WordPress Vulnerabilities & Patch Roundup — June 2022

June Vulnerability and Patch Roundup Post

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for WordPress this past month.


Ninja Forms — Unauthenticated PHP Object Injection

Security Risk: Critical
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: Injection
CWE: CWE-502
Number of Installations: 1 million +
Affected Software: Ninja Forms <= 3.6.10
Patched Versions: Ninja Forms 3.6.11

This vulnerability is caused by the plugin not validating merge tags in the request, allowing unauthenticated attackers to call static methods present in the blog.

Mitigation steps: Update to Ninja Forms plugin version 3.6.11 or greater.


ARMember — Unauthenticated Admin Account Takeover

Security Risk: Critical
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: Authentication Bypass
CVE: CVE-2022-1903
Number of Installations: 2,000+
Affected Software: ARMember <=3.4.7
Patched Versions: ARMember 3.4.8

Missing nonce and authorization checks in an AJAX action allow unauthorized users to change user passwords if they know associated usernames, leading to an account takeover.

Mitigation steps: Update to ARMember version 3.4.8 or greater.


eaSYNC — Unauthenticated Arbitrary File Upload

Security Risk: High
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: Arbitrary File Upload
CVE: CVE-2022-1952
Number of Installations: 500+ installations
Affected Software: eaSYNC < 1.1.16
Patched Versions: eaSYNC 1.1.16

Due to insufficient input validation, an AJAX action accessible to unauthenticated users can lead to arbitrary file upload and remote code execution.

Mitigation steps: Update the eaSYNC plugin to 1.1.16 or higher.


Events Made Easy — Unauthenticated SQLi

Security Risk: High
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: SQLi
CVE: CVE-2022-1905
Number of Installations: 6,000+
Affected Software: Events Made Easy <= 2.2.8
Patched Versions: Events Made Easy 2.2.81

This vulnerability leverages improperly sanitized and escaped parameters prior to use in SQL statements. Unauthenticated attackers are able to leverage this vulnerability to inject malicious SQL.

Mitigation steps: Update the Events Made Easy plugin to version 2.2.81 or greater.


Ultimate Member — Subscriber+ Stored Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
CVE: CVE-2022-1208
Number of Installations: 200,000+
Affected Software: Ultimate Member < 2.4.0
Patched Versions: Ultimate Member 2.4.0

Improperly sanitized and escaped Biography on user profile pages allow users to perform cross-site scripting attacks from the profile page.

Mitigation steps: Update the Ultimate Member plugin to version 2.4.0 or greater.


Download Manager — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
CVE: CVE-2022-1985
Number of Installations: 100,000+
Affected Software: Download Manager < 3.2.43
Patched Versions: Download Manager 3.2.43

This vulnerability leverages the improperly sanitized and escaped frameid parameter before outputting it back in a JS context, which can lead to reflected cross-site scripting attacks.

Mitigation steps: Update the Download Manager plugin to version 3.2.43 or greater.


Active Products Tables for WooCommerce — Reflected Cross-Site-Scripting

Security Risk: Medium
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: XSS
CVE: CVE-2022-1916
Number of Installations: 3,000+
Affected Software: Active Products Tables for WooCommerce < 1.0.5
Patched Versions: Active Products Tables for WooCommerce 1.0.5

This vulnerability leverages an improperly sanitized and escaped parameter before outputting it back into the response of an AJAX action. Both authentication and unauthenticated attackers are able to leverage this vulnerability for reflected cross-site scripting attacks.

Mitigation steps: Update the Active Products Tables for WooCommerce plugin to version 1.0.5 or greater.


Product Configurator for WooCommerce — Unauthenticated Arbitrary File Deletion

Security Risk: Medium
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: Injection
CVE: CVE-2022-1953
Number of Installations: 1,000+
Affected Software: Product Configurator for WooCommerce < 1.2.32
Patched Versions: Product Configurator for WooCommerce 1.2.32

This vulnerability leverages an AJAX action that accepts user input used in a path and passes to unlink() without validation, leading to arbitrary file deletion for unauthenticated users.

Mitigation steps: Update the Product Configurator for WooCommerce plugin to version 1.2.32 or greater.


GiveWP — Donor Information Disclosure

Security Risk: Low
Exploitation Level: Can be exploited remotely without any authentication.
Vulnerability: Sensitive Data Exposure
Number of Installations: 100,000+
Affected Software: GiveWP < 2.21.0
Patched Versions: GiveWP 2.21.0

This vulnerability is due to the fact that a REST endpoint is exposed to unauthenticated users which allows them to obtain metadata concerning sensitive donor information.

Mitigation steps: Update the GiveWP plugin to version 2.21.0 or greater.


WooCommerce PDF Invoices & Packing Slips — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
CVE: CVE-2022-2092
Number of Installations: 300,000+
Affected Software: WooCommerce PDF Invoices & Packing Slips < 2.16.0
Patched Versions: WooCommerce PDF Invoices & Packing Slips 2.16.0

This vulnerability is due to the fact that a parameter on the setting page isn’t properly escaped, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the WooCommerce PDF Invoices & Packing Slips plugin to version 2.16.0 or greater.


ShortPixel Image Optimizer — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
CWE: CWE-79
Number of Installations: 300,000+
Affected Software: ShortPixel Image Optimizer < 4.22.10
Patched Versions: ShortPixel Image Optimizer 4.22.10

This vulnerability is due to the fact that URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the ShortPixel Image Optimizer plugin to version 4.22.10 or greater.


Clearfy Cache — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
Number of Installations: 100,000+
Affected Software: Clearfy Cache < 2.0.5
Patched Versions: Clearfy Cache  2.0.5

This vulnerability is due to the fact that some generated URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the Clearfy Cache plugin to version 2.0.5 or greater.


404 to 301 — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
Number of Installations: 100,000+
Affected Software: 404 to 301 < 3.1.2
Patched Versions: 404 to 301 3.1.2

Some URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the 404 to 301 plugin to version 3.1.2 or greater.


Modula Image Gallery — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
Number of Installations: 100,000+
Affected Software: Modula Image Gallery < 2.6.7
Patched Versions: Modula Image Gallery 2.6.7

This vulnerability is caused by some URLs not being properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the Modula Image Gallery to version 2.6.7 or greater.


Flexible Shipping — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
Number of Installations: 100,000+
Affected Software: Flexible Shipping < 4.11.9
Patched Versions: Flexible Shipping 4.11.9

Some URLs aren’t properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the Flexible Shipping plugin to version 4.11.9 or greater.


WooCommerce Menu Cart — Reflected Cross-Site Scripting

Security Risk: Medium
Vulnerability: XSS
Number of Installations: 100,000+
Affected Software: WooCommerce Menu Cart < 2.12.0
Patched Versions: WooCommerce Menu Cart 2.12.0

This vulnerability is caused by some URLs not being properly escaped before outputting them back in an attribute, which can lead to a reflected cross-site scripting attack.

Mitigation steps: Update the WooCommerce Menu Cart plugin to version 2.12.0 or greater.

Users who are not able to update their software with the latest version are encouraged to use a web application firewall to virtually patch these vulnerabilities and protect their website.
You May Also Like