The WordPress plugins and themes mentioned below have various types of vulnerabilities. Please review the list and remediation steps below.
WordPress Core Vulnerabilities
There have not been any WordPress core vulnerabilities disclosed in the second half of July.
WordPress Plugin Vulnerabilities
1. Wise Chat
2. Powie’s WHOIS Domain Check
3. Knight Lab Timeline
Knight Lab Timeline versions below 184.108.40.206 are using an outdated version of the TimelineJS library which could Lead to Stored XSS vulnerability. The vulnerability is patched, and you should update to version 220.127.116.11.
4. Page Builder: KingComposer
5. SRS Simple Hits Counter
6. WP-Live Chat by 3CX
8. Form Maker by 10Web
9. SendPress Newsletters
10. Email Verification for WooCommerce
11. All in One SEO Pack
12. JobSearch WP Job Board
JobSearch WP Job Board WordPress Plugin versions below 1.5.5 have an Unauthenticated Reflected Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 1.5.5.
13. Email Subscribers & Newsletters
Email Subscribers & Newsletters versions below 4.5.1 have an Authenticated SQL injection in es_newsletters_settings_callback() and a Cross-site Request Forgery in send_test_email() vulnerabilities. The vulnerability is patched, and you should update to version 4.5.1.
WordPress Themes Vulnerabilities
There have been no WordPress theme vulnerabilities disclosed in the second half of July.
The information for this blog post was taken from iThemes Vulnerability Roundup.
What you should do
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!