 hours
:
00 minutes
:
00 seconds

43 Dangerous WordPress Plugins Blacklisted by Sucuri in 2017

Despite being one of the most important aspects of website management, security is often overlooked, especially by newbie website owners. But you are not one of them, right? You use only premium WordPress themes, trusted plugins from WordPress.org, and never install any suspicious scripts.


Wrong

The pitfall is that even such giants as WooCommerce and BuddyPress sometimes receive vulnerable updates. It is extremely dangerous, as these plugins are used by millions of users, and such vulnerabilities can lead to massive hacker attacks targeted at thousands of websites at once.

Here is where WPScan Vulnerability Database comes to your aid. This is a regularly updated list of vulnerabilities found in WordPress themes, plugins and core files, which will help you detect potentially dangerous components on your website. WPScan Vulnerability Database is powered by Sucuri – an online platform offering security solutions for WordPress, Joomla, Drupal, Magento and many other CMSs.

We have scanned their database, picked the most recent vulnerabilities, and made them up into a convenient table, which you can see below.


Types of hazards

In this table, you will see the latest plugin vulnerabilities spotted by Sucuri starting from the beginning of 2017. If phrases like “Stored XSS” don’t ring any bells, here are some definitions to get you covered:
wordpress vulnerabilities

  • XSS (Cross-site Scripting) – enables attackers to inject client-side scripts into web pages viewed by other users. There are two types of XSS: stored and reflected.

Stored XSS (also known as persistent XSS) occurs when a malicious script is injected directly into a vulnerable web application.

Reflected XSS occurs when a malicious script is reflected off of a website to a victim’s browser.

  • SQL Injections – allow hackers to exercise control over your database, including its unauthorized dumping and modification.
  • LFI (Local File Inclusion) – results in remote code execution on the web server that runs the affected web application.
  • Cross-Site Request Forgery (CSRF) – a malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.

27 WordPress plugins that contain critical vulnerabilities as of 03/16/2017

Many of them haven’t been updated for several years, so better delete them completely from your websites, as simple deactivation of a plugin doesn’t always solve the problem.

Snippet Name of the plugin Version Issue Spotted on
alpine-photo-tile-for-instagram Alpine PhotoTile 1.2.7.6 Authenticated Reflected XSS 2017-03-03
anyvar AnyVar 0.1.1 Stored Cross-Site Scripting (XSS) 2017-03-06
404-redirection-manager 404 to 301 SEO Redirection 1.0 SQL Injection 2017-01-14
contact-form-manager Contact Form Manager 1.4.2 CSRF & Cross-Site Scripting (XSS) 2017-03-02
directdownload Direct Download for WooCommerce 1.15 Unauthenticated LFI 2017-01-18
download-manager Download Manager 2.9.45 Cross-Site Request Forgery (CSRF) 2017-03-03
dtracker Dtracker 1.5 Multiple Unauthenticated Blind SQL Injections 2017-03-09
easy-table Easy Table Authenticated Stored XSS 2017-02-20
global-content-blocks Global Content Blocks Cross-Site Request Forgery (CSRF) 2017-03-03
google-analytics-dashboard Google Analytics Dashboard Authenticated XSS 2017-03-02
google-mp3-audio-player CodeArt Google MP3 Player File Disclosure 2017-02-09
google-sitemap-generator Google XML Sitemaps 4.0.8 Authenticated Reflected XSS (via HOST header) 2017-03-03
kama-clic-counter Kama Click Counter Authenticated Blind SQL Injection 2017-02-28
mail-masta Mail Masta 1.0 Multiple SQL Injection 2017-02-23
mobile-app-builder-by-wappress WordPress Mobile app Builder 1.05 Unauthenticated File Upload 2017-03-08
mobile-friendly-app-builder-by-easytouch How to Create an App for Android iPhone Easytouch 3.0 Unauthenticated File Upload 2017-03-08
popup-by-supsystic Popup by Supsystic Cross-Site Request Forgery (CSRF) 2017-03-02
responsive-poll Responsive Poll 1.7.4 Cross-Site Scripting (XSS) 2017-01-11
rockhoist-badges Rockhoist Badges 1.2.2 Authenticated Stored XSS 2017-03-06
simple-ads-manager Simple Ads Manager Unauthenticated PHP Object Injection 2017-03-03
stats-counter Analytics Stats Counter Statistics Unauthenticated PHP Object Injection 2017-03-03
trust-form Trust Form Authenticated Reflected XSS 2017-03-03
user-login-log User Login Log Stored Cross-Site Scripting (XSS) 2017-03-02
webapp-builder Webapp builder 2.0 2.0 Unauthenticated File Upload 2017-03-08
wp-spamfree WP-SpamFree Anti-Spam Authenticated Reflected XSS 2017-03-02
wp2android-turn-wp-site-into-android-app Wp2android 1.1.4 Unauthenticated File Upload 2017-03-08
zen-mobile-app-native Mobile App Native 3.0 Remote File Upload 2017-03-01

16 WordPress plugins that need to be updated ASAP

These 16 plugins are used by 4+ million WordPress websites. The list includes WooCommerce, BuddyPress, VaultPress and other world-renowned extensions. Luckily, developers of popular plugins fix critical issues quickly, so make sure that all of your plugins are always up-to-date. Enable auto updates and regularly check if the plugins installed on your WordPress website are of the latest version.

Snippet Name of the plugin Version Issue Update to
buddypress BuddyPress 2.7.3 Arbitrary File Deletion 2.7.4
contact-form-plugin Contact Form by BestWebSoft 4.0.1 Stored Cross-Site Scripting (XSS) 4.0.2
chained-quiz Chained Quiz 0.9.8 Cross-Site Scripting (XSS) 0.9.9
cms-commander-client CMS Commander Client 2.21 Unauthenticated PHP Object Injection 2.22
formbuilder FormBuilder 1.0.7 Multiple Authenticated SQL Injection

Cross-Site Request Forgery (CSRF)

1.0.8
image-slider-widget Slider 1.1.89 Authenticated Arbitrary File Deletion 1.1.90
iwp-client InfiniteWP Client 1.6.0 Unauthenticated PHP Object Injection 1.6.1.1
magic-fields Magic Fields 1.7.1 Authenticated XSS 1.7.2
newstatpress NewStatPress 1.2.4 Stored Cross-Site Scripting (XSS) 1.2.5
nextgen-gallery NextGEN Gallery 2.1.77 Unauthenticated SQL Injection 2.1.79
stop-user-enumeration Stop User Enumeration 1.3.7 Unauthenticated Reflected XSS 1.3.8
vaultpress VaultPress 1.8.6 Backend Server SSL Verification Disabled 1.8.7
xcloner-backup-and-restore XCloner - Backup and Restore 3.1.4 Authenticated Path Traversal 3.1.5
wangguard WangGuard 1.7.2 Authenticated Reflected XSS 1.7.3
woocommerce WooCommerce 2.6.8 Authenticated Tax-Rate CSV XSS 2.6.9
wpgform Google Forms 0.87 Unauthenticated PHP Object Injection 0.91

Final Thoughts

Of course, you can't ensure absolute security of your website, but you can make it 99% secure, which is pretty much enough for any business :). All you need to do is update your themes and plugins promptly, keep your passwords in a safe place, and never trust other people regularly monitor user activity. Take the first step towards your peace of mind and grab a vulnerability-free WordPress theme from our collection.


Jeremy Blackwood

Coffee addict, social media junkie, data miner contributing technical articles and informative pieces to MonsterPost. Reach him on Medium.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

55 responses to “43 Dangerous WordPress Plugins Blacklisted by Sucuri in 2017”

  1. bunny hat says:

    What a stuff of un-ambiguity and preserveness of precious familiarity regarding unpredicted emotions.

  2. door handles says:

    First off I would like to say great blog! I had a quick question that I’d like to ask if you don’t mind.
    I was curious to find out how you center yourself and clear
    your head before writing. I’ve had a difficult time clearing
    my mind in getting my thoughts out. I do take pleasure in writing however it just seems like the first 10 to
    15 minutes are generally wasted simply just trying to
    figure out how to begin. Any ideas or tips? Thank you!

  3. bunny hat says:

    I am genuinely happy to read this blog posts which contains lots of helpful data, thanks for providing such information.

  4. Thanks for one’s marvelous posting! I quite enjoyed reading
    it, you could be a great author.I will remember to bookmark your
    blog and will often come back down the road. I want to encourage
    you to definitely continue your great work, have a nice holiday weekend!

  5. massager says:

    I think the admin of this website is actually working hard in favor of his
    web page, for the reason that here every data is quality
    based material.

  6. Excellent post. Keep posting such kind of info on your page.

    Im really impressed by it.
    Hello there, You’ve performed a fantastic job. I’ll certainly digg it and in my view suggest to my friends.
    I am sure they will be benefited from this website.

  7. 000 says:

    I blog often and I genuinely appreciate your information. The article has
    really peaked my interest. I’m going to book mark your site and keep checking for new details about once per week.

