Monthly WordPress Security Roundup [December 2020]

Hello everyone, it’s Kanishk again from Astra Security – bringing you another edition of the Monthly WordPress Security Roundup for December 2020. Today we’ll discuss the introduction of new WordPress v5.6 features, core changes, recent vulnerabilities found in WP plugins and themes, WordPress v5.7 update expected date and some other security issues. So, let’s get straight into the news.

WordPress rolled out its 5.6 version “Simone”

On December 8, 2020, WordPress rolled out its latest version 5.6 – dubbed as ”Simone” that introduced more new features & enhancements for the next 4-6 months till v5.7 comes. For WordPress users & developers, as we shared earlier, the Simone update also added a new UI for automatic updates for major WP core releases, bug fixes, external authentication to the REST API via application passwords, other updates for Block Editor and finally the PHP 8 compatibility. 

Whereas, WordPress v5.7 is already under development and is scheduled to be released in March 2021.

Now talking about core vulnerabilities disclosed this month (Dec 2020), no new vulnerabilities were found in the recently released WordPress 5.6.

Vulnerabilities discovered in WordPress plugins

1. Unrestricted File Upload in Contact Form 7 plugin

• Contact Form 7 plugin for WP that allows its users to add multiple contact forms on their site has an Unrestricted File Upload vulnerability in version 5.3.1 and below.
• This plugin is installed on over 5 million WordPress sites. By exploiting this vulnerability, the hackers can upload malicious files into your website and can also plant backdoors.
• The patched version of this plugin is v5.3.2 and above.

2. Debug Log Disclosure vulnerability in Easy WP SMTP plugin

• Easy WP SMTP plugin for WordPress that allows its users to configure and send all outgoing emails via an SMTP server has a debug log disclosure vulnerability in its plugin version below 1.4.3.
• This plugin is installed on over 500K WordPress sites. By exploiting this vulnerability, the hackers can reset the admin password and take complete control of a compromised WordPress website.
• The patched versions of this plugin are v4.1.3 and above.

3. Authenticated SQL Injection in WP Google Map plugin

• WP Google Map plugin for WordPress that allows its users to create google maps shortcodes to display responsive google maps on pages, widgets and custom templates, has an authenticated SQL injection vulnerability in its plugin version below 4.1.4.
• This plugin is installed on over 100K WordPress sites. If you’re using this plugin, it is recommended to update to its latest version 4.1.4.

4. Multiple vulnerabilities in WPJobBoard plugin

• WPJobBoard plugin for WordPress that allows its users to run a job board on a website – has multiple vulnerabilities in its plugin version below 5.7.0.
• The patched versions of this plugin are v5.7.0 and above.

5. XSS in WP-PostRatings plugin

• WP-PostRatings plugin for WordPress has a Cross-Site Scripting (XSS) vulnerability in its plugin versions 1.86 and below.
• This plugin is installed on over 80K WordPress sites. If you’re using this plugin, it is recommended to update to its latest version 1.89.

6. Unauthenticated Arbitrary File Read vulnerability in W3 Total Cache plugin

• W3 Total Cache plugin for WordPress that helps its users with SEO and CDN has an unauthenticated arbitrary file upload vulnerability in its plugin version below 2.0.1
• This plugin is installed on over 1 million WordPress sites. The patched versions of this plugin are v2.0.1 and above.

7. Multiple Stored XSS in WordPress Popup Builder plugin

• Popup Builder plugin for WordPress that allows its users to create and manage promotion modal popups for their WordPress blog or website – has multiple stored Cross-site Scripting (XSS) vulnerabilities in plugin versions <=3.69.6.
• This plugin is installed on over 200K WordPress sites. The patched versions of this plugin are v3.69.7 and above. It is advised to update the plugin to its latest version 3.71

8. Multiple vulnerabilities in Limit Login Attempts Reloaded plugin

• Limit Login Attempts Reloaded plugin for WordPress that allows its users to limit the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages – has multiple vulnerabilities in its plugin:
  • Authenticated Reflected Cross-Site Scripting (XSS) in plugin versions 2.15.2 and below. [CVE- 2020-35589]
  • Login Rate Limiting Bypass vulnerability in plugin versions 2.17.3 and below. [CVE- 2020-35590]
• This login security plugin is installed on over 1 million WordPress sites. By exploiting this vulnerability, the hackers can reset the admin password and take complete control of a compromised WordPress website.
• The latest version of this plugin is v2.18.0 and above.

Vulnerabilities discovered in WordPress themes

9. Multiple vulnerabilities in ListingPro WordPress Directory Theme

• ListingPro WordPress Directory theme for WordPress has multiple security vulnerabilities in its plugin:

• Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation vulnerability in theme versions 2.6 and below.
• Unauthenticated Sensitive Data Exposure vulnerability in theme versions 2.6 and below.

• This theme is installed on over 19K WordPress websites. By exploiting these vulnerabilities, the hackers can obtain unauthorized access to your WordPress website which can also lead to a data breach.
• Both the vulnerabilities are patched in the theme version 2.6.1. It is advised for the users that have installed this theme should update it to the latest version immediately.

Make sure to update to the latest version if you are running any of the above-mentioned WordPress themes or plugins.

Websites, plugins and themes that are protected by Astra Security’ Firewall are already secured against vulnerabilities such as XSS, RCE, CSRF, arbitrary file upload & deletion, sensitive data exposure, and SQL injection.

That does it for this month’s WordPress Security Roundup. Stay safe from any unanticipated attack and be aware of the security vulnerabilities and latest patches. From all of us here at Astra Security, have a great month ahead and we’ll catch you up next time.

Astra Security Suite – WordPress Security Plugin Can Help Secure Your Site

Astra Security Suite –  WordPress security plugin, is the go-to security suite for your WordPress website. With Astra Security Suite, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats. This means you can get rid of other security plugins & let Astra Security take care of it all.