- WordPress Plugin Coming Soon is prone to multiple vulnerabilities, including cross-site scripting and cross-site request forgery vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin Coming Soon version 1.1.18 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.1.19 or latest
CVE-2018-5657 CVE-2018-5658 CVE-2018-5659 CVE-2018-5660 CVE-2018-5661 CVE-2018-5662 CVE-2018-5663 CVE-2018-5664 CVE-2018-5665 CVE-2018-5666
- WordPress Plugin KittyCatfish Ads by Missilesilo SQL Injection (2.2)
- WordPress Plugin Google Map Backdoor (1.4)
- WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)
- WordPress Plugin FancyBox for WordPress Cross-Site Scripting (3.0.2)
- WordPress Plugin N-Media Post Front-end Form Arbitrary File Upload (1.0)