NEWS
WordPress Vulnerabilities Digest - June 2021 Part 2
Each vulnerability will have a severity rating ofLow,Medium,High, orCritical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.
WordPress Core Vulnerabilities
As of today, the current version of WordPress is 5.7.2. Be sure to make sure all your websites are up to date!
No new WordPress core vulnerabilities have been disclosed this month.
WordPress Plugin Vulnerabilities
1. The Plus Addons for Elementor
Plugin: The Plus Addons for Elementor Vulnerability: Reflected Cross-Site Scripting Patched in Version: 4.1.12 Severity: Medium
Plugin: The Plus Addons for Elementor Vulnerability: Open Redirect Patched in Version: 4.1.10 Severity: Medium
Plugin: The Plus Addons for Elementor Vulnerability: Arbitrary Reset Pwd Email Sending Patched in Version: 4.1.11 Severity: High
The vulnerability is patched, so you should update to version 4.1.11+.
2. Yes/No Chart
Plugin: Yes/No Chart Vulnerability: Authenticated Blind SQL Injection Patched in Version: 1.0.12 Severity Score: High
The vulnerability is patched, so you should update to version 1.0.12+.
3. FooGallery
Plugin: FooGallery Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 2.0.35 Severity Score: Medium
The vulnerability is patched, so you should update to version 2.0.35+.
4. Event Calendar WD
Plugin: Event Calendar WD Vulnerability: Cross-Site Scripting Patched in Version: 1.1.45 Severity Score: Medium
The vulnerability is patched, so you should update to version 1.1.45+.
5. MC4WP: Mailchimp for WordPress
Plugin: MC4WP: Mailchimp for WordPress Vulnerability: Authenticated Arbitrary Redirect Patched in Version: 4.8.5 Severity Score: Medium
Plugin: MC4WP: Mailchimp for WordPress Vulnerability: Unauthorized Actions via CSRF Patched in Version: 4.8.5 Severity Score: Medium
The vulnerability is patched, so you should update to version 4.8.5+.
6. All 404 Redirect to Homepage
Plugin: All 404 Redirect to Homepage Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: No known fix Severity Score: Medium
This vulnerability has NOT been patched. Uninstall and delete the plugin until a patch is released.
7. Fancy Product Designer
Plugin: Fancy Product Designer Vulnerability: Unauthenticated Arbitrary File Upload and RCE Patched in Version: 4.6.9 Severity Score: Critical
The vulnerability is patched, so you should update to version 4.6.9+.
8. GetPaid
Plugin: GetPaid Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 2.3.4 Severity Score: High
The vulnerability is patched, so you should update to version 2.3.4+.
9. Quiz And Survey Master
Plugin: Quiz And Survey Master Vulnerability: Unauthenticated Stored Cross-Site Scripting Patched in Version: 7.1.19 Severity Score: High
Plugin: Quiz And Survey Master Vulnerability: Reflected Cross-Site Scripting Patched in Version: 7.1.18Severity Score: High
The vulnerability is patched, so you should update to version 7.1.18+.
10. Jetpack
Plugin: Jetpack Vulnerability: Carousel Non-Published Page/Post Attachment Comment Leak Patched in Version: 9.8 Severity Score: Medium
The vulnerability is patched, so you should update to version 9.8+.
WordPress Themes Vulnerabilities
No new WordPress theme vulnerabilities to report.
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
The information for this blog post was taken from iThemes Vulnerability Roundup
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!