Patch/Configuration Management, Vulnerability Management

Security firm details vulnerabilities in two WordPress plugins

Security firm High-Tech Bridge released advisories on Wednesday that detail medium risk vulnerabilities in two WordPress plugins.

Multiple vulnerabilities in the Paid Memberships Pro WordPress plugin can be exploited by an attacker to perform cross-site scripting (XSS) attacks against website administrators, one advisory said.

A SQL injection vulnerability in the Count Per Day WordPress plugin could be exploited by attackers to “execute arbitrary SQL queries in application's database, gain control of potentially sensitive information and compromise the entire website,” the other advisory said.

High-Tech Bridge conducted its research on Paid Memberships Pro version 1.8.4.2 and Count Per Day version 3.4, but indicated that prior versions of both plugins are likely at risk.

Updating to Paid Memberships Pro 1.8.4.3 and Count Per Day 3.4.1 will address the bugs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.