    I subscribed to your Feed as well.

  8. 바카라 says:

    I don’t know whether it’s just me or if everybody else encountering issues with your site.
    It appears as if some of the text in your posts
    are running off the screen. Can somebody else please comment and let me
    know if this is happening to them as well? This might be a problem with my web browser because
    I’ve had this happen previously. Kudos

  9. 파워볼 says:

    Hey there are using WordPress for your site platform?
    I’m new to the blog world but I’m trying to get started and create my own. Do you require any html coding
    knowledge to make your own blog? Any help would be greatly appreciated!

  10. Someone essentially lend a hand to make severely
    articles I might state. That is the first time I frequented
    your web page and up to now? I surprised with the research you made to
    create this actual put up incredible. Great task!

  11. You’ve made some good points there. I looked on the web to
    learn more about the issue and found most people will go along
    with your views on this web site.

  12. Hi there! Would you mind if I share your blog with my twitter group?
    There’s a lot of folks that I think would really appreciate your content.

    Please let me know. Thanks

  13. You really make it seem so easy with your presentation but I find this matter to be really
    something that I think I would never understand.
    It seems too complicated and extremely broad for me. I’m looking forward for your next
    post, I will try to get the hang of it!

  14. 포커 says:

    excellent points altogether, you just received a new
    reader. What could you suggest in regards to your put up that you
    simply made some days ago? Any sure?

  15. Its like you read my mind! You seem to know so much about this, like
    you wrote the book in it or something. I
    think that you can do with a few pics to drive the message home a
    little bit, but instead of that, this is excellent blog. A great read.
    I’ll certainly be back.

  16. Good post. I learn something totally new and challenging on websites I stumbleupon on a daily basis.
    It will always be helpful to read through content from other
    writers and practice something from other sites.

  17. 미니게임 says:

    Howdy would you mind letting me know which hosting company you’re using?
    I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot faster
    then most. Can you recommend a good web hosting provider at a reasonable price?

    Thanks, I appreciate it!

  18. I have been exploring for a little for any high quality articles or weblog posts on this sort of house .

    Exploring in Yahoo I at last stumbled upon this website.
    Studying this information So i am satisfied to exhibit that I
    have a very excellent uncanny feeling I discovered just what I needed.

    I so much definitely will make sure to don?t omit this
    site and provides it a look on a relentless basis.

  19. Excellent blog here! Also your website loads up fast!
    What web host are you using? Can I get your affiliate link to your
    host? I wish my web site loaded up as fast as yours lol

  20. I need to to thank you for this excellent read!! I certainly loved every bit of
    it. I have you bookmarked to look at new things you
    post…

  21. 룰렛 says:

    This paragraph gives clear idea in favor of the new users of blogging,
    that really how to do running a blog.

  22. 가상축구 says:

    It’s amazing to pay a visit this web site and reading the
    views of all mates regarding this post, while I am also zealous of getting knowledge.

  23. Definitely consider that which you stated. Your favorite reason appeared to be on the
    internet the simplest factor to have in mind of.
    I say to you, I certainly get annoyed even as other people consider issues that
    they just don’t realize about. You managed to hit the nail upon the highest as well as defined out the
    entire thing with no need side-effects , folks could take a signal.
    Will likely be back to get more. Thank you

  24. I was recommended this web site by my cousin. I am not
    sure whether this post is written by him as no one else know such detailed about my trouble.
    You’re incredible! Thanks!

  25. 케이 뱃 says:

    Wonderful goods from you, man. I have understand
    your stuff previous to and you’re just too great. I actually
    like what you’ve acquired here, really like what you are stating and the way in which you say it.
    You make it enjoyable and you still care for to keep it sensible.

    I can’t wait to read far more from you. This is actually a great site.

  26. I have been surfing online more than 2 hours today, yet I never found
    any interesting article like yours. It’s pretty worth enough for me.

    Personally, if all webmasters and bloggers made good content as
    you did, the web will be a lot more useful than ever before.

  27. For most recent news you have to visit the web and on world-wide-web I found this site as
    a best web site for newest updates.

  28. 토찾사 says:

    I like the helpful information you provide in your articles.
    I will bookmark your weblog and check again here frequently.
    I’m quite sure I’ll learn many new stuff right here! Good luck for the next!

  29. 호벳 says:

    Hey just wanted to give you a brief heads up and let you know a few of the images aren’t loading properly.

    I’m not sure why but I think its a linking issue. I’ve tried it in two different
    web browsers and both show the same outcome.

