• Skip to main content

WP Republic!

High Profile WordPress Security Services by WP Republic!

  • Blog
  • Malware Removal
  • Fix Request
  • Security Plans
  • About us
    • FAQ
    • Contact
    • Privacy Policy
    • Terms of Service

Jul 07 2021

June WordPress Security Updates and News-Volume 2

The world of WordPress is always busy with news and updates. The second half of June has seen a number of WordPress Plugin vulnerabilities affecting a big number of websites. Let us take a closer look at this security news and updates and see how these have been handled.

WordPress Plugin Vulnerabilities

Following you will find a list of the most critical vulnerabilities. Namely

  • Prismatic. This WordPress Plugin has been hit with a high-risk vulnerability, a Reflected Cross-Site Scripting, affecting over 2000 websites. A fix has been released and it is available in the latest update, so you can tackle the issue. You can find out more here.
  • ZoomSounds. This popular WordPress Plugin has been affected by an Unauthenticated Arbitrary File Upload. This is a critical vulnerability for which a patch has been released and it can be found in the latest version of the plugin. Find out more details here. 
  • Poll, Survey, Questionnaire and Voting system. Hit with an Unauthenticated Blind SQL Injection,  a critical vulnerability patched in the updated version, this plugin is installed in over 800 websites. You can read more about it here. 
  • Salon Booking System. Installed in over 8000 WordPress websites this Plugin has been detected with an Unauthenticated Stored Cross-Site Scripting. For this critical vulnerability, a patch has been released and you can read more here. 

Other WordPress Plugin Vulnerabilities of lower risk

  • Browser Screenshots, Vulnerability: Stored Cross-Site Scripting (Medium), WordPress Websites affected: 6000+
  • Sign-up Sheets (Multiple Vulnerabilities affecting over 1000 WordPress Websites).  Authenticated Stored Cross-Site Scripting (Medium), Authenticated CSV Injection (Medium)
  • Absolute Reviews. Vulnerability: CSRF (Medium), WordPress Websites affected 7000+
  • Ultimate Gift Cards, Vulnerability: CSRF (Medium), WordPress Websites affected 3000+
  • Multivendor Marketplace Solution for WooCommerce, Vulnerability: CSRF (Medium), WordPress Websites affected 10000+
  • Advanced Popups, Vulnerability: CSRF (Medium) WordPress Websites 9000+
  • Sunshine Photo Cart, Vulnerability: CSRF (Medium), WordPress Websites affected 1000+
  • Remove Schema, Vulnerability: CSRF (Medium), WordPress Websites affected 2000+
  • Wp-mpdf, Vulnerability: CSRF (Medium) WordPress Websites affected 1000+
  • Export Users With Meta, Vulnerability: Authenticated SQL Injection (Medium), WordPress Websites affected 3000+
  • Fudousan, Vulnerability: Authenticated Cross-Site Scripting (Medium)
  • YOP Poll. Vulnerability: Unauthenticated Stored Cross-Site Scripting (Medium), WordPress Websites affected 20000+
  • CiviCRM. Vulnerability: CSRF to Stored Cross-Site Scripting (Medium)
  • WP Image Zoom, Vulnerability: Local File Inclusion (Medium), WordPress Websites affected 20000+

You can take a look at the entire list of WordPress Plugins affected and get more information about the security patches released by reading here. 
WordPress Plugin Vulnerabilities with no security patch released 

  • Glass, Vulnerability: CSRF to Stored Cross-Site Scripting (High)
  • Include Me, Vulnerability: Authenticated Remote Code Execution (high). This plugin is shut. 
  • Simple Sort&Search, Vulnerability: Stored Cross-Site Scripting Medium)
  • Qtranslate Slug, Vulnerability: CSRF (Medium)
  • Multiple Roles, CSRF (Medium)
  • Custom css-js-php, CSRF (Medium)

Since all these WordPress Plugins have not released a security patch to tackle the issues rising, you are advised to uninstall and delete the plugins until a patch is released, otherwise, you should cease using them permanently. 

June 2021 was a month full of security news and incidents for the WordPress ecosystem. Over 100 WordPress plugins were detected with a vulnerability and over 5 Million sites were affected. If you want to keep your WordPress site secure and in top shape contact WP! Republic!

Written by Nikoletta Triantafyllopoulou · Categorized: Blog

SUBSCRIBE TO OUR GOODIES LIST!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2025 · Security Services · WP Republic!
This website is not affiliated with or sponsored by Automattic or the WordPress Open Source project