tuesday16 Feb 2021

Vulnerability in Zebra_Form PHP Library Affects Multiple WordPress Plugins

https://blog.wpscan.com

The WPScan security research team identified an Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability within the Zebra_Form PHP library, which is used by multiple WordPress plugins. At the time of writing, despite contacting the vendor multiple times, the latest version of Zebra_Form, version 2.9.8, is still affected.

The following plugins were found to use the vulnerable Zebra_Form PHP library:

wp-ticket < 5.6.0
teaser-maker-standard <= 0.1.114 (latest, has been closed)
ad-swapper <= 1.0.3 (latest, has been closed)
drug-search <= 1.0.0 (latest, has been closed)
wp-inimat <= 1.0 (latest, has been closed)

Link | h/t: Saijo

General

No Media

I love tl;dr Marketing because I can get all the latest SEO news and trends in one spot without having to read lengthy articles. I really look forward to the daily emails to see what's new in our industry!

Curated by Saijo George

tuesday16 Feb 2021

Vulnerability in Zebra_Form PHP Library Affects Multiple WordPress Plugins

Ryan Mews SEO Manager Merkle