2J SlideShow < 1.3.40 – Authenticated Arbitrary Plugin Deactivation

https://wpvulndb.com/vulnerabilities/10034

Contextual Adminbar Color < 0.3 – Authenticated Stored Cross-Site Scripting Issue

https://wpvulndb.com/vulnerabilities/10033

Batch-Move Posts <= 1.5 – Broken Authentication leading to Unauthenticated Stored XSS

https://wpvulndb.com/vulnerabilities/10032

Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS

https://wpvulndb.com/vulnerabilities/10031

Resim Ara <= 3.0 – Unauthenticated Reflected XSS

https://wpvulndb.com/vulnerabilities/10030

How to eliminate false positives in file integrity monitoring on WordPress

https://www.wpwhitesecurity.com/eliminate-false-positives-file-integrity-monitoring-wordpress/
File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, there is a major problem with unsophisticated approaches to file integrity monitoring: false positives (aka false alarms). Not all file changes on a WordPress website are harmful, or a sign of an attack. Many are harmless and expected parts of maintenance. So false positives lead […]

Chained Quiz < 1.1.8.2 – Reflected XSS

https://wpvulndb.com/vulnerabilities/10029

WP Database Reset < 3.15 – Privilege Escalation

https://wpvulndb.com/vulnerabilities/10028

WP Database Reset < 3.15 – Unauthenticated Database Reset

https://wpvulndb.com/vulnerabilities/10027

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request. These are considered critical security issues that can cause complete site reset and/or takeover. We highly recommend updating to the latest version (3.15) immediately. Wordfence […]