NEWS
WordPress Vulnerabilities Digest - May 2021 Part 1
The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.
WordPress Core Vulnerabilities
No new WordPress core vulnerabilities have been disclosed so far in May 2021.
WordPress 5.7.1 was released on April 15, 2021. This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release of WordPress core, it is recommended that you update your sites immediately.
WordPress Plugin Vulnerabilities
1. AcyMailing
Vulnerability: Open Redirect Patched in Version: 7.5.0 Severity: Medium
The vulnerability is patched, so you should update to version 7.5.0+.
2. Give WP
Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 2.10.4 Severity: Medium
The vulnerability is patched, so you should update to version 2.10.4+.
3. Download Manager
Vulnerability: Plugin Settings Change via CSRF Patched in Version: 3.1.22 Severity: Medium
Vulnerability: Unauthorized Asset Manager Usage Patched in Version: 3.1.23 Severity: High
Vulnerability: Authenticated PHP4 File Upload to RCE Patched in Version: 3.1.19 Severity: Critical
The vulnerability is patched, so you should update to version 3.1.23+.
4. Spam protection, AntiSpam, FireWall by CleanTalk
Vulnerability: Unauthenticated Blind SQL Injection Patched in Version: 5.153.4 Severity: High
The vulnerability is patched, so you should update to version 5.153.4+.
5. WP Customer Reviews
Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 3.5.6 Severity: Medium
The vulnerability is patched, so you should update to version 3.5.6+.
WordPress Themes Vulnerabilities
1. Goto
Vulnerability: Unauthenticated Blind SQL Injection Patched in Version: 2.1 Severity: Critical
Vulnerability: Reflected Cross-Site Scripting Patched in Version: 2.1 Severity: High
The vulnerability is patched, so you should update to version 2.1+.
If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!
The information for this blog post was taken from iThemes Vulnerability Roundup
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!