Critical vulnerabilities in WordPress plugins – July 2020

Critical vulnerabilities in WordPress plugins - July 2020


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin. 

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Already this month 

Adning Advertising plugin

Two vulnerabilities found in the Adning Advertising plugin, including a critical-severity flaw allowing attackers to upload backdoors onto vulnerable sites. Read more…

KingComposer plugin

A Cross-Site Scripting (XSS) vulnerability affecting over 100,000 WP sites using the KingComposer plugin. This XSS vulnerability is unusual compared to our recently published vulnerabilities because it is a reflected Cross-Site Scripting vulnerability. Read more…

All in One SEO Pack plugin

A WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page. Read more…

TC Custom JavaScript

The Wordfence Threat Intelligence Team published details of a high-severity vulnerability in the TC Custom JavaScript plugin, which allowed attackers to inject malicious JavaScript onto every page of a victim’s site. Read more…

My advice

Always make sure you have the latest version of your plugins, make it a habit to check up on them if they need an update.

All the best,

Luc

If you find this article informative, share it with your friends or/and leave a comment below.

Add a Comment

Your email address will not be published. Required fields are marked *