New WordPress plugin and theme vulnerabilities were disclosed during the final week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

Each vulnerability will have a severity rating of LowMediumHigh, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the March, Part 4 Report

WordPress Core Vulnerabilities

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

1. All Thrive Themes Legacy Themes

Affected Themes: Rise, Luxe, Minus, Ignition, Focusblog, Squared, Voice, Performag, Pressive, & Storied
Vulnerability: Unauthenticated Arbitrary File Upload and Option Deletion
Patched in Version: 2.0.0
Severity: Critical – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

A WordPress Security Plugin Can Help Secure Your Website

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add an extra layer of security to your website.

Get iThemes Security Pro

vulnerability roundup

Spread the love

Posted by News Monkey