WordPress Vulnerability Roundup: March 2020, Part 2

WordPress Vulnerability Roundup: March 2020, Part 2

Written by

Michael Moore
on

March 25, 2020

Last Updated On March 25, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the second half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

WordPress Core Vulnerabilities

There haven’t been any disclosed WordPress vulnerabilities in 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1 – 7. Multiple Plugins

Remove the plugins,they have been closed on the WordPress.org plugin repository.

8. WordPress File Upload

The vulnerabilities have been patched, and you should update to version 4.13.0.

9. Newsletter

The vulnerabilities have been patched, and you should

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

WordPress Vulnerability Roundup: March 2020, Part 1

WordPress Vulnerability Roundup: March 2020, Part 1

Written by

Michael Moore
on

March 11, 2020

Last Updated On March 11, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

WordPress Core Vulnerabilities

There haven’t been any disclosed WordPress vulnerabilities in 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Pricing Table by Supsystic

The vulnerabilities have been patched, and you should update to version 1.8.2.

2. Flexible Checkout Fields for WooCommerce

Flexible Checkout Fields for WooCommerce versions 2.3.1 and below have an Unauthenticated Settings Update vulnerability. The plugin was being active exploited in the wiled, and injecting malicious scripts into WooCommerce checkout pages.

The vulnerability has been patched, and you should update to version 2.3.2.

3. Export Users

The plugin is closed on the WordPress.org plugin repository and should be removed.

4. Hero

[…]

 



This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

Scroll to Top