The WordPress plugins and themes mentioned below have various types of vulnerabilities ranging from low risk to high risk. There are no critical level vulnerabilities in the list.
WordPress Core Vulnerabilities
1. Update to WordPress 5.4.2 - CRITICAL
WordPress versions 5.4.2 is now available. This is an important security and maintenance release. Earlier versions are affected by multiple security bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.
WordPress Plugin Vulnerabilities
1. Drag and Drop Multiple File Upload for Contact Form 7 - CRITICAL
Drag and Drop Multiple File Upload for Contact Form 7 versions below 18.104.22.168 have an Unauthenticated File Upload Bypass vulnerability. The vulnerability is patched, and you should update to version 22.214.171.124.
2. Page Builder: PageLayer – Drag and Drop website builder - HIGH
Page Builder: PageLayer – Drag and Drop website builder versions below 1.1.2 have an Unprotected AJAX’s leading to XSS and a CSRF leading to XSS vulnerabilities. The vulnerability is patched, and you should update to version 1.1.2.
3. MapPress Maps - CRITICAL
4. Image Photo Gallery Final Tiles Grid - CRITICAL
5. bbPress - CRITICAL
6. Multi Scheduler - HIGH
7. JobSearch - HIGH
8. AdRotate - Medium
9. Elementor Page Builder - HIGH
10. SportsPress - HIGH
WordPress Themes Vulnerabilities
1. Careerfy - HIGH
2. Newspaper - HIGH
The information for this blog post was taken from iThemes Vulnerability Roundup.
What you should do
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!