I wanted to give you a heads up that several new WordPress vulnerabilities were disclosed this month. In order to keep your website safe, please be sure that all of your software is up to date and secure.
WordPress Core Vulnerabilities
WordPress version 5.2.3 was released on September 4th, 2019 to patch several potential security vulnerabilities. Here is an excerpt listing security fixes from the WordPress 5.2.3 release post.
- A cross-site scripting (XSS) vulnerability found in post previews by contributors and a cross-site scripting vulnerability in stored comments.
- An issue where validation and sanitization of a URL could lead to an open redirect.
- Potential Reflected cross-site scripting during media uploads.
- A vulnerability for cross-site scripting (XSS) in shortcode previews.
- A case where reflected cross-site scripting could be found in the dashboard.
- An issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
- In addition to the above changes, WordPress is also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
WordPress Plugin Vulnerabilities
Several new WordPress plugin vulnerabilities have also been discovered this month. If your website uses these plugins, make sure to either update the plugin or completely uninstall it.
- Photo Gallery by 10Web
- Advanced Access Manager
- Event Tickets
- Search Exclude
- Content Upgrades
- Spryng Payments for WooCommerce
- Portrait-Archiv.com Photostore
- ECPay Logistics for WooCommerce
- Ellipsis Human Presence Technology
Please be proactive about WordPress vulnerabilities
Running outdated software is the number one way WordPress websites get hacked. It is crucial to the security of your website that you have an update routine. You should be logging into your website at least once a month to perform updates.
If you’d rather rest easier knowing that your website is being watched over by a professional, please read more about Continuous Care, and request to sign up here: https://www.chrisonealdesign.com/continuous-care/
Thanks, and may all your websites remain secure!