  30. Hi there i am kavin, its my first time to commenting anywhere, when i read this article
    i thought i could also create comment due to this brilliant piece of writing.

  31. WOW just what I was searching for. Came here by searching for
    코인카지노

  32. What’s up it’s me, I am also visiting this site on a regular basis, this web site is truly good and the viewers are in fact sharing
    nice thoughts.

  33. Hello There. I found your blog using msn. This is an extremely
    well written article. I will be sure to bookmark it and return to read more of your useful information.
    Thanks for the post. I will definitely return.

  34. I every time emailed this blog post page to all my associates,
    as if like to read it afterward my contacts will too.

  35. I am really impressed with your writing skills and also with the layout on your blog.
    Is this a paid theme or did you modify it yourself?
    Anyway keep up the nice quality writing, it’s rare to see a great blog like this one these days.

  36. 올레 벳 says:

    Please let me know if you’re looking for a author for your blog.
    You have some really great articles and I think I would be
    a good asset. If you ever want to take some of the load
    off, I’d really like to write some material for your blog in exchange for
    a link back to mine. Please blast me an email if interested.
    Many thanks!

  37. Hello there I am so grateful I found your web site, I really found you by mistake,
    while I was researching on Digg for something else, Anyhow I am here now and would just like to say kudos
    for a remarkable post and a all round interesting
    blog (I also love the theme/design), I don’t have time to go
    through it all at the moment but I have book-marked it and also added in your RSS feeds,
    so when I have time I will be back to read much more, Please do keep up the fantastic work.

  38. This is very interesting, You’re a very skilled blogger. I have joined your
    feed and look forward to seeking more of your fantastic post.
    Also, I’ve shared your website in my social networks!

  39. I really like your blog.. very nice colors & theme.
    Did you design this website yourself or did you hire someone to do it for
    you? Plz answer back as I’m looking to create my own blog
    and would like to find out where u got this from. thank
    you

  40. Yesterday, while I was at work, my cousin stole my iphone and tested to see if it can survive a 25 foot drop, just so she can be a youtube sensation.
    My apple ipad is now broken and she has 83 views.
    I know this is entirely off topic but I had to
    share it with someone!

  41. My family always say that I am killing my time here at net, but I know I am getting know-how all the time by reading such nice posts.

  42. This is my first time visit at here and i am truly happy to read all at alone place.

  43. bookmarked!!, I like your website!

  44. If you are going for most excellent contents like me, simply go to see this website every day for the reason that it gives
    quality contents, thanks

  45. It is not my first time to pay a visit this web site, i am browsing this web site dailly and take pleasant information from here
    all the time.

  46. Hey there, You’ve done an excellent job. I’ll certainly digg
    it and personally suggest to my friends. I am confident they’ll be benefited from this website.

  47. Hi, i feel that i noticed you visited my weblog so i came to return the desire?.I’m trying
    to find issues to enhance my site!I guess its adequate to make use of a few of your concepts!!

  48. Wow that was unusual. I just wrote an really long comment but after I clicked submit my
    comment didn’t appear. Grrrr… well I’m not
    writing all that over again. Anyway, just wanted
    to say great blog!

  49. Great post. I used to be checking constantly this weblog and
    I’m inspired! Very useful info specially the closing section :
    ) I take care of such info much. I was seeking this certain information for a
    long time. Thanks and best of luck.

  50. Your style is really unique compared to other folks I have read stuff from.

    I appreciate you for posting when you have the opportunity, Guess I’ll just book mark
    this web site.

  51. Hi outstanding blog! Does running a blog such as this take a great deal of work?
    I’ve no expertise in computer programming but I was hoping to start my own blog soon. Anyhow, if you have any recommendations or tips for new blog
    owners please share. I know this is off topic but I simply needed to ask.
    Thanks a lot!

  52. Homepage says:

    … [Trackback]

    […] Informations on that Topic: templatemonster.com/dangerous-wordpress-plugins-2017/ […]

  53. Wendy Tan says:

    Thanks for aware us.

  54. ajaniashish says:

    Thanks Jeremy for putting and sharing all together. It’s really interesting to see that some really popular plugins like WooCommerce, Google XML Sitemaps, BuddyPress in the list. Based on your article it looks like, out of all plugins, “Google XML Sitemaps” is looking most vulnerable as it’s not updated from a year now and it’s having 2+ million active installs. Thanks for sharing and keep up the good work.

  55. medusa tattoo design says:

    These 16 plugins are used by 4+ million WordPress websites. The list includes WooCommerce, BuddyPress, VaultPress and other world-

Leave a Reply

Your email address will not be published. Required fields are marked *