March’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the malware and virus scanner by Sucuri.
March was a light month for Sucuri, with no WordPress-specific security threats to speak of.
Packet Storm Coverage
- WordPress podPress 18.104.22.168 Cross Site Scripting
- WordPress Mathjax Latex 1.1 Cross Site Request Forgery
- WP Banners Lite 1.40 Cross Site Scripting
- WordPress Finalist SQL Injection
- WordPress Level Four Storefront SQL Injection
- WordPress IndiaNIC FAQS Manager 1.0 XSS / CSRF
- WordPress IndiaNIC FAQS Manager 1.0 SQL Injection
- WordPress Count Per Day 3.2.5 XSS
- WordPress Occasions 1.0.4 Cross Site Request Forgery
- WordPress Simply Poll 1.4.1 CSRF / XSS
- WordPress LeagueManager 3.8 SQL Injection
- WordPress Terillion Reviews Cross Site Scripting
- WordPress Events Manager 5.3.3 Cross Site Scripting
- WordPress Count-Per-Day 3.2.5 Cross Site Scripting
- WordPress Counter Per Day 3.2.3 Path Disclosure
- WordPress Caulk Path Disclosure
It was a fairly heavy month for exploits and security threats on Packstorm Security.
The biggest exploit to speak of, is PodPress. PodPress has almost 1M downloads on WordPress.org. The plugin has long since been updated from that specific version, so make sure you are up to date if you’re running PodPress.