The WordPress Vulnerability report is as follows.
WordPress Plugin :
1. CVE-2020-22277: Import and Export Users and Customers WordPress Plugin CMDI
- Import and Export Users and Customers WordPress Plugin through 18.104.22.168 allows CSV injection via a customer’s profile. Per vendor, this plugin is clean and easy-to-use Import users’ plugin. It includes custom user meta to be included automatically from a CSV file and delimitation auto-detector. It also can send a mail to each user imported and all the meta data imported is ready to edit into user profile.
2. Sploitus exploit search engine comes under DMCA fire, search engine page removal
- The Sploitus exploit search engine has become subject to a DMCA copyright complaint in a case the creator believes is due to a failed piracy block attempt.
- The DMCA claim does not apply to the entire Sploitus search engine. Instead, it relates to only one URL – a page related to an exploit for the SuperStoreFinder WordPress plugin.
- SuperStoreFinder is a plugin used to create store functionality on WordPress websites. The licensed software has been purchased over 5,000 times.
WordPress News :
1. WordPress 5.6 and PHP 8 Compatibility
- WordPress is updating soon to version 5.6 which aims to be compatible with PHP 8. However, WordPress cautioned that it should be considered “beta-compatible” and explained why upgrading to PHP 8 should at this time be done with care.
It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.