Monthly WordPress Security Roundup [February 2021]

Hello WordPress folks, it’s Kanishk again from Astra Security, bringing you the latest in WordPress security with another version of the Monthly WordPress Security Roundup for February 2021. Like always, we’ll be discussing vulnerabilities disclosures & bug fixes in the WP core, database, plugins and themes, and some other security issues related to the WordPress CMS platform.

Take Over

Before we start, I want to let you know that if you’re using Astra WordPress Firewall then your site is completely secured from the following vulnerabilities.

If you’re a WP plugin or theme developer then you can follow this DIY security audit guide to make sure that your plugin has no security loopholes.

So, let’s get started with the news!

In February 2021, thankfully, there were no new vulnerabilities found in the WordPress core system. However, a new WordPress version is released – WordPress 5.6.2 Maintenance Release which includes 5 bug fixes that affected the sites running on WordPress version 5.6.1.

In addition to this, we have seen a large number of plugin and theme vulnerabilities being actively exploited by hackers. Here are those:

Vulnerabilities discovered in WordPress plugins:

1. WordPress Gallery Plugin – NextGEN Gallery

NextGen Gallery plugin for WordPress allows its users to manage images and videos by providing a WordPress Gallery management system.

• Vulnerability Type: Reflected cross-site scripting (XSS) – Source
• Plugin versions affected: <= v3.1.9
• Plugin users: 800,000+
• Fixed version of the plugin: v3.1.11

2. Ninja Forms

Multiple vulnerabilities have been found in the WP plugin Ninja Forms.

Ninja Forms plugin for WordPress allows its users to create beautiful, user-friendly WordPress forms.

i.

• Vulnerability Type: Authenticated SendWP Plugin Installation and Client Secret Key Disclosure – Source
• Plugin versions affected: <= v3.4.33
• Plugin users: 1 Million+
• Fixed version of the plugin: v3.4.34

ii.

• Vulnerability Type: Authenticated OAuth Connection Key Disclosure – Source
• Plugin versions affected: <= v3.4.34
• Plugin users: 1 Million+
• Fixed version of the plugin: v3.4.34.1

iii.

• Vulnerability Type: Administrator Open Redirect – Source
• Plugin versions affected: <= v3.4.33
• Plugin users: 1 Million+
• Fixed version of the plugin: v3.4.34

iv.

• Vulnerability Type: CSRF to OAuth Service Disconnection – Source
• Plugin versions affected: <= v3.4.33
• Plugin users: 1 Million+
• Fixed version of the plugin: v3.4.34

3. Photo Gallery by 10Web

Photo Gallery by 10Web WordPress plugin allows its users to build beautiful mobile-friendly galleries in a few minutes.

• Vulnerability Type: Reflected cross-site scripting (XSS) – Source
• Plugin versions affected: <= v1.5.68
• Plugin users: 300,000+
• Fixed version of the plugin: v1.5.69

4. Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter

Popup Builder WordPress plugin allows its users to create and manage powerful promotion modal popups for your WordPress blog or website.

• Vulnerability Type: Authenticated Reflected Cross-Site Scripting (XSS) – Source
• Plugin versions affected: < v3.74
• Plugin users: 200,000+
• Fixed version of the plugin: v3.74

5. Post SMTP Mailer/Email Log

Post SMTP Mailer/Email Log WordPress plugin assists its users in the delivery of email generated by your WordPress site.

• Vulnerability Type: CSRF Nonce Bypass – Source
• Plugin versions affected: < v2.0.21
• Plugin users: 200,000+
• Fixed version of the plugin: v2.0.21

6. Paid Memberships Pro

Paid Memberships Pro WordPress plugin provides you all the tools you need to start, manage, and grow your membership site.

• Vulnerability Type: Authentication Bypass that leads to Unauthorized Order Information Disclosure
• Plugin versions affected: < v2.5.3
• Plugin users: 100,000+
• Fixed version of the plugin: v2.5.3

7. Responsive Menu

Multiple vulnerabilities have been found in the WP plugin Responsive Menu.

Responsive Menu WordPress plugin allows its users to create and customize the mobile-friendly menu for their WordPress site.

i.

• Vulnerability Type: Authenticated Arbitrary File Upload – Source
• Plugin versions affected: <= v4.0.0 – v4.0.3
• Plugin users: 100,000+
• Fixed version of the plugin: v4.0.4

ii.

• Vulnerability Type: Cross-Site Request Forgery to Arbitrary File Upload – Source
• Plugin versions affected: <= v4.0.3
• Plugin users: 100,000+
• Fixed version of the plugin: v4.0.4

iii.

• Vulnerability Type: Cross-Site Request Forgery to Setting Modification – Source
• Plugin versions affected: <= v4.0.3
• Plugin users: 100,000+
• Fixed version of the plugin: v4.0.4

8. Multiple WP Plugins by Supsystic.com

Multiple Authenticated SQL Injection vulnerabilities have been found in the following plugins:

• Contact Form by Supsystic
• Data Tables Generator by Supsystic
• Membership by Supsystic
• Newsletter by Supsystic
• Pricing Table by Supsystic
• Ultimate Maps by Supsystic

It is recommended to update the above-mentioned plugins to their respective latest versions.

9. Backup Guard

Backup Guard WordPress plugin allows its users to Backup, Restore and Migrate their WordPress website. 

• Vulnerability Type: Authenticated Arbitrary File Upload – Source
• Plugin versions affected: < v1.3.0
• Plugin users: 70,000+
• Fixed version of the plugin: v1.3.0

10. Modern Events Calendar Lite

Modern Events Calendar Lite WordPress plugin is a tool used for managing Events websites.

• Vulnerability Type: Authenticated Arbitrary File Upload leading to RCE
• Plugin versions affected: < v5.16.5
• Plugin users: 70,000+
• Fixed version of the plugin: v5.16.5

11. Ivory Search

Ivory Search WP plugin enhances the default WordPress search and also allows you to create new custom search forms.

• Vulnerability Type: Authenticated Reflected Cross-Site Scripting
• Plugin versions affected: < v4.5.11
• Plugin users: 60,000+
• Fixed version of the plugin: v4.5.11

12. QuadMenu

QuadMenu is a WordPress Mega Menu that allows you to easily integrate the menu in your theme’s project. 

• Vulnerability Type: Unauthenticated RCE via compiler_save – Source
• Plugin versions affected: <= v2.0.6
• Plugin users: 20,000+
• Fixed version of the plugin: v2.0.7

Vulnerabilities discovered in WordPress themes:

1. Wyzi – Social Directory WordPress Theme

• Vulnerability Type: Cross-Site Scripting (XSS) – Source
• Plugin versions affected: <= v2.4.2
• Theme users: NA
• Fixed version of the plugin: v2.4.3

That does it for this month’s WordPress Security Roundup. Make sure to update to the latest version if you are running any of the above-mentioned WordPress plugins and themes.

Stay safe from any unanticipated attack and be aware of the security vulnerabilities and latest patches. From all of us here at Astra Security, have a great month ahead and we’ll catch you up next time.

Websites, plugins and themes that are protected by Astra Security Suite are already secured against vulnerabilities such as XSS, RCE, CSRF, arbitrary file upload & deletion, sensitive data exposure, and SQL injection.