The WordPress Vulnerability report is as follows.
Following WordPress Vulnerability were found in WordPress Versions below 5.4.1
WordPress Themes Vulnerabilities
1. Nexos – Real Estat
- Nexos – Real Estate versions below 1.8 have an Unauthenticated Reflected XSS & SQL Injection vulnerabilities.
- The vulnerability is patched, and you should update to version 1.8.
2. CareerUp
- CareerUp versions below 2.3.1 have an Unauthenticated Reflected Cross-Site Scripting vulnerability.
- The vulnerability is patched, and you should update to version 2.3.1.
3. Careerfy
- Careerfy versions below 4.1.0 have Multiple Cross-Site Scripting vulnerabilities.
- The vulnerability is patched, and you should update to version 4.1.0.
WordPress Plugin Vulnerabilities
Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.
WordPress Plugin Vulnerabilities
1. Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
- Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions below 5.1.2 have a Cross-Site Scripting vulnerability.
- The vulnerability is patched, and you should update to version 5.1.2.
2. ACF to REST API
- ACF to REST API versions below 3.3.0 have an Unauthenticated Arbitrary wp_options Disclosure vulnerability.
- The vulnerability is patched, and you should update to version 3.3.0.
3. WPForms
- WPForms versions below 1.6.0.2 have an Authenticated Stored Cross-Site Scripting vulnerability.
- The vulnerability is patched, and you should update to version 1.6.0.2.
4. Payment Form for PayPal Pro
- Payment Form for PayPal Pro versions below 1.1.65 have an Unauthenticated SQL Injection vulnerability.
- The vulnerability is patched, and you should update to version 1.1.65.
5. Testimonials Widget
- Testimonials Widget versions 3.5.1 and below have multiple Cross-Site Scripting vulnerabilities.
- Remove the plugin until a security fix is released.
6. JobSearch WP Job Board
- JobSearch WP Job Board versions below 1.5.3 have multiple Cross-Site Scripting vulnerabilities.
- The vulnerability is patched, and you should update to version 1.5.3.
7. Security & Malware scan by CleanTalk
- Security & Malware scan by CleanTalk versions below 2.51 have a Security Nonce Leak leading to Unauthorized AJAX call vulnerability.
- The vulnerability is patched, and you should update to version 2.51.
8. Adning Advertisin
- Adning Advertising versions below 1.5.6 have an Unauthenticated Arbitrary File Upload/Deletion vulnerability.
- The vulnerability is patched, and you should update to version 1.5.6.
It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.