WordPress Vulnerability Roundup – Q1 2019


WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.

Since the beginning of the year 2019, three zero-day vulnerabilities have been discovered on WordPress plugins Total donations, Easy WP SMTP and Social Warfare. These were actively being exploited in the wild and hackers continue to compromise WordPress websites that are still unpatched.

The SonicWall Capture Labs Threat Research Team has analyzed and addressed WordPress Vulnerabilities for Q1 2019. 

The three  vulnerabilities that WordPress suffers are from the WordPress Core, plugins, and themes.

Fig: Q1 2019 WordPress vulnerability distribution by components

Cross-site scripting (XSS) is at the top of the list. WordPress plugins are prone to Cross-site scripting as they fail to properly sanitize user-supplied input.

Fig: Q1 2019 WordPress vulnerability distribution by types

Nearly 40 WordPress vulnerabilities disclosed just in the month of March. Most of the bugs were in the plugins that extend the WordPress webpage’s functionality.

Fig: Q1 2019 WordPress vulnerability 

The top vulnerable plugins include the popular ones, WooCommerce with 4+ million active installations. Followed by WP Google Maps with 400,000+ active installations. 

Fig: Q1 2019 Top Vulnerable WordPress plugins

1. How To Fix WordPress Zero Day Plugin Vulnerability?
 Immediately check to see if there is a patch available. If no patch available, consider disabling and deleting the plugin that contains the Zero Day vulnerability.
2. How to secure WordPress websites?
WordPress has detailed the following security best practices   
3. What to do when my WordPress website is hacked?

SonicWall Capture Labs Threat Research team provides protection with the following signatures:

IPS: 14105 WordPress plugin Easy SMTP vulnerability
IPS: 14106 WordPress plugin Social Warfare XSS Vulnerability
IPS: 14005 WordPress Total Donations Plugin Authentication Bypass 1
IPS: 14006 WordPress Total Donations Plugin Authentication Bypass 2
WAF: 1704 WordPress Social Warfare Cross-Site Scripting Vulnerability
WAF: 1703 Easy WP SMTP Unauthenticated Arbitrary wp_options Import
WAF: 1691 WordPress Total Donations Plugin Authentication Bypass
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.