WordPress Vulnerability Roundup: June 2020, Part 1

WordPress Vulnerability Roundup: June 2020, Part 1

Written by

Michael Moore
on

June 10, 2020

Last Updated On June 11, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the first half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

Each vulnerability will have a threat rating of Low, Medium, High, or Critical.

WordPress Core Vulnerabilities

1. Update to WordPress 5.4.2 – Critical

WordPress versions 5.4.2 is now available. This is an important security and maintenance release. Earlier versions are affected by multiple security bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

You can download WordPress 5.4.2 from WordPress.org, or visit your WP Admin Dashboard > Updates and click Update Now. If you have sites that support automatic background updates, they should have already updated.

The vulnerabilities have been patched, and you should update to WordPress 5.4.2

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Drag and Drop Multiple File Upload for Contact Form 7 – Critical

The vulnerability is patched, and you should update to version 1.3.3.3.

2. Page Builder: PageLayer – Drag and Drop website builder – High

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

WordPress Vulnerability Roundup: June 2020, Part 2

WordPress Vulnerability Roundup: June 2020, Part 2

Written by

Michael Moore
on

June 24, 2020

Last Updated On June 25, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the second half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

WordPress Core Vulnerabilities

There have not been any WordPress core vulnerabilities disclosed in the second half of June. (But be sure to check out the info on the WordPress 5.4.2 security update in the WordPress Vulnerability Roundup: June 2020, Part 1.)

WordPress Plugin Vulnerabilities

1. Brizy – Page Builder

The vulnerability is patched, and you should update to version 1.0.126.

2. wpDiscuz

The vulnerability is patched, and you should update to version 5.3.6v.

3. Page Builder: KingComposer

The vulnerability is patched, and you should update to version 2.9.4.

4. Delete All Comments Easily

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

Scroll to Top