WordPress Security Updates: December 2020

Jan 12, 2021 | Security - Internet, WordPress, and otherwise

wordpress-security-updates-december-2020 WordPress Security Updates: December 2020

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that process.

List of Vulnerable Plugins, December 2020

Plugins Removed From the Repository

WordPress security team decides to close a plugin when a security issue is found and the developer doesn’t release a patch in a timely manner. You can read more about this here. If you are using one or more of the above plugins we recommend deactivating them until the developer releases a patch for the mentioned vulnerability or consider a more reliable alternative.

Relevant Vulnerabilities

This month we reported the following vulnerabilities affecting versions < 2.0.1.8.2 of the plugin Modal Survey:

  • Cross Site Scripting in the admin area.
  • Unauthenticated survey update, deletion and creation.
  • Object injection.

Disclosure / Response Timeline:

By exploiting these vulnerabilities, an attacker can perform requests to execute malicious actions asynchronously based on the privilege level of the victim or arbitrary create/delete surveys. We are not aware of any exploit attempts currently using this vulnerability.

Source

WordPress Development

SEO NEWS

seo news

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.