fbpx Time to update those sites Folks!!!! | Pixel Perfect Technologies Skip to main content

Time to update those sites Folks!!!!

In the first week of February we have seen 7 vulnerable plugins that have vulnerabilities which affect more than 300 000 sites.

If you are using any of the mentioned plugins, you need to update them to the latest version as soon as possible.

Broken Authentication in Profile Builder and Profile Builder Pro
Vulnerability: User registration with the administrator role
Vulnerable version: fixed in version 3.1.1
Number of sites affected: 4 000+

___________________________________

CSV Injection in Events Manager & Events Manager PRO
Events Manager

Vulnerability type: CSV injection
Vulnerable version: fixed in version 5.9.7.2
Number of sites affected: 100 000+

Events Manager PRO

Vulnerability type: CSV injection
Vulnerable version: fixed in version 2.6.7.2
Number of sites affected: 100 000+

___________________________________

CSRF to edit .htaccess in Htaccess by BestWebSoft
Vulnerability: CSRF to edit .htaccess
Vulnerable version: 1.8.1 and below
Number of sites affected: 2 000+

___________________________________

Unauthenticated Reflected XSS via wle Parameter in Auth0
Vulnerability: Unauthenticated reflected XSS via wle parameter
Vulnerable version: fixed in version 3.11.3
Number of sites affected: 4 000+

___________________________________

Cross-Site Request Forgery in Tutor LMS
Vulnerability type: Cross-site request forgery
Vulnerable version: fixed in version 1.5.3
Number of sites affected: 4 000+

___________________________________

CSRF & Reflected XSS in Portfolio Filter Gallery
Vulnerability type: CSRF & reflected XSS
Vulnerable version: fixed in version 1.1.3
Number of sites affected: 10 000+

___________________________________

Stored Cross-Site Scripting in Strong Testimonials
Vulnerability type: Stored cross-site scripting (XSS)
Vulnerable version: fixed in version 2.40.1
Number of sites affected: 90 000+

Are you facing challenges with finding skilled and reliable Drupal support company? Our developers can solve issues for both large and small websites. Click to get a quick fix of any Drupal support problem.

 

Get Support Now