WordPress Vulnerability Roundup: June 2020, Part 1

Jun 10, 2020 | Security - Internet, WordPress, and otherwise




New WordPress plugin and theme vulnerabilities were disclosed during the first half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into four different categories:

  1. WordPress core
  2. WordPress plugins
  3. WordPress themes

Each vulnerability will have a threat rating of Low, Medium, High, or Critical.

WordPress Core Vulnerabilities

There have not been any WordPress vulnerabilities disclosed in June 2020.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

1. Drag and Drop Multiple File Upload for Contact Form 7 – Critical

wordpress-vulnerability-roundup-june-2020-part-1 WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 1.3.3.3.

2. Page Builder: PageLayer – Drag and Drop website builder – High

wordpress-vulnerability-roundup-june-2020-part-1-1 WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 1.1.2.

3. MapPress Maps – Critical

generic-wp-plugin WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 2.54.6.

4. Image Photo Gallery Final Tiles Grid – Critical

wordpress-vulnerability-roundup-june-2020-part-1-2 WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 3.4.19.

5. bbPress – Critical

wordpress-vulnerability-roundup-june-2020-part-1-3 WordPress Vulnerability Roundup: June 2020, Part 1

bbPress versions below 2.6.5 have an Unauthenticated Privilege Escalation vulnerability when New User Registration enabled.

The vulnerability is patched, and you should update to version 2.6.5.

6. Multi Scheduler – High

closed-plugin-logo WordPress Vulnerability Roundup: June 2020, Part 1
Remove the plugin until a security fix is released.

7. JobSearch – High

generic-wp-plugin WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 1.5.1.

8. AdRotate – Medium

closed-plugin-logo WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 5.8.4.

9. Elementor Page Builder – High

wordpress-vulnerability-roundup-june-2020-part-1-4 WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 2.9.10.

10. SportsPress – High

wordpress-vulnerability-roundup-june-2020-part-1-5 WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 2.7.2.

WordPress Themes

1. Careerfy – High

generic-wp-plugin WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 3.9.0.

2. Newspaper – High

closed-plugin-logo WordPress Vulnerability Roundup: June 2020, Part 1
The vulnerability is patched, and you should update to version 10.3.4.

New! Protect Your WordPress Website with the iThemes Security Site Scan.

[embedded content]

Did you know that 60% of website breaches involve vulnerabilities for which a patch was available but not applied? This means having software with known vulnerabilities installed on your site gives hackers the blueprints they need to take over your site.

Every day, it gets harder and harder to keep track of every disclosed WordPress vulnerability. You have to compare that list to the versions of plugins and themes you have installed on your site… and make sure you’re constantly updating.

To solve this problem, today we’re excited to announce that the iThemes Security Pro plugin is rolling out a better way to protect your sites against software vulnerabilities, the number one culprit of hacked and compromised WordPress sites.

The new, improved WordPress Security Site Scan powered by iThemes performs automatic checks for known website vulnerabilities

The new, improved WordPress Security Site Scan powered by iThemes performs automatic checks for known website vulnerabilities and, if a patch is available, iThemes Security Pro will now automatically apply the fix for you… so you don’t have to. Whew. that’s some peace of mind. 

wordpress-vulnerability-roundup-june-2020-part-1-6 WordPress Vulnerability Roundup: June 2020, Part 1

A WordPress Security Plugin Can Help Secure Your Website

iThemes Security Pro, our WordPress security plugin, offers 30+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add an extra layer of security to your website.

Learn more about WordPress security with 10 key tips. Download the ebook now: A Guide to WordPress Security

Source

WordPress Development

SEO NEWS

seo news

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.