In the last month, a lot of new WordPress vulnerabilities were discovered and patched in the WP core, plugins, and themes. Many of these plugins and themes are quite popular with WordPress website owners and there is a strong possibility you might be using one. To stay safe from any unanticipated attack, you need to be aware. We do not want you to miss updating the patched version and be vulnerable. So we have compiled the list of all the major core updates, plugin, and theme vulnerabilities that happened in June 2020.
WordPress Vulnerabilities (Core) – fixed in version 5.4.2
- This was one of the WordPress vulnerabilities where an authenticated XSS issues could be exploited via theme uploads.
- An attacker with install_themes or edit_themes capabilities, usually admins, could inject code into the stylesheet name of a theme, which would be executed if someone visited the Themes page of the site.
- Comments from password-protected posts and pages could be displayed under certain conditions.
- Sites using the “Recent Comments” widget or plugin were found to show comment excerpts from password protected posts. This could lead to information leaks.
- In this issue, the set-screen-option could be misused by plugins leading to privilege escalation.
- An attacker could exploit a plugin incorrectly using the set-screen-option filter to save sensitive options to gain admin access. Currently, none of the popular plugins are vulnerable to this issue.
- This was an open redirect issue in wp_validate_redirect().
- An attacker could use this flaw to create a link to redirect users to external malicious sites. The wp_validate_redirect function was found to not properly sanitise the URLs supplied to it. A vulnerability in a plugin or theme could lead to this flaw being exploited.
- The attacker, someone with admin access, could carry out an XSS attack through WordPress Customizer.
Attackers have also been targeting the wp-config.php file, which could lead to them gaining access to the site’s database.
Get the ultimate WordPress security checklist with 300+ test parameters
WordPress Plugin Vulnerabilities
- The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS WordPress vulnerabilities. An attacker, someone with author permissions or higher, can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
- The issue was fixed in version 2.9.10.
- There was a potential cross-site scripting issue found in SelectWoo.
- This issue was later fixed in the WooCommerce Admin 1.2.4 update.
- Some authenticated stored cross-site scripting issues were found in some of the plugin settings. An attacker would require high privileges to exploit these vulnerabilities.
- This issue was fixed in version 5.1.2.
- An authenticated SQL injection issue was found in the AdRotate 22.214.171.124 via the “id” parameter. An attacker exploiting this would require admin privileges.
- The issue was fixed in version 5.8.4 of the plugin.
- Multiple WordPress vulnerabilities such as authenticated WordPress options change, content injection, stored Cross-Site Scripting (XSS), arbitrary file deletion and remote code execution were found in KingComposer.
- These issues were fixed in version 2.9.4 of the plugin.
WordPress Theme Vulnerabilities
- An unauthenticated Reflected XSS vulnerability was discovered in the TownHub – Directory & Listing WordPress Theme.
- This issue was fixed in version fixed 1.3.0 of the theme.
- An authenticated (admin+) reflected XSS was found in the Newspaper theme.
- This issue was fixed in version 10.3.4 of the theme.
- Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the Nexos – Real Estate WordPress Theme.
- This issue was fixed in version 1.8 of the theme.
A lot of these attacks and XSS campaigns target older WordPress vulnerabilities in outdated plugins or themes, especially those that allow files to be downloaded or exported. It is, therefore, extremely important to be regular with updates! Software developers constantly roll out patches and updates to fix these vulnerabilities, so if you have the latest version of the plugin or theme, then your site is safe from all the patched WordPress vulnerabilities, and thus way less likely to be attacked.
Another way to keep your site safe is to invest in a good firewall and get regular security audits like from Astra. This could reveal potential vulnerabilities in your site and could help fend off attackers. With round-the-clock expert care, you never have to worry about getting hacked again!