Threat Alerts / Mar 03, 2021

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

 

WordPress Core Vulnerabilities

No new WordPress core vulnerabilities have been disclosed this month.

WordPress Plugin Vulnerabilities

1. Under Construction, Coming Soon & Maintenance Mode

Vulnerability: Reflected Cross-Site Scripting Patched in Version: 1.1.2 Severity: Medium

2. Abandoned Cart Lite for WooCommerce

Vulnerability: CSRF Nonce Bypasses Patched in Version: 5.8.6 Severity: Medium

3. Forminator

Vulnerability: CSRF Nonce Bypasses Patched in Version: 1.14.8.1 Severity: Medium

4. Dokan

Vulnerability: CSRF Nonce Bypasses Patched in Version: 3.2.1 Severity: Medium

5. Defender Security

Vulnerability: CSRF Nonce Bypasses Patched in Version: 2.4.6.1 Severity: Medium

6. Style Kits

Vulnerability: CSRF Nonce Bypasses Patched in Version: 1.8.1 Severity: Medium

7. WP ERP

Vulnerability: CSRF Nonce Bypasses Patched in Version: 1.7.5 Severity: Medium

8. WP Project Manager

Vulnerability: CSRF Nonce Bypasses Patched in Version: 2.4.10 Severity: Medium

9. WP Travel

Vulnerability: CSRF Nonce Bypasses Patched in Version: 4.4.7 Severity: Medium

10. WP GDPR Compliance

Vulnerability: Unauthenticated Stored Cross-Site Scripting Patched in Version: 1.5.6 Severity: Critical

WordPress Themes Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

 

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay! 

The information for this blog post was taken from iThemes Vulnerability Roundup

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!