Multiple vulnerabilities fixed in WordPress GiveWP plugin.
The WordPress GiveWP plugin, which has 70,000+ active installations, fixed several vulnerabilities affecting version 2.5.9 and below.
Category: Security
Multiple WordPress plugins vulnerable to HTML injection.
Multiple plugins offering to convert WordPress’ default plain text emails to HTML format were found to be vulnerable to HTML injection, which could lead to phishing or CSRF attacks.
Multiple vulnerabilities in Sliced Invoices plugin.
The WordPress Sliced Invoices plugin, which has 6,000+ active installations, was prone to multiple vulnerabilities in version 3.8.2 and below.
Zero-day vulnerability exploited in WordPress Lara Google Analytics plugin.
The WordPress Lara Google Analytics plugin, which has 20,000+ active installations, was prone to an authenticated stored XSS vulnerability.
Stored XSS vulnerability in WordPress Download Plugins and Themes from Dashboard plugin.
The WordPress Download Plugins and Themes from Dashboard plugin, which has 10,000+ active installations, was prone to an unauthenticated stored XSS vulnerability in version 1.5.0 and below.