0409 507 920 [email protected]

This collection on WordPress Vulnerabilities for March was sourced from iThemes. That’s right, these are the vulnerabilities for just one month!

WordPress Core Vulnerabilities

WordPress 5.7 “Esperanza” Released

A new WordPress core version was released on March 9, 2021: WordPress 5.7 “Esperanza.”

Be sure to update all your sites to this latest version of WordPress. Check out 21 new features and enhancements in WordPress 5.7 to see what’s new, including:

  • An easier way to send password reset emails/links
  • Upgrade a site from HTTP to HTTPS with a single click
  • Custom icon and background colors + sizes for social icons block

WordPress Theme Vulnerabilities

None disclosed so far this month

Plugin Vulnerabilities

CVSS logo

iTheme’s vulnerabilities reporting use the Common Vulnerability Scoring System version 3.1 Calculator (CVSS ) to quickly define the vulnerability’s characteristics and therefore it’s threat level.

Under Construction, Coming Soon & Maintenance Mode

Vulnerability: Reflected Cross-Site Scripting
Patched in Version: 1.1.2
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Abandoned Cart Lite for WooCommerce

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 5.8.6
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Forminator

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.14.8.1
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Dokan

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 3.2.1
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Defender Security

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 2.4.6.1
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Style Kits

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.8.1
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

 

WP ERP

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 1.7.5
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

WP Project Manager

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 2.4.10
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

 

WP Travel

Vulnerability: CSRF Nonce Bypasses
Patched in Version: 4.4.7
SeverityMedium – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

WP GDPR Compliance

Vulnerability: Unauthenticated Stored Cross-Site Scripting
Patched in Version: 1.5.6
SeverityCritical – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Peter Cornish
Peter Cornish

An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.

Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.