WordPress Plugins and Themes Vulnerabilities Roundup.
This post reviews WordPress themes and plugins vulnerabilities that received little to no coverage until today.
Author: NinTechNet
Critical vulnerability in WordPress Kiwi Social Sharing plugin actively exploited.
A critical vulnerability in the WordPress WordPress Kiwi Social Sharing plugin <2.0.11 (30,000+ active installations) is currently exploited since December 6th.
Critical vulnerability in WP GDPR Compliance plugin massively exploited.
A critical vulnerability in the WordPress WP GDPR Compliance plugin (100k+ active installations) is currently massively exploited.
NinjaScanner Troubleshooting.
NinjaScanner should work out-of-the-box in most cases, but some hosting restrictions, e.g., server resource limits or security policies, may prevent it from working as expected. We will see in this article the most common issues a user may experience.
Arbitrary file upload vulnerability in WordPress Ultimate Member plugin.
A critical vulnerability in the popular WordPress Ultimate Member plugin allows allows attackers to upload any files, including PHP backdoors.