Download wpCentral Plugin

Subscribe to get latest article or newsletter of our products

By entering your email, you agree to our Terms of Service and Privacy Policy

Note: If a wpCentral account does not exist it will be created

Download
Login
5 Major WordPress plugins identified with security vulnerabilities (and present status)

Hackers are always searching for new and sophisticated ways to exploit the WordPress ecosystem including WP plugins. So, you need to keep on checking the present security status of the plug-in to make sure that it is still safe to use. The reputed plugins take immediate action on such vulnerabilities and introduce security patches which might take some time. Here is a list of some plugins that were detected to have security vulnerabilities/bugs, and their present status:

Image result for duplicator lugin

Duplicator

Duplicator, a poplar plug-in allowing people to execute site content export process with a simple and intuitive process, was identified to be affected with a bug.

This bug facilitated the exporting of content as well as database credentials by unauthorized elements like hackers.

The bug was later patched in 1.3.28 version of Duplicator.

Image result for profile builder plugin

Profile Builder

Profile Builder Plug-in is a relatively less known yet fairly good WP plug-in with above-average competency.

It was found to be affected by a bug that facilitated the registration of unauthorized admin accounts. Eventually, hackers and other malicious elements could use this loophole to take undue advantage in diverse ways.

Taking timely action the Plug-in patched this bug last month, on 10th February.

ThemeREX

With the help of a zero-day exploit in ThemeREX plug-in, the hackers were able to register fake admin accounts, misusing the admin rights to achieve their malicious end objectives. It is worth mentioning the ThemeREX add-ons are included in every commercial theme of ThemeREX.

As per the latest information the bug is yet to be patched.

To prevent your site from being a victim of the bug, it is highly recommendable to remove it outright.

Image result for 10Web Map Builder for Google Maps

10Web Map Builder for Google Maps

Due to the lack of appropriate sanitization provisions of the data supplied by the users, 10Web Map Builder for Google Maps got infected with a bug that allowed for injection and execution of arbitrary HTML and script code in the browser.

In terms of site damage, it facilitated data theft, unauthorized visual editing, drive-by-download, and phishing attacks.

The vulnerability has been patched and readers are advised to use the latest updated version.

Modern Events Calendar Lite

Modern Events Calendar Lite, en event management plug-in for WP sites, was identified to house a bug allowing the attackers to inject XSS code thus facilitating the fake admin account creation.

The hackers were also able to affect the site visitors by exploiting the front page.

The issue was patched and the readers are advised to look for the latest version or update if they are still using the outdated plug-in.

Conclusion

WordPress plugins are always on the radar of hackers who find a new and sophisticated way to explore the loopholes and exploit the same to invade related WP sites. In this blog post, we mentioned some of the vulnerable WP plugins that encountered security issues in 2020 and their present status. Readers are advised to uninstall the plugins with unresolved security issues. For the plugins with security patches, make sure that you are using the latest, updated version.

Newsletter Subscription
Subscribing you to the mailing list