Threat Alerts / Mar 16, 2021

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

 

WordPress Core Vulnerabilities

No new WordPress core vulnerabilities have been disclosed this month.

WordPress Plugin Vulnerabilities

1. Advanced Order Export For WooCommerce

Vulnerability: Reflected Cross-Site Scripting Patched in Version: 3.1.8 Severity: High

2. User Profile Picture 

Vulnerability: Sensitive Information Disclosure Patched in Version: 2.5.0 Severity: Medium

3. Database Backups

Vulnerability: CSRF to Backup Download Patched in Version: No Known Fix – Plugin Closed Severity: High

4. The Plus Addons for Elementor Page Builder (Premium Version)

Vulnerability: Authentication Bypass Patched in Version: 4.1.7 (Actively Being Exploited Update Now) Severity: Critical

5. Super Interactive Maps

Vulnerability: Unauthenticated SQL Injections Patched in Version: 2.2 Severity: Critical

6. SuperStoreFinder

Vulnerability: Unauthenticated SQL Injections Patched in Version: 6.5 Severity: Critical

7. Five Star Restaurant Menu

Vulnerability: Unauthenticated PHP Object Injection Patched in Version: 2.2.1 Severity: High

8. JH 404 Logger

Vulnerability: Unauthenticated Stored Cross-Site Scripting Patched in Version: No Known Fix – Plugin Closed Severity: Critical

9. WP File Manager

Vulnerability: Reflected Cross-Site Scripting Patched in Version: 7.1 Severity: Medium

10. VM Backups

Vulnerability: CSRF to Database Backup Download Patched in Version: No Known Fix – Plugin Closed Severity: Medium

11. Related Posts for WordPress

Vulnerability: Authenticated Reflected Cross-Site Scripting Patched in Version: 2.0.4 Severity: Medium

WordPress Themes Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

 

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay! 

The information for this blog post was taken from iThemes Vulnerability Roundup.

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!