WordPress Vulnerability Report: April 2021, Part 3

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This post covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the April, Part 3 Report

WordPress Core Vulnerabilities

WordPress 5.7.1 is was released on April 15, 2021. This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release of WordPress core, it is recommended that you update your sites immediately!

1. WordPress 5.6 – 5.7

Vulnerability: Authenticated XXE Within the Media Library Affecting PHP 8
Patched in Version: 5.7
Severity: High – CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

The vulnerability is patched, so you should update WordPress core to 5.7.1+.
The vulnerability is patched, so you should update WordPress core to 5.7.1+.

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

No new theme vulnerabilities have been disclosed this week.

A WordPress Security Plugin Can Help Secure Your Website

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. With WordPress, two-factor authentication, brute force protection, strong password enforcement, and more, you can add an extra layer of security to your website.

WordPress Vulnerability Report

Spread the love

Posted by News Monkey

blank