Fragile plug-ins and themes are the #1 reason why WordPress websites are hacked. The weekly WordPress vulnerability report provided by wpscan covers the recent WordPress plug-ins, themes and core vulnerabilities, as well as the tasks to be performed when running one of the vulnerable plug-ins or themes on the website. The severity of each vulnerability is low, medium, high, or fatal. Openness and reporting on vulnerability is an essential part of maintaining the safety of the WordPress community. What’s new in this report: Vulnerabilities will now be listed based on the number of active installations rather than the publication date.
Please share this post with your friends, spread rumors and help everyone make WordPress safer. The content of the report on December 22, 2021 is WordPress core vulnerability, WordPress plug-in vulnerability 1. SeO2 multi-function. Smash balloon social article seed 3. Modern calendar lighting 4. Ux 5。 Clear real-time chat 6. Image Hoover effect ultimate record 7. WP appointment system – appointment calendar 8. Landing page compiler 9. stochastic analysis Trulanker WordPress plugin vulnerability: plugin shutdown 11. Message engine professional 12 Htaccess redirection 13. Wookmers uses parsian bank gateway 14. Real vijiwick 15. Link list manager 16. Simple image gallery Ukmas enbio mask 18. Magic mail voice 19. H5p CSS editor 20. Duo FAQ 21. Magic mail voice 22. Woocommerce myghpay payment gateway advanced plug-in vulnerability 23. Plus sign 24 for elementor pro. Let’s box 25。 Share a drive 26. Available immediately 27. Do you want ithemes Security Pro to receive the report and send it to your inbox every week to protect the WordPress website from weak plug-ins and themes in drive use with year-round website security monitoring? Weekly email subscription WordPress core vulnerability the latest version of WordPress core is 5.8.2. As a best practice, always run the latest version of the WordPress kernel!
Word press plug-in vulnerabilities this section discloses the latest word press plug-in vulnerabilities. Each plug-in list includes vulnerability type, active installation, patch version number and severity level. 1. Multi function SEO male plug-in: multi function SEO vulnerability: Certified SQL injection active installation: more than 3 million version: patch severity score in 4.1.5.3: patch vulnerability is high and should be updated to version 4.1.5.3. Plug in: all in one SEO vulnerability: authentication privilege promotion activity installation: more than 3 million versions: patch severity score in 4.1.5.3: fatal
The vulnerability has been fixed and must be updated to version 4.1.5.3. 2. Smash balloon social article feed male plug-in: Smash balloon social article feed vulnerability: Certified reflection cross site script (XSS) activity installation: 200000 + version: patch severity score in 4.1.1: usually the vulnerability has been patched and needs to be updated to version 4.1.1. 3. Modern event calendar light male plug-in: modern event calendar light weakness: Subscriber + Category: lead on stored XSS additional event installation: 100000 + version: patch severity score in 6.2.0: normal
The vulnerability has been fixed and must be updated to version 6.2.0. 4. Xus plug-in: woocs vulnerability: reflected cross site script activity installation: 60000 + version: patch severity score in 1.3.7.3: high vulnerability is patched and needs to be updated to version 1.3.7.3. 5. Clear real-time chat male plug-in: clear real-time chat weakness: in the saved Cross website script
. 17. Woocomers envio pack plugin: woocomer envio pack vulnerability: patched in reflected cross site script version: no known modifications – plugin closure severity score: high
This vulnerability is not patched. The plug-in was closed on November 15, 2021. Delete and delete. 18. Magic post voice plug-in: Magic post voice vulnerability: patched in the reflected cross site script version: no known modification – plug-in closure severity score: high male vulnerability not patched. The plug-in was closed on December 3, 2021. Delete and delete. 19. H5p CSS editor plug-in: h5p CSS editor vulnerability: patched in the reflected cross site script version: no known modifications – plug-in closure severity score: high vulnerability not patched. The plug-in was closed on December 3, 2021. Delete and delete. 20. Two FAQ plug-ins: Duo FAQ vulnerability: patched in the reflected cross site script version: no known modifications – plug-in closure severity score: high vulnerabilities are not patched. The plug-in was closed on December 3, 2021. Delete and delete. 21. Magic post voice plug-in: Magic post voice vulnerability: patched in the reflected cross site script version: no known modification – plug-in closure severity score: high vulnerability not patched. The plug-in was closed on December 3, 2021. Delete and delete. 22. Woocommerce myghpay payment gateway plug-in: woocommerce myghpay payment gateway vulnerability: patched in the reflected Cross website script version: no known modifications – plug-in closure severity score: high vulnerability, no patch. The plug-in was closed on December 13, 2021. Delete and delete. Advanced plug-in vulnerabilities this section discloses the latest word press advanced plug-in vulnerabilities. Each plug-in list includes vulnerability type, patch version number and severity level. 23. Loader plug-in for elementor Pro: Loader vulnerability for elementor – Pro: sensitive data disclosure version: patch severity score in 5.0.7: usually the vulnerability has been patched, so it needs to be updated to version 5.0.7. Plug in: plus additional vulnerability of elementor – Pro: unauthenticated SQL injection version: fix severity score in 5.0.7: fix common vulnerability, so it must be updated to version 5.0.7. 24. Let’s box plug-in: lets box vulnerability: reflected cross site script version: from 1.13.3 to patch severity score: due to the patching of common vulnerabilities, it must be updated to version 1.13.3. 25. A drive sharing plug-in: a drive sharing vulnerability: reflected cross site script version: patch severity score in 1.15.3: the vulnerability is usually patched, so it must be updated to version 1.15.3. 26. Immediately available plug-in: immediately available vulnerability: reflected cross site script version: from 1.20.3 to patch severity score: due to the patching of common vulnerabilities, it must be updated to version 1.20.3. 27. Driver usage plug-in: Driver usage vulnerability: reflected cross site script version: from 1.18.3 to patch severity score: usually the vulnerability has been patched, so it must be updated to version 1.18.3. The report describes how to protect the WordPress website from vulnerable plug-ins and themes. Many new WordPress plug-ins and themes are exposed every week. Understand the disclosure of all reported vulnerabilities.
Because you know it’s hard, using the ithemes Security Pro plug-in can easily determine whether your site is running a theme, plug-in, or core version of word press with known vulnerabilities. 1. Install the ithemes Security Pro plug-in. The ithemes Security Pro plug-in will strengthen the WordPress site to understand the most common ways for websites to be attacked by hackers. There are more than 30 ways to protect your site with an easy-to-use plug-in. 2. Enable site scanning to identify known vulnerabilities. The version management function of ithemes Security Pro is integrated with site scanning to protect the site. Fragile themes, plug-ins and the core version of word press will be updated automatically. 3. Enable file change detection. The core of rapid detection of security violations is to monitor file changes on the website. The file change detection function of ithemes Security Pro scans files on the website and notifies you when the website changes. Access to ithemes Security Pro WordPress security plug-in through 24×7 website security monitoring. Ithemes Security Pro provides more than 50 methods to protect and protect websites from common WordPress security vulnerabilities. You can use WordPress, dual authentication, indifference proxy protection, strong password application, etc. to add a security layer to the website. Male website scanner file change detection of plug-in and theme vulnerabilities real-time website security control board WordPress security log reliable device reCAPTCHA undifferentiated college entrance examination protection permission confirmation and refusal to steal password 35% discount of ithemes Security Pro until December 31
