WordPress Vulnerability Roundup: March 2021, Part 2

vulnerability roundup

Written by

Michael Moore
on

March 16, 2021

Last Updated on March 16, 2021

New WordPress plugin and theme vulnerabilities were disclosed during the third week of March. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the March, Part 2 Report

WordPress Core Vulnerabilities

WordPress 5.7 “Esperanza” Released – Update Now!

A new WordPress core version was released on March 9, 2021: WordPress 5.7 “Esperanza.”

Be sure to update all your sites to this latest version of WordPress. Check out 21 new features and enhancements in WordPress 5.7 to see what’s new, including:

  • An easier way to send password reset emails/links
  • Upgrade a site from HTTP to HTTPS with a single click
  • Custom icon and background colors + sizes for social icons block

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

March Security Tip: Use Two-Factor Authentication to Secure

Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you use one of the plugins in this edition of the vulnerability roundup with an authentication bypass vulnerability.

Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you are using a plugin with an authentication bypass vulnerability.

Why? Two-factor authentication makes it nearly impossible for an unauthenticated user to login to your website.

What is two-factor authentication? Two-factor authentication is a process of verifying a person’s identity by requiring two separate methods of verification. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.

Here are a few more reasons to use two-factor authentication to add another layer of protection to your WordPress login.

  • Reused passwords are weak passwords. According to the Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. But the

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

WordPress Vulnerability Roundup: March 2021, Part 1

WordPress Vulnerability Roundup: December 2020, Part 2

Written by

Michael Moore
on

March 3, 2021

Last Updated on March 3, 2021

New WordPress plugin and theme vulnerabilities were disclosed during the first week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the March, Part 1 Report

WordPress Core Vulnerabilities

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

March Security Tip: Why You Should Use Two-Factor Authentication

Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you use one of the plugins in this edition of the vulnerability roundup with an authentication bypass vulnerability.

Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you are using a plugin with an authentication bypass vulnerability.

Why? Two-factor authentication makes it nearly impossible for an unauthenticated user to login to your website.

What is two-factor authentication? Two-factor authentication is a process of verifying a person’s identity by requiring two separate methods of verification. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.

Here are a few more reasons to use two-factor authentication to add another layer of protection to your WordPress login.

  • Reused passwords are weak passwords. According to the Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. But the most important stat from the report is that “81% of hacking-related breaches leveraged either stolen or weak passwords.”
  • Even though 91% of people know reusing passwords is poor practice, a staggering 59% of people still reuse their passwords everywhere!
  • Many people are still using passwords that have appeared in a database dump. A database dump occurs when a hacker successfully gains access to a user database and then dumps the contents somewhere online. Unfortunately for us, these dumps contain a ton of sensitive login and account

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

WordPress Vulnerability Roundup: February 2021, Part 2

vulnerability roundup

Written by

Michael Moore
on

February 24, 2021

Last Updated on February 24, 2021

New WordPress plugin and theme vulnerabilities were disclosed during the second half of February. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the February, Part 2 Report

WordPress Core Vulnerabilities

However, WordPress version 5.6.2 was released to fix a few bugs introduced in WordPress version 5.6.1.

WordPress Plugin Vulnerabilities

1. Post SMTP Mailer/Email Log

Vulnerability: CSRF Nonce Bypass
Patched in Version: 2.0.21
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

WordPress Theme Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

February Security Tip: Why You Should Be Logging Website Security Activity

Security logging should be an essential part of your WordPress security strategy. Why?

Insufficient logging and monitoring can lead to a delay in the detection of a security breach. Most breach studies show that the time to detect a breach is over 200 days!

That amount of time allows an attacker to breach other systems, modify, steal, or destroy more data. For this reason, “insufficient logging” landed on the OWASP top 10 of web application security risks.

WordPress security logs have several benefits in your overall security strategy, helping you:

  1. Identity and stop malicious behavior.
  2. Spot activity that can alert you of a breach.
  3. Assess how much damage was done.
  4. Aid in the repair of a hacked site.

If your site does get hacked, you will want to have the best information to aid in a quick investigation and recovery.

The good news is that iThemes Security Pro can help you implement website logging. iThemes Security Pro’s WordPress security logs tracks all these website activities for you:

Stats from your logs are then displayed in a real-time WordPress security dashboard that you can view from your WordPress admin dashboard.

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

WordPress Vulnerability Roundup: January 2021, Part 2

WordPress Vulnerability Roundup: December 2020, Part 2

Written by

Michael Moore
on

January 27, 2021

Last Updated on January 27, 2021

New WordPress plugin and theme vulnerabilities were disclosed during the second half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

This weeks WordPress Vulnerability Roundup is divided into four different categories: WordPress core, WordPress plugins, WordPress themes, and Server.

Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the January, Part 2 Report

WordPress Core Vulnerabilities

WordPress Plugin Vulnerabilities

1. Easy Contact Form Pro – Critical

The vulnerability is patched, and you should update to version 1.1.1.9.

2. FV Flowplayer Video Player – Medium

The vulnerability is patched, and you should update to version 7.4.38.727.

3. Simple Job Board – High

The vulnerability is patched, and you should update to version 2.9.4.

4. Easy Media Gallery Pro – Medium

The vulnerability is patched, and you should update to version 1.3.0.

5. Contact Form Submissions – Medium

Remove the plugin until a security fix is released.

6. 301 Redirects – Critical

The vulnerability is patched, and you should update to version 2.51.

7.WP Shieldon – Medium

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

Scroll to Top