NEWS
WordPress Vulnerabilities Digest - March 2021 Part 3
The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.
WordPress Core Vulnerabilities
No new WordPress core vulnerabilities have been disclosed this month
WordPress Plugin Vulnerabilities
1. Tutor LMS
Vulnerability: Multiple SQL Injection & Unprotected AJAX including Privilege Escalation Patched in Version: 1.7.7 Severity: High
2. WP Super Cache
Vulnerability: Authenticated RCE Patched in Version: 1.7.2 Severity: Critical
3. SEO Redirection
Vulnerability: Authenticated Reflected Cross-Site Scripting Patched in Version: No Known Fix Severity: Medium
4. Flo Forms
Vulnerability: Authenticated Options Change to Stored XSS Patched in Version: 1.0.36 Severity: Critical
5. Social Slider Widget
Vulnerability: Authenticated Reflected Cross-Site Scripting Patched in Version: 1.8.5 Severity: Critical
6. Paid Membership Pro
Vulnerability: Authenticated SQL Injection Patched in Version: 2.5.6 Severity: Medium
7. BuddyPress
Vulnerability: Multiple vulnerabilities, including REST API Privilege Escalation Patched in Version: 7.2.1 Severity: High
8. Elementor
Vulnerability: Multiple Authenticated Stored Cross-Site Scripting Patched in Version: 3.1.2 Severity: Medium
9. WordPress Related Posts
Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: No Known Fix Severity: Medium
10. WP Page Builder
Vulnerability: Insecure default configuration Allows Subscribers Editing Access to Posts Patched in Version: 1.2.4 Severity: Medium
11. PhastPress
Vulnerability: Open Redirect Patched in Version: 1.111 Severity: Medium
12. WordPress Related Posts
Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: No Known Fix Severity: Medium
13. WooCommerce Help Scout
Vulnerability: Unauthenticated Arbitrary File Upload leading to RCE Patched in Version: No Known Fix (Actively Being Exploited Remove Now) Severity: Critical
14. Controlled Admin Access
Vulnerability: Improper Access Control & Privilege Escalation Patched in Version: 1.5.2 Severity: High
WordPress Themes Vulnerabilities
No new theme vulnerabilities have been disclosed this month.
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
The information for this blog post was taken from iThemes Vulnerability Roundup.
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!