Menu
iThemes
WordPress Backup, Security & Maintenance
  • WordPress Hosting
  • BackupBuddy
  • Security
  • Sync
  • Agency Bundle
  • Plugin Suite
  • Training
    • Page Builder Developer Course
    • Theme Building with the WordPress Block Editor
    • WordPress Gutenberg Help
    • WordPress Tutorials
    • Free Upcoming Webinars
  • Blog
  • Contact
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Maintenance
  • WordPress Security
  • WordPress Training Webinars
  • WordPress Tutorials
  • WProsper

WordPress Vulnerability Roundup: June 2020, Part 2

Written by Michael Moore on June 24, 2020

Last Updated on August 17, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the second half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

WordPress Core Vulnerabilities

There have not been any WordPress core vulnerabilities disclosed in the second half of June. (But be sure to check out the info on the WordPress 5.4.2 security update in the WordPress Vulnerability Roundup: June 2020, Part 1.)

WordPress Plugin Vulnerabilities

1. Brizy – Page Builder

Brizy – Page Builder versions below 1.0.126 have an Improper Access Controls on AJAX Calls vulnerability.

The vulnerability is patched, and you should update to version 1.0.126.

2. wpDiscuz

wpDiscuz versions below 5.3.6 have an Unauthenticated SQL Injection vulnerability.

The vulnerability is patched, and you should update to version 5.3.6v.

3. Page Builder: KingComposer

Page Builder: KingComposer versions below 2.9.4 have multiple security issues including Arbitrary File Deletion and Remote Code Execution vulnerabilities.

The vulnerability is patched, and you should update to version 2.9.4.

4. Delete All Comments Easily

All versions of Delete All Comments Easily have Cross-Site Scripting vulnerability.

Remove the plugin until a security fix is released.

5. Testimonial Rotator

Testimonial Rotator versions below 3.0.3 have an Authenticated Stored Cross-Site Scripting vulnerability

The vulnerability is patched, and you should update to version 3.0.3.

6. All in One Support Button

All in One Support Button versions below 1.8.8 have an Authenticated Stored Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.8.8.

7. YITH WooCommerce Ajax Product Filter

YITH WooCommerce Ajax Product Filter versions below 3.11.1 have an Authenticated Reflected Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 3.11.1.

8. WP Pro Quiz

All versions of WP Pro Quiz have a Cross-Site Request Forgery vulnerability.

Remove the plugin until a security fix is released.

9. WooCommerce

WooCommerce versions below 4.2.1 have a Potential Cross-Site Scripting vulnerability via SelectWoo.

The vulnerability is patched, and you should update to version 4.2.1.

WordPress Theme Vulnerabilities

1. Travel Booking

Travel Booking versions below 2.8.2 have an Unauthenticated Reflected Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.8.2.

2. TownHub

TownHub versions below 1.3.0 have an Unauthenticated Reflected Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 1.3.0.

3. CityBook

CityBook versions below 2.4.4 have an Unauthenticated Reflected Cross-Site Scripting vulnerability.

The vulnerability is patched, and you should update to version 2.4.4.

New! Protect Your WordPress Website with the iThemes Security Site Scan.

Did you know that 60% of website breaches involve vulnerabilities for which a patch was available but not applied? This means having software with known vulnerabilities installed on your site gives hackers the blueprints they need to take over your site.

Every day, it gets harder and harder to keep track of every disclosed WordPress vulnerability. You have to compare that list to the versions of plugins and themes you have installed on your site… and make sure you’re constantly updating.

To solve this problem, today we’re excited to announce that the iThemes Security Pro plugin is rolling out a better way to protect your sites against software vulnerabilities, the number one culprit of hacked and compromised WordPress sites.

The new, improved WordPress Security Site Scan powered by iThemes performs automatic checks for known website vulnerabilities and, if a patch is available, iThemes Security Pro will now automatically apply the fix for you… so you don’t have to. Whew. that’s some peace of mind. 

Site Scan Vulnerability Details

A WordPress Security Plugin Can Help Secure Your Website

iThemes Security Pro, our WordPress security plugin, offers 30+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add an extra layer of security to your website.

Learn more about WordPress security with 10 key tips. Download the ebook now: A Guide to WordPress Security
Download now

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
vulnerability roundup
WordPress Vulnerability Roundup: January 2021, Part 1

WordPress Vulnerability Roundup: December 2020, Part 2
vulnerability roundup
WordPress Vulnerability Roundup: December 2020, Part 1
vulnerability roundup
WordPress Vulnerability Roundup: November 2020, Part 2

Respond

Click here to cancel reply.

Get updates on new themes & plugins plus special discounts

About iThemes

  • #WProsper
  • Friends of iThemes
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • Agency Bundle
  • WordPress Hosting
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2021 All rights reserved | Privacy Policy

  • Liquid Web Family of Brands
  • Facebook
  • Twitter
  • LinkedIn
  • More Networks
Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Xing
Reddit
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied

Get the Ebook: A Guide to WordPress Security

WordPress security guide
In this downloadable guide, we walk through 10 tips for better WordPress security.

  • The different types of WordPress security vulnerabilities
  • Common mistakes users and admins make
  • WordPress security best practices
  • Actions you can take today to reduce your risk of a hack or breach
No spam. Unsubscribe anytime.