WordPress Vulnerability Roundup: January 2021, Part 1
New WordPress plugin and theme vulnerabilities were disclosed during the first half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.
New WordPress plugin and theme vulnerabilities were disclosed during the first half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.
The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.
Each vulnerability will have a severity rating of Low, Medium, High, or Critical.
WordPress Core Vulnerabilities
WordPress Plugin Vulnerabilities
1.WP E-Signature – Critical
WP E-Signature versions below 1.5.6.8 have an Unauthenticated Remote Code Execution vulnerability.
UPDATE NOW:
The vulnerability is being actively exploited.
2. Newsletter Manager – High
All versions of Newsletter Manager have a Unauthenticated Insecure Deserialization vulnerability.
3. Site Offline – Medium
Site Offline versions below 1.4.4 have Multiple Cross-Site Request Forgery vulnerabilities.
4. WP Postratings – Medium
WP Postratings versions below 1.86.1 have an Authenticated Stored Cross-Site Scripting vulnerability.
5. Custom Global Variables – High
All versions of Custom Global Variables have a Stored Cross-Site Scripting vulnerability.
6. Stripe Payments – Medium
Stripe Payments versions below 2.0.40 have an Authenticated Stored Cross-Site Scripting vulnerability.
7. Orbit Fox by ThemeIsle – Medium
Orbit Fox by ThemeIsle versions below 2.10.3 have an Authenticated Stored Cross Site Scripting vulnerability.
8. WP Paginate – Medium
WP Paginate versions below 2.1.4 have an Authenticated Stored Cross-Site Scripting vulnerability.
9. WP Quick FrontEnd Editor – Medium
All versions of WP Quick FrontEnd Editor have an Authenticated Content Injection vulnerability.
10. LiteSpeed Cache – Low
LiteSpeed Cache versions below 3.6.1 have an Authenticated Stored Cross-Site Scripting vulnerability.
WordPress Theme Vulnerabilities
January Security Tip: Scan Your Websites for Vulnerabilities
60% of website breaches involve vulnerabilities for which a patch was available but not applied. This means having software with known vulnerabilities installed on your site gives hackers the blueprints they need to take over your site.
Every day, it gets harder and harder to keep track of every disclosed WordPress vulnerability. You have to compare that list to the versions of plugins and themes you have installed on your site… and make sure you’re constantly updating.
To solve this problem, the iThemes Security Pro plugin just rolled out a better way to protect your sites against software vulnerabilities, the number one culprit of hacked and compromised WordPress sites.
The new, improved WordPress Security Site Scan powered by iThemes performs automatic checks for known website vulnerabilities and, if a patch is available, iThemes Security Pro will automatically apply the fix for you … so you don’t have to. Whew. that’s some peace of mind.
A WordPress Security Plugin Can Help Secure Your Website
iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add an extra layer of security to your website.
Get iThemes Security Pro
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
