WordPress Vulnerabilities Digest - August 2022 Part 3

Each vulnerability will have a severity rating oflow, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

WordPress Core Vulnerabilities

WordPress 6.0.1 was released on July 12, 2022, as a short-cycle maintenance release with 31 bug fixes. Because this is a core update, be sure to update to WordPress 6.0.1 as soon as possible.

No new WordPress core vulnerabilities were disclosed this week.

WordPress Plugin Vulnerabilities

1. Photo Gallery

PLUGIN Photo Gallery by 10Web Mobile-Friendly Image Gallery INSTALLATIONS 300,000+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 1.7.1 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.7.1.

2. Social Slider Feed

PLUGIN Social Slider Feed INSTALLATIONS 80,000+ VULNERABILITY Admin+ Stored XSS via Feeds PATCHED IN VERSION 2.0.7 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 2.0.7.

3. Visual Portfolio

PLUGIN Visual Portfolio, Photo Gallery & Post Grid INSTALLATIONS 60,000+ VULNERABILITY Contributor+ CSS Injection; Unauthenticated CSS Injection PATCHED IN VERSION 2.19.0 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 2.19.0.

4. Directorist

PLUGIN Directorist WordPress Business Directory Plugin with Classified Ads Listings INSTALLATIONS 10,000+ VULNERABILITY Unauthenticated Email Address Disclosure PATCHED IN VERSION 7.3.1 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 7.3.1.

5. Multivendor Marketplace Solution for WooCommerce

PLUGIN Multivendor Marketplace Solution for WooCommerce WC Marketplace INSTALLATIONS 9,000+ VULNERABILITY Multiple Reflected Cross-Site Scripting; Unauthenticated LFI; Unauthorised AJAX Calls PATCHED IN VERSION 3.8.12 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 3.8.12.

6. Best Payments Plugin for WP

PLUGIN Simple Payment Donations & Subscriptions Plugin by Paymattic Best Payments Plugin for WP INSTALLATIONS 3,000+ VULNERABILITY Reflected Cross-Site Scripting; Unauthenticated Stored Cross-Site Scripting PATCHED IN VERSION 4.2.1 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 4.2.1.

7. Fast Flow

PLUGIN Fast Flow INSTALLATIONS 200+ VULNERABILITY Reflected Cross-Site Scripting PATCHED IN VERSION 1.2.12 SEVERITY SCORE Medium

The vulnerability has been patched, so you should update to version 1.2.12.

8. WP Database Backup

PLUGIN WP Database Backup VULNERABILITY Admin+ Stored Cross-Site Scripting PATCHED IN VERSION 5.9 SEVERITY SCORE Low

The vulnerability has been patched, so you should update to version 5.9.

WordPress Plugin Vulnerabilities No Known Fix

Until a patch is available, immediately uninstall and delete the plugin.

Simple Single Sign On

PLUGIN Simple Single Sign On VULNERABILITY Authentication Bypass PATCHED IN VERSION No Fix SEVERITY SCORE High

The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.

WordPress Theme Vulnerabilities

Good news! No new WordPress theme vulnerabilities were disclosed this week.

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!

The information for this blog post was taken from iThemes Vulnerability Roundup

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!