WordPress Vulnerability Roundup: April 2020, Part 1

WordPress Vulnerability Roundup: April 2020, Part 1

Written by

Michael Moore

April 15, 2020

Last Updated On April 14, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the first half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

WordPress Core Vulnerabilities

There haven’t been any disclosed WordPress vulnerabilities in 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. IMPress for IDX Broker

IMPress for IDX Broker below version 2.6.2 have an Authenticated Post Creation, Modification/Deletion and Authenticated Stored Cross-Site Scripting (XSS) via unprotected ‘idx_update_recaptcha_key’ vulnerabilities.

The vulnerabilities have been patched, and you should update to version 2.6.2.

2. CM Pop-Up banners for WordPress

The vulnerability has been patched, and you should update to version 1.4.11.

3. Rank Math



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

Scroll to Top