Fragile plug-ins and themes are the #1 reason why WordPress websites are hacked. The weekly WordPress vulnerability report provided by wpscan covers the recent WordPress plug-ins, themes and core vulnerabilities, as well as the tasks to be performed when running one of the vulnerable plug-ins or themes on the website. The severity of each vulnerability is low, medium, high, or fatal. Openness and reporting on vulnerability is an essential part of maintaining the safety of the WordPress community. Please share this post with your friends, spread rumors and help everyone make WordPress safer.
On November 10, 2021, the content of the report was WordPress core vulnerability, WordPress plug-in vulnerability 1. Competition Gallery Email confirmation and recording BSK PDF administrator 4. Capable cost calculator Shopping page WP6. Ibtana – e-commerce products Annex 7. WP RSS collector 8. Create block 9. Email before ing 10. Machong 11. Simple Google Maps 12. My calendar 13. Arforms form builder 14. WP dsgvo tool 15. WP all import 16. Hide WPS login 17. WP Google font 18. Woocommerce activity manager 19. Vending machine wp20. Logo slider and showcase 21. A competent price list WP commissioning 23. Hotel Directory Email tracker Supsysic’s consultation form 26. Motopress’s restaurant menu 27. SEO redirection 28. Teacher LMS 29. Ninja form 30. In order to protect the WordPress website from vulnerable plugins and themes of event calendar registration, do you want ithemes Security Pro to receive reports and send them to your inbox every week? Weekly email subscription WordPress core vulnerability the latest version of WordPress core is 5.8.1. As a best practice, always run the latest version of the WordPress kernel!
Word press plug-in vulnerabilities this section discloses the latest word press plug-in vulnerabilities. Each plug-in list includes vulnerability type, patch version number and severity level. 1. Tournament library male plug-in: Tournament library vulnerability: Subscriber + email address exposure version: patch severity score in 13.1.0.7: usually the vulnerability has been patched and needs to be updated to 13.1.0.7. Plug in: Tournament Gallery vulnerability: unauthenticated SQL injection \/ email address exposure access control missing version: patch in 13.1.0.6 severity score: high
The vulnerability has been fixed and must be updated to version 13.1.0.6. 2. Email confirmation and logging plug-in: email confirmation and logging vulnerability: reflected cross site script version: patch severity score in 1.0.4: high vulnerability is patched, so it must be updated to version 1.0.4. 3. BSK PDF manager plug-in: BSK PDF manager vulnerability: admin + SQL injection version: patch severity score in 3.1.2: ordinary vulnerability is patched, so it must be updated to version 3.1.2. 4. Refined billing device male plug-in: refined billing device weakness: Subscriber + unauthorized Ajax call to the stored XSS version: patch severity score in 7.0.4: high
The vulnerability has been fixed and must be updated to version 7.0.4. 5. WP plug-in of shopping page: WP vulnerability of shopping page: version of Cross website script saved by admin +: patch severity score in 1.2.8: ordinary vulnerability has been patched and needs to be updated to version 1.2.8. 6. Ibtana – addon of e-commerce product male plug-in: ibtana – addon vulnerability of e-commerce product: reflected Cross website script version: severity point patched in 0.2.4
Number: high vulnerability has been patched and needs to be updated to version 0.2.4. 7. WP RSS collector male plug-in: WP RSS collector weakness: admin + saved cross site script version: patch severity score in 4.19.2: low
The vulnerability has been fixed and needs to be updated to version 4.19.2. 8. Block generation male plug-in: block generation vulnerability: contributor + saved cross site script version: patch severity score in 1.4.0: Since ordinary vulnerabilities are patched, they must be updated to version 1.4.0. 9. Pre email plug-in: pre email vulnerability: admin + SQL injection version: patch from 6.8 severity score: usually the vulnerability has been patched, so it must be updated to version 6.8. 10. Machong male plug-in: mycred vulnerability: Subscriber + SQL injection version: patch severity score in 2.3: high
The vulnerability has been fixed and must be updated to version 2.3. 11. Simple Google Maps plug-in: Google Maps easy vulnerability: cross site script version saved by admin +: patch severity score in 1.10.1: patch low vulnerability, so it needs to be updated to version 1.10.1. 12. My calendar plug-in: my calendar vulnerability: Subscriber + reflected Cross website script version: patch severity score in 3.2.18: usually the vulnerability has been patched and needs to be updated to version 3.2.18. 13. Arforms form builder male plug-in: arforms form builder vulnerability: admin + saved cross site script version: patched from 1.5 severity score: low
The vulnerability has been fixed and must be updated to version 1.5. 14. WP dsgvo tool male plug-in: WP dsgvo tool vulnerability: unauthenticated arbitrary post deletion version: patch severity score in 3.1.24: high vulnerability is patched and needs to be updated to version 3.1.24. 15. WP all import male plug-in: WP all import vulnerability: cross site script version saved by admin +: patch severity score in 3.6.3: low vulnerability has been patched and needs to be updated to version 3.6.3. 16. Hide WPS login male plug-in: hide WPS login weakness: protect the detour through the referer header version: patch severity score in 1.9.1: normal
The vulnerability has been fixed and must be updated to version 1.9.1. 17. WP Google font plug-in: WP Google font vulnerability: reflected cross site script version: patch severity score in 3.1.5: common vulnerability has been patched and needs to be updated to version 3.1.5. 18. Woocommerce event manager male plug-in: woocommerce event manager vulnerability: unauthenticated arbitrary elementor template import version: patch severity score in 3.5.3: usually the vulnerability has been patched, so it needs to be updated to version 3.5.3. Plug in: woocommerce event manager vulnerability: unauthenticated random option reset version: patch severity score in 3.5.3: high
The vulnerability has been patched and must be updated to version 3.5. 19. Automatic generator WP plug-in: automatorwp vulnerability: lack of permission and permission upgrade version: patch severity score in 1.7.6: due to the patching of common vulnerabilities, it must be updated to version 1.7.6. 20. Flag slider and showcase male plug-in: Flag slider and showcase vulnerability: edit plug-in settings update version: patch severity score in 1.337: low vulnerability has been patched and should be updated to version 1.37. 21. Capable price list male plug-in: capable price list weakness: unauthenticated random picture upload version: in 6.9.0
O provides more than 50 Ways to protect and protect websites to avoid common word press security vulnerabilities. You can use WordPress, dual authentication, indifference proxy protection, strong password application, etc. to add a security layer to the website. For plug-in and theme vulnerability detection, site scanner file change, real-time website security control board, WordPress security log, reliable device reCAPTCHA, indifference substitution protection, dual authentication, direct login link permission reporting, password confirmation and denial ithemes security process
