March 16, 2021
Last Updated on March 16, 2021
New WordPress plugin and theme vulnerabilities were disclosed during the third week of March. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.
The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.
Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.
In the March, Part 2 Report
WordPress Core Vulnerabilities
WordPress 5.7 “Esperanza” Released – Update Now!
A new WordPress core version was released on March 9, 2021: WordPress 5.7 “Esperanza.”
Be sure to update all your sites to this latest version of WordPress. Check out 21 new features and enhancements in WordPress 5.7 to see what’s new, including:
- An easier way to send password reset emails/links
- Upgrade a site from HTTP to HTTPS with a single click
- Custom icon and background colors + sizes for social icons block
WordPress Plugin Vulnerabilities
WordPress Theme Vulnerabilities
No new theme vulnerabilities have been disclosed this month.
March Security Tip: Use Two-Factor Authentication to Secure
Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you use one of the plugins in this edition of the vulnerability roundup with an authentication bypass vulnerability.
Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you are using a plugin with an authentication bypass vulnerability.
Why? Two-factor authentication makes it nearly impossible for an unauthenticated user to login to your website.
What is two-factor authentication? Two-factor authentication is a process of verifying a person’s identity by requiring two separate methods of verification. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.
Here are a few more reasons to use two-factor authentication to add another layer of protection to your WordPress login.
- Reused passwords are weak passwords. According to the Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. But the
This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.