Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
Ninja Forms — Unauthenticated PHP Object Injection
Security Risk: Critical Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: Injection CWE: CWE-502 Number of Installations: 1 million + Affected Software: Ninja Forms <= 3.6.10 Patched Versions: Ninja Forms 3.6.11
This vulnerability is caused by the plugin not validating merge tags in the request, allowing unauthenticated attackers to call static methods present in the blog.
Mitigation steps: Update to Ninja Forms plugin version 3.6.11 or greater.
ARMember — Unauthenticated Admin Account Takeover
Security Risk: Critical Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: Authentication Bypass CVE: CVE-2022-1903 Number of Installations: 2,000+ Affected Software: ARMember <=3.4.7 Patched Versions: ARMember 3.4.8
Missing nonce and authorization checks in an AJAX action allow unauthorized users to change user passwords if they know associated usernames, leading to an account takeover.
Mitigation steps: Update to ARMember version 3.4.8 or greater.
eaSYNC — Unauthenticated Arbitrary File Upload
Security Risk: High Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: Arbitrary File Upload CVE: CVE-2022-1952 Number of Installations: 500+ installations Affected Software: eaSYNC < 1.1.16 Patched Versions: eaSYNC 1.1.16
Due to insufficient input validation, an AJAX action accessible to unauthenticated users can lead to arbitrary file upload and remote code execution.
Mitigation steps: Update the eaSYNC plugin to 1.1.16 or higher.
Events Made Easy — Unauthenticated SQLi
Security Risk: High Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: SQLi CVE: CVE-2022-1905 Number of Installations: 6,000+ Affected Software: Events Made Easy <= 2.2.8 Patched Versions: Events Made Easy 2.2.81
This vulnerability leverages improperly sanitized and escaped parameters prior to use in SQL statements. Unauthenticated attackers are able to leverage this vulnerability to inject malicious SQL.
Mitigation steps: Update the Events Made Easy plugin to version 2.2.81 or greater.
Ultimate Member — Subscriber+ Stored Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS CVE: CVE-2022-1208 Number of Installations: 200,000+ Affected Software: Ultimate Member < 2.4.0 Patched Versions: Ultimate Member 2.4.0
Improperly sanitized and escaped Biography on user profile pages allow users to perform cross-site scripting attacks from the profile page.
Mitigation steps: Update the Ultimate Member plugin to version 2.4.0 or greater.
Download Manager — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS CVE: CVE-2022-1985 Number of Installations: 100,000+ Affected Software: Download Manager < 3.2.43 Patched Versions: Download Manager 3.2.43
This vulnerability leverages the improperly sanitized and escaped frameid parameter before outputting it back in a JS context, which can lead to reflected cross-site scripting attacks.
Mitigation steps: Update the Download Manager plugin to version 3.2.43 or greater.
Active Products Tables for WooCommerce — Reflected Cross-Site-Scripting
Security Risk: Medium Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: XSS CVE: CVE-2022-1916 Number of Installations: 3,000+ Affected Software: Active Products Tables for WooCommerce < 1.0.5 Patched Versions: Active Products Tables for WooCommerce 1.0.5
This vulnerability leverages an improperly sanitized and escaped parameter before outputting it back into the response of an AJAX action. Both authentication and unauthenticated attackers are able to leverage this vulnerability for reflected cross-site scripting attacks.
Mitigation steps: Update the Active Products Tables for WooCommerce plugin to version 1.0.5 or greater.
Product Configurator for WooCommerce — Unauthenticated Arbitrary File Deletion
Security Risk: Medium Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: Injection CVE: CVE-2022-1953 Number of Installations: 1,000+ Affected Software: Product Configurator for WooCommerce < 1.2.32 Patched Versions: Product Configurator for WooCommerce 1.2.32
This vulnerability leverages an AJAX action that accepts user input used in a path and passes to unlink() without validation, leading to arbitrary file deletion for unauthenticated users.
Mitigation steps: Update the Product Configurator for WooCommerce plugin to version 1.2.32 or greater.
GiveWP — Donor Information Disclosure
Security Risk: Low Exploitation Level: Can be exploited remotely without any authentication. Vulnerability: Sensitive Data Exposure Number of Installations: 100,000+ Affected Software: GiveWP < 2.21.0 Patched Versions: GiveWP 2.21.0
This vulnerability is due to the fact that a REST endpoint is exposed to unauthenticated users which allows them to obtain metadata concerning sensitive donor information.
Mitigation steps: Update the GiveWP plugin to version 2.21.0 or greater.
WooCommerce PDF Invoices & Packing Slips — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS CVE: CVE-2022-2092 Number of Installations: 300,000+ Affected Software: WooCommerce PDF Invoices & Packing Slips < 2.16.0 Patched Versions: WooCommerce PDF Invoices & Packing Slips 2.16.0
This vulnerability is due to the fact that a parameter on the setting page isn’t properly escaped, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the WooCommerce PDF Invoices & Packing Slips plugin to version 2.16.0 or greater.
ShortPixel Image Optimizer — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS CWE: CWE-79 Number of Installations: 300,000+ Affected Software: ShortPixel Image Optimizer < 4.22.10 Patched Versions: ShortPixel Image Optimizer 4.22.10
This vulnerability is due to the fact that URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the ShortPixel Image Optimizer plugin to version 4.22.10 or greater.
Clearfy Cache — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS Number of Installations: 100,000+ Affected Software: Clearfy Cache < 2.0.5 Patched Versions: Clearfy Cache 2.0.5
This vulnerability is due to the fact that some generated URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the Clearfy Cache plugin to version 2.0.5 or greater.
404 to 301 — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS Number of Installations: 100,000+ Affected Software: 404 to 301 < 3.1.2 Patched Versions: 404 to 301 3.1.2
Some URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the 404 to 301 plugin to version 3.1.2 or greater.
Modula Image Gallery — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS Number of Installations: 100,000+ Affected Software: Modula Image Gallery < 2.6.7 Patched Versions: Modula Image Gallery 2.6.7
This vulnerability is caused by some URLs not being properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the Modula Image Gallery to version 2.6.7 or greater.
Flexible Shipping — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS Number of Installations: 100,000+ Affected Software: Flexible Shipping < 4.11.9 Patched Versions: Flexible Shipping 4.11.9
Some URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the Flexible Shipping plugin to version 4.11.9 or greater.
WooCommerce Menu Cart — Reflected Cross-Site Scripting
Security Risk: Medium Vulnerability: XSS Number of Installations: 100,000+ Affected Software: WooCommerce Menu Cart < 2.12.0 Patched Versions: WooCommerce Menu Cart 2.12.0
This vulnerability is caused by some URLs not being properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.
Mitigation steps: Update the WooCommerce Menu Cart plugin to version 2.12.0 or greater.
Users who are not able to update their software with the latest version are encouraged to use a web application firewall to virtually patch these vulnerabilities and protect their website.