Threat Alerts / May 05, 2021

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

 

WordPress Core Vulnerabilities

No new WordPress core vulnerabilities have been disclosed so far in May 2021.

WordPress 5.7.1 was released on April 15, 2021. This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release of WordPress core, it is recommended that you update your sites immediately.

WordPress Plugin Vulnerabilities

1. AcyMailing

Vulnerability: Open Redirect Patched in Version: 7.5.0 Severity: Medium

The vulnerability is patched, so you should update to version 7.5.0+.

2. Give WP

Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 2.10.4 Severity: Medium

The vulnerability is patched, so you should update to version 2.10.4+.

3. Download Manager

Vulnerability: Plugin Settings Change via CSRF Patched in Version: 3.1.22 Severity: Medium

Vulnerability: Unauthorized Asset Manager Usage Patched in Version: 3.1.23 Severity: High

Vulnerability: Authenticated PHP4 File Upload to RCE Patched in Version: 3.1.19 Severity: Critical 

The vulnerability is patched, so you should update to version 3.1.23+.

4. Spam protection, AntiSpam, FireWall by CleanTalk

Vulnerability: Unauthenticated Blind SQL Injection Patched in Version: 5.153.4 Severity: High

The vulnerability is patched, so you should update to version 5.153.4+.

5. WP Customer Reviews

Vulnerability: Authenticated Stored Cross-Site Scripting Patched in Version: 3.5.6 Severity: Medium

The vulnerability is patched, so you should update to version 3.5.6+.

WordPress Themes Vulnerabilities

1. Goto

Vulnerability: Unauthenticated Blind SQL Injection Patched in Version: 2.1 Severity: Critical

Vulnerability: Reflected Cross-Site Scripting Patched in Version: 2.1 Severity: High

The vulnerability is patched, so you should update to version 2.1+.

 

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay! 

The information for this blog post was taken from iThemes Vulnerability Roundup

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!