Critical vulnerabilities in WordPress plugins – July 2021


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – July 2021

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Critical SQL Injection Vulnerability Patched in WooCommerce

This vulnerability allowed unauthenticated attackers to access arbitrary data in an online store’s database.

WooCommerce is the leading e-Commerce platform for WordPress and installed on over 5 million websites. Additionally, the WooCommerce Blocks feature plugin, installed on over 200,000 sites, was affected by the vulnerability and was patched at the same time.

We strongly recommend updating to a patched version of WooCommerce immediately if you have not updated automatically, as this will provide the best possible protection.

The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and WooCommerce Blocks 2.5 to 5.5 plugin.

Read full details

Multiple Vulnerabilities Patched in WordPress Download Manager

The Wordfence Threat Intelligence found two separate vulnerabilities, including a sensitive information disclosure and a file upload vulnerability which could have resulted in Remote Code Execution in some configurations.

A WordPress plugin installed on over 100,000 sites.

The plugin owner released a patch to fix this, so make sure you update to the latest version of this plugin.

Read full details

The Best WordPress Plugins for 2021 (and how to find them) according to Wordfence

Read also: Plugins vital to have on your WordPress site.

Wordfence offering free site cleanings & site security audits to public/state-funded schools worldwide.

With more students and teachers remotely connecting for education, the need for security awareness has never been greater. Malware infected websites pose a significant risk to students, teachers, parents and administrators. These risks include the breach of personal information, the risk of threat actors targeting children, and the disruption of learning and online services to students.

Wordfence is committed to helping public schools safely educate the next generation. Each Wordfence site cleaning and site security audit is valued at $490.

Read full details

Wordfence is now a CVE Numbering Authority

They are excited to announce that Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes.

WordPress powers over 40% of the World Wide Web in 2021. By becoming a CNA, Wordfence expands their ability to elevate and accelerate WordPress security research. This furthers their goal of helping to protect the community of WordPress site owners and developers, and the millions of website users that access WordPress every day.

All the best,

Luc

Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do. 😉

Add a Comment

You have to agree to the comment policy.