Security firm details vulnerabilities in two WordPress plugins

Security firm High-Tech Bridge released advisories on Wednesday that detail medium risk vulnerabilities in two WordPress plugins.

Multiple vulnerabilities in the Paid Memberships Pro WordPress plugin can be exploited by an attacker to perform cross-site scripting (XSS) attacks against website administrators, one advisory said.

A SQL injection vulnerability in the Count Per Day WordPress plugin could be exploited by attackers to “execute arbitrary SQL queries in application's database, gain control of potentially sensitive information and compromise the entire website,” the other advisory said.

High-Tech Bridge conducted its research on Paid Memberships Pro version 1.8.4.2 and Count Per Day version 3.4, but indicated that prior versions of both plugins are likely at risk.

Updating to Paid Memberships Pro 1.8.4.3 and Count Per Day 3.4.1 will address the bugs.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS