Remove Scountet Kalendar as it appears the plugin has been abandoned.

The vulnerability has been patched, and you should update it to version 1.6.90.

2. Materialis

Materialis versions 1.0.172 and below have an Authenticated Options Update vulnerability.

What You Should Do

The vulnerability has been patched, and you should update it to version 1.0.173.

4. Superlist

Superlist versions 2.9.2 and below are vulnerable to a Stored Cross-Site Scripting attack.

What You Should Do

The vulnerability hasn’t been patched, and you should remove the theme. Keep an eye on the changelog for a security update.

How to Be Proactive About WordPress Theme & Plugin Vulnerabilities

Running outdated software is the number one reason WordPress sites are hacked. It is crucial to the security of your WordPress site that you have an update routine. You should be logging into your sites at least once a week to perform updates.

Automatic Updates Can Help

Automatic updates are a great choice for WordPress websites that don’t change very often. Lack of attention often leaves these sites neglected and vulnerable to attacks. Even with recommended security settings, running vulnerable software on your site can give an attacker an entry point into your site.

Using the iThemes Security Pro plugin’s Version Management feature, you can enable automatic WordPress updates to ensure you are getting the latest security patches. These settings help protect your site with options to automatically update to new versions or to increase user security when the site’s software is outdated.

[…]

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

New WordPress plugin and theme vulnerabilities were disclosed during the second half of February, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

1. WordPress core
2. WordPress plugins
3. WordPress themes

WordPress Core Vulnerabilities

There haven’t been any disclosed WordPress vulnerabilities in 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Ninja Forms

The vulnerabilities have been patched, and you should update to version 3.4.23.

2. ThemeGrill Demo Importer

The vulnerability has been patched, and you should update to version 1.6.2.

3. SAML SP Single Sign On

The vulnerability has been patched, and you should update to version 4.8.84.

4. wpCentral

[…]

 

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

New WordPress plugin and theme vulnerabilities were disclosed during the second half of January, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

• 1. WordPress core
• 2. WordPress plugins
• 3. WordPress themes
• 4. Breaches from around the web

WordPress Core Vulnerabilities

There haven’t been any disclosed WordPress vulnerabilities in January of 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Code Snippets

Code Snippets versions 2.13.3 and below have a Cross-Site Request Forgery vulnerability that can lead to a Remote Code Execution attack.

What You Should Do

The vulnerabilities have been patched, so you should update to version 2.14.0.

2. WP Database Reset

WP Database Reset versions 3.1 and below have two vulnerabilities. The first vulnerability would all an unauthenticated user to reset any database table to the initial WordPress set-up state. The second vulnerability would allow any user to grant their account administrative privileges and drop other users from the table.

What You Should Do

The vulnerabilities have been patched, so you should update to version 3.15.

3. Chained Quiz

[…]

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

TownHub versions 1.0.5 and below have multiple vulnerabilities including, an Unauthenticated Reflected XSS, an Authenticated Persistent XSS, and an Insecure Direct Object Reference.

The vulnerability has been patched, and you should update it to version 1.0.6.

6. CityBook

CityBook versions 2.9.4 and below have multiple vulnerabilities including, an Unauthenticated Reflected XSS, an Authenticated Persistent XSS, and an Insecure Direct Object Reference.

What You Should Do

The vulnerability has been patched, and you should update it to version 2.9.5.

7. Real Estate 7

Real Estate 7 versions 2.3.3 and below have multiple vulnerabilities including, an Unauthenticated Reflected XSS, an Authenticated Persistent XSS, and an Insecure Direct Object Reference.

What You Should Do

The vulnerability has been patched, and you should update it to version 2.3.4.

How to Be Proactive About WordPress Theme & Plugin Vulnerabilities

Running outdated software is the number one reason WordPress sites are hacked. It is crucial to the security of your WordPress site that you have an update routine. You should be logging into your sites at least once a week to perform updates.

Automatic Updates Can Help

Automatic updates are a great choice for WordPress websites that don’t change very often. Lack of attention often leaves these sites neglected and vulnerable to attacks. Even with recommended security settings, running vulnerable software on your site can give an attacker an entry point into your site.

Using the iThemes Security Pro plugin’s Version Management feature, you can enable automatic WordPress updates to ensure you are getting the latest security patches. These settings help protect your site with options to automatically update to new versions or to increase user security when the site’s software is outdated.

[…]

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Written by

Michael Moore
on

December 23, 2020

Last Updated on December 23, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the second half of December. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

In the December, Part 2 Report

WordPress Core Vulnerabilities

The latest version of WordPress core is currently 5.6. As a WordPress security best practice, make sure you’re running the latest version of WordPress core.

WordPress Plugin Vulnerabilities

1. DiveBook

DiveBook versions below 1.1.4 have an Improper Authorization Check, Unauthenticated SQL Injection, & Unauthenticated Reflected XSS vulnerabilities.

Remove the plugin until a security fix is released.

2. Pagelayer

The vulnerability is patched, and you should update to version 1.3.5.

3. Ultimate Category Excluder

The vulnerability is patched, and you should update to version 1.2.

4. Directories Pro

The vulnerability is patched, and you should update to version 1.3.46.

5. Total Upkeep

The vulnerability is patched, and you should update to version 1.14.10.

6. Redux Framework

The

[…]

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Written by

Michael Moore
on

December 9, 2020

Last Updated on December 9, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the first half of December. This post covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

In the December, Part 1 Report

WordPress Core Vulnerabilities

No new WordPress core vulnerabilities have been disclosed this month.

However, a new major version of WordPress core was just released yesterday. WordPress 5.6 includes several new features and improvements, so be sure to update.

WordPress Plugin Vulnerabilities

1. WPJobBoard

The vulnerability is patched, and you should update to version 5.7.0.

2. WP Google Map Plugin

The vulnerability is patched, and you should update to version 4.1.4.

3. BuddyPress

The vulnerability is patched, and you should update to version 6.4.0.

4. Events Manager

The vulnerability is patched, and you should update to version 5.9.8.

5. Age Gate

The vulnerability is patched, and you should update to version 2.13.5.

6. Canto

Remove the plugin until a security fix is released.

7. Profile Builder

[…]

 

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.

Written by

Michael Moore
on

May 27, 2020

Last Updated On May 28, 2020

New WordPress plugin and theme vulnerabilities were disclosed during the second half of May, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

1. WordPress core
2. WordPress plugins
3. WordPress themes

Each vulnerability will have a threat rating of Low, Medium, High, or Critical.

WordPress Core Vulnerabilities

There have not been any WordPress vulnerabilities disclosed in May 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Site Kit by Google – Critical

The vulnerability is patched, and you should update to version 1.8.0.

2. Easy Testimonials – Critical

The vulnerability is patched, and you should update to version 3.6.

3. WP Product Review – High

[…]

 

Keep Reading »

This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.