A complete summary of WordPress Vulnerabilities

Home - WordPress Fixes - A complete summary of WordPress Vulnerabilities
WordPress Vulnerabilities

A complete summary of WordPress Vulnerabilities

We love WordPress and want our readers to be up-to-date with the recent WordPress news. Our aim is simple: to spread WordPress knowledge to all. Therefore, for the month of August, we have brought you a complete summary of all the WordPress Vulnerabilities and ways to tackle them.

Before we delve deeper into the vulnerabilities, we have divided this WordPress vulnerabilities synopsis into four major categories as follows:

  • Vulnerabilities of WordPress Core
  • Vulnerabilities of Plugins
  • Vulnerabilities of Themes
  • Security Breaches

We have brought the web-wide breaches because it is also vital to be conscious of WordPress Vulnerabilities, so that, you can take necessary safety actions. The exploitation of your server software can expose delicate information to the hackers.

Infringements of the database may reveal user credentials on your site, opening the door to perpetrators accessing your site. Therefore, we bring this blog to make you aware about the security vulnerabilities of WordPress themes & plugins. Also, we tell you what to do to resolve these security vulnerabilities.

Vulnerabilities of ​​​​WordPress Core

In the last one or two months, no WordPress vulnerabilities of Core has been disclosed. As soon as it is released, we will update you.

Vulnerabilities of WordPress Plugins

appointment-hour-booking

There are chances of Cross-Site Scripting attack on Appointment Hour Booking plugin version 1.1.45 and below.

The solution

The WordPress Vulnerabilities have been rectified by the developers of the plugin. You need to update it to version 1.1.46.

The version 4.4 and below of this plugin is susceptible to Cross-Site Request forgery and File type Check.

The Solution

Update the plugin to a version of 4.5 or above.

The version 4.4 and below of this plugin is susceptible to Cross-Site Request forgery and File type Check.

The Solution

Update the plugin to a version of 4.5 or above.

coming-soon-page-&-maintenance-mode

Unauthenticated Stored XSS attack can happen to its version 1.8.0 or below.

The Solution

You will be safe from this attack if you update it to a version of 1.8.2.

The version 1.6.1 of Advances Contact from plugin is vulnerable to SQL injection.

The Solution

The vulnerability has now been fixed and you should update it version 1.7.1.

It’s versions 3.8.4 and below are susceptible to a Cross-Site Request Forgery attack.

The Solution

The flaw has been tweaked and it should be updated to version 3.8.5 to avoid any WordPress Vulnerabilities.

blog2social

Social Media Auto Post & Scheduler version 5.5.0 is prone to an SQL injection.

The Solution

The vulnerability has been fixed and you should get it updated to the version 5.6.0.

Contact Form 7 Dynamic Text Extension plugin 2.0.2.1 and below are prone to some kind of cross-site scripting attack.

The Solution

The vulnerability has been fixed in the version of 2.0.3.

9. AdRotate Banner Manager

The version 5.2 and all other version below it are vulnerable to the Authenticated SQL injection.

The Solution

The problem has been tweaked, and version 5.3 is free from such problems.

10.  Adaptive Images for WordPress

adaptive-images-for-wordpress

The version 0.6.66 and all other version below it are vulnerable to Local File inclusion and deletion attack.

The Solution

The issue has indeed been tweaked, and you should update it to version 0.6.67.

Version 1.4.9 of Everest Forms and below the plugin is susceptible to SQL injection.

The Solution

The vulnerability has been fixed and version 1.5.0 is free from such vulnerabilities.

Contact Form & SMTP plugin for version 1.5.1 of WordPress and below is susceptible to Cross-Site Request Forgery and HTML Injection attack.

The Solution

The vulnerability has been fixed and version 1.5.2 is free from such vulnerabilities.

email-subscribe-&-newsletters

Email Subscribers & Newsletters plugin is vulnerable to SQL injection.

The Solution

This vulnerability has been resolved in the updated version of 4.1.8.

The version 1.5.30 of this plugin is vulnerable to SQL injection.

The Solution

This vulnerability has been resolved in the updated version of 1.5.31.

This plugin’s version 1.17.5 is vulnerable to Sotred XSS attacks.

The Solution

This vulnerability has not been resolved. You should remove this plugin until the next safe update is available of this plugin.

all-in-one-wp-migration

This plugin’s version 6.97 is vulnerable to Authenticated Stored XSS attack.

The Solution

This vulnerability is resolved in the latest updated version of 7.0.

Stay attentive regarding WordPress Theme & Plugin Vulnerabilities​

The reason why WordPress websites get hacked is that they run outdated software. Therefore, it is essential to timely update the WordPress theme and plugins of your site. You should login to your site’s dashboard at least once a week for checking the updates.

For WordPress websites which does not change much often, automatic updates are a great choice. These sites are often overlooked and susceptible to attacks caused by lack of attention.Even with advised safety configurations, vulnerable software operating on your site can provide an entry point for a hacker to your site.

Conclusion

Being a site owner you should focus on your site’s security. And the very first step to secure your site is to keep its Themes, plugins and Core files updated to the latest versions to avoid any WordPress vulnerabilities.

Also, WordPress security Services by WordPress experts ensure that all your security loopholes are fixed. From Daily malware Scans to Installing SSL certificate, we keep your site completely secure. 

Share:

Leave A Comment

CLIENTS REVIEWS

Get Instant WordPress Support

Get Instant WordPress Support