WordPress Security Report of Plugin Vulnerabilities and Security Fixes/Patches
On June 22, 2012, I checked WordPress security on the following plugins reported with vulnerabilities.
Important! When a plugin exploit is found, the bad guys brag about it online and can cause mass hack attacks on those using it.
I check for new threats daily and have made it my mission to help you keep your WordPress site safe.
This information is not to freak you out. It's to wake you up and take action. I do this WordPress security research and share it with you to make you aware of any security issues so you can protect your WordPress website(s).
Please note: I have listed the plugin versions that have been found to have security vulnerabilities. Early versions of these plugins may also be affected. If the plugin has been updated with a security fix, you need to upgrade ASAP. If a plugin has been removed from the repository and you're using an earlier version then what is listed below, you should deactivate and remove it immediately.
WordPress Plugins Security Fixes
The following plugins have been updated to fix security vulnerabilities. If you are using any of the plugins below, please log-in to your WordPress Dashboard and update to the latest version immediately.
- Annonces plugin vulnerability in Version 188.8.131.52
Security fixed in Version 184.108.40.206 on 06/20/2012
- Evarisk plugin vulnerability in Version 220.127.116.11
Security fixed in Version 18.104.22.168 on 06/20/2012
- Front End Upload plugin vulnerability in 0.5.3 (free version only, not pro)
Security fixed in Version 0.5.4.3 on 06/10/2012
- kk Star Ratings plugin vulnerability in Version 1.7
Security fixed in Version 1.7.1. Current version 1.7.2 on 06/19/2012
- Nmedia MailChimp Widget plugin vulnerability in Version 3.1
Security fixed in Version 3.2 on 06/13/2012
- Nmedia WordPress Member Conversation plugin vulnerability in Version 1.3
Security fixed in Version 1.4 on 06/10/2012
- NS Utilities plugin vulnerability in Version 1.0
Security fixed in Version 1.1 on 06/13/2012
- Omni Secure files plugin vulnerability in Version 0.1.13
Security fixed in Version 0.1.15 on 06/12/2012
- PDW Media File Browser plugin vulnerability in Version 1.1
Security fix in Version 1.2. Current version 1.3 on 06/21/2012
Download: http://wordpress.org/extend/plugins/pdw-file-browser/ (Plugin has been deleted from WordPress.org as of 11/14/12)
Changelog: http://wordpress.org/extend/plugins/pdw-file-browser/changelog/ (Plugin has been deleted from WordPress.org as of 11/14/12)
- TheCartPress eCommerce Shopping Cart plugin vulnerability in Version 22.214.171.124
Security fixed in Version 126.96.36.199 on 06/21/2012
- WordPress Mac Photo Gallery plugin vulnerability in Version 2.7
Security fixed in Version 2.10 on 06/20/2012
Download: http://wordpress.org/extend/plugins/mac-dock-gallery/ (Plugin has been deleted from WordPress.org as of 11/14/12)
- WassUp Real Time Analytics plugin vulnerability in Version 1.8.3
Security fixed in Version 188.8.131.52
WordPress Plugins Removed for Vulnerabilities
The plugins below have been reported with security vulnerabilities and removed from the plugins repository at wordpress.org. For WordPress security, if you're using these plugins please deactivate them and delete them from your site. Leaving them on your server poses a security risk. Before using, please wait until a security fix has been released or find an alternative plugin.
- Easy Contact Forms Export plugin vulnerability in Version 1.1.0
Old URL: http://wordpress.org/extend/plugin/easy-contact-forms-exporter/
Trac: http://plugins.trac.wordpress.org/log/easy-contact-forms-exporter (last update 04/02/2012)
- FCChat Widget plugin vulnerability in Versions 184.108.40.206 through 220.127.116.11
Old URL: http://wordpress.org/extend/plugins/fcchat/
Trac: http://plugins.trac.wordpress.org/log/fcchat (last update 06/13/2012)
- Front File Manager plugin vulnerability in Version 0.1
Old URL: http://wordpress.org/extend/plugins/front-file-manager/
Trac: http://plugins.trac.wordpress.org/log/front-file-manager (last update 01/24/2012)
- Hungred Post Thumbnail plugin vulnerability in Version 2.1.9
Old URL: http://wordpress.org/extend/plugins/hungred-post-thumbnail/
Trac: http://plugins.trac.wordpress.org/log/hungred-post-thumbnail (last updated 06/26/2012)
- Plugin: Newsletter plugin vulnerability in Version 1.5
Old URL: http://wordpress.org/extend/plugins/plugin-newsletter/
Trac: http://plugins.trac.wordpress.org/log/plugin-newsletter (last update 11/23/2011)
- WordPress Schreikasten plugin vulnerability in Version 0.14.13
Old URL: http://wordpress.org/extend/plugins/schreikasten/
Trac: http://plugins.trac.wordpress.org/log/schreikasten (last update 09/16/2011)
- WORDPRESS VIDEO GALLERY plugin vulnerability in Version 1.3
Old URL: http://wordpress.org/extend/plugins/contus-video-galleryversion-10/
Trac: http://plugins.trac.wordpress.org/log/contus-video-galleryversion-10/ (last update 12/28/2011)
LEAVE YOUR FEEDBACK
Have a question about security of these WordPress plugins? Need to report a plugin vulnerability or have you found a plugin that has been removed from the WordPress.org repository, please let us know. Leave your comment below.
P.S. I spend hours on these WordPress Security Reports to help you stay safe. Please help other WordPress users as well by sharing this post using the buttons below. Hint: The hashtags I use are #WordPress and #WP.