This collection on WordPress Vulnerabilities for March was sourced from iThemes. That’s right, these are the vulnerabilities for just one month!
WordPress Core Vulnerabilities
WordPress 5.7 “Esperanza” Released
A new WordPress core version was released on March 9, 2021: WordPress 5.7 “Esperanza.”
Be sure to update all your sites to this latest version of WordPress. Check out 21 new features and enhancements in WordPress 5.7 to see what’s new, including:
- An easier way to send password reset emails/links
- Upgrade a site from HTTP to HTTPS with a single click
- Custom icon and background colors + sizes for social icons block
WordPress Theme Vulnerabilities
None disclosed so far this month
Plugin Vulnerabilities
iTheme’s vulnerabilities reporting use the Common Vulnerability Scoring System version 3.1 Calculator (CVSS ) to quickly define the vulnerability’s characteristics and therefore it’s threat level.
Under Construction, Coming Soon & Maintenance Mode
Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.1.2
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Abandoned Cart Lite for WooCommerce
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 5.8.6
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Forminator
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.14.8.1
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Dokan
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 3.2.1
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Defender Security
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 2.4.6.1
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Style Kits
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.8.1
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
WP ERP
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.7.5
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
WP Project Manager
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 2.4.10
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
WP Travel
Vulnerability: CSRF Nonce Bypasses
Patched in Version: 4.4.7
Severity: Medium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
WP GDPR Compliance
Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.5.6
Severity: Critical – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.
Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.
If you found something in my site useful, I’d really appreciate if you could link to the page and maybe Google will help other people who need the same info find the page as well 😉
