NEWS
WordPress Vulnerabilities Digest - August 2021 Part 2
Each vulnerability will have a severity rating ofLow,Medium,High, orCritical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.
WordPress Core Vulnerabilities
No new WordPress core vulnerabilities have been disclosed this month.
WordPress Plugin Vulnerabilities
1. Sitewide Notice WP
Plugin: Sitewide Notice WP Vulnerability: Authenticated Stored XSS Patched in Version: 2.3 Severity Score: Low
The vulnerability is patched, so you should update to version 2.3.
2. Business Hours Indicator
Plugin: Business Hours Indicator Vulnerability: Authenticated Stored XSS Patched in Version: 2.3.5 Severity Score: Low
The vulnerability is patched, so you should update to version 2.3.5.
3. Bold Page Builder
Plugin: Bold Page Builder Vulnerability: PHP Object Injection Patched in Version: 3.1.6 Severity Score: Medium
The vulnerability is patched, so you should update to version 3.1.6.
4. ShareThis Dashboard for Google Analytics
Plugin: ShareThis Dashboard for Google Analytics Vulnerability: Reflected Cross-Site Scripting (XSS) Patched in Version: 2.5.2 Severity Score: High
The vulnerability is patched, so you should update to version 2.5.2.
5. StoryChief
Plugin: StoryChief Vulnerability: Reflected Cross-Site Scripting (XSS) Patched in Version: 1.0.31 Severity Score: High
The vulnerability is patched, so you should update to version 1.0.31.
Plugin: StoryChief Vulnerability: Authenticated Stored Cross-Site Scripting (XSS) Patched in Version: 1.0.31 Severity Score: Low
The vulnerability is patched, so you should update to version 1.0.31.
6. WP LMS
Plugin: WP LMS Vulnerability: Unauthenticated Arbitrary User Field Edition/Creation Patched in Version: 1.1.5 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.1.5.
7. VDZ Google Analytics or Google Tag Manager / GTM
Plugin: VDZ Google Analytics or Google Tag Manager / GTM Vulnerability: Authenticated Stored XSS Patched in Version: 1.6.0 Severity Score: Low
The vulnerability is patched, so you should update to version 11.6.0.
Plugin: VDZ Google Analytics or Google Tag Manager / GTM Vulnerability: Authenticated Stored XSS Patched in Version: 1.4.9 Severity Score: Low
The vulnerability is patched, so you should update to version 11.6.0.
8. Cooked
Plugin: Cooked Vulnerability: Unauthenticated Reflected Cross-Site Scripting (XSS) Patched in Version: 1.7.9.1 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.7.9.1.
9. Email Encoder Protect Email Addresses
Plugin: Email Encoder Protect Email Addresses Vulnerability: Reflected Cross Site Scripting Patched in Version: 2.1.2 Severity Score: Medium
The vulnerability is patched, so you should update to version 2.1.2.
10. SMS Alert Order Notifications WooCommerce
Plugin: SMS Alert Order Notifications WooCommerce Vulnerability: Authenticated Cross Site Scripting Patched in Version: 3.4.7 Severity Score: Low
The vulnerability is patched, so you should update to version 3.4.7.
11. HM Multiple Roles
Plugin: HM Multiple Roles Vulnerability: Arbitrary Role Change Patched in Version: 1.3 Severity Score: Critical
The vulnerability is patched, so you should update to version 1.3.
12. WP Customize Login
Plugin: WP Customize Login Vulnerability: Authenticated Stored Cross-Site Scripting (XSS) Patched in Version: No known fix Severity Score: Low
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
13. User Rights Access Manager
Plugin: User Rights Access ManagerVulnerability: Access Restriction Bypass Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
14. JiangQie Official Website Mini Program
Plugin: JiangQie Official Website Mini Program Vulnerability: Authenticated SQL Injection Patched in Version: 1.1.1 Severity Score: Critical
The vulnerability is patched, so you should update to version 1.1.1.
15. Welcart e-Commerce
Plugin: Welcart e-Commerce Vulnerability: Unauthenticated Information Disclosure Patched in Version: 2.2.8 Severity Score: High
The vulnerability is patched, so you should update to version 2.2.8.
Plugin: Welcart e-Commerce Vulnerability: Authenticated System Information Disclosure Patched in Version: 2.2.8 Severity Score: Medium
The vulnerability is patched, so you should update to version 2.2.8.
16. Highlight
Plugin: Highlight Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 0.9.3 Severity Score: Low
The vulnerability is patched, so you should update to version 0.9.3.
17. Cookie Notice & Consent Banner for GDPR & CCPA Compliance
Plugin: Cookie Notice & Consent Banner for GDPR & CCPA Compliance Vulnerability: Authenticated Stored XSS Patched in Version: 1.7.2 Severity Score: Low
The vulnerability is patched, so you should update to version 1.7.2.
18. Pods
Plugin: Pods Vulnerability: Multiple Authenticated Stored Cross-Site Scripting (XSS) Patched in Version: 2.7.29 Severity Score: Low
The vulnerability is patched, so you should update to version 2.7.29.
WordPress Themes Vulnerabilities
No new WordPress theme vulnerabilities have been disclosed this month.
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
The information for this blog post was taken from iThemes Vulnerability Roundup
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!