December 2

WordPress Vulnerability Information, December 2020

WordPress Vulnerabilities

0  comments

This post was originally published on this site

WordPress vulnerability news is really a weekly digest of highlighted WordPress plugin protection vulnerabilities or even vulnerability discloses which have been published (you can find additional, less critical vulnerabilities on smaller plugins that unfortunately don’t ensure it is to the checklist). 

Keeping up-to-date with security vulnerabilities within WordPress along with other CMS’s can be an important section of security. This is why we have been analyzing WordPress plugins and freshly disclosed vulnerabilities to ensure the sites utilizing the described plugins or designs are protected.

Just about all the vulnerabilities you discover from this content have obtained a virtual patch to the WebARX firewall. This means that if you utilize the WebARX web program firewall, your website is secure from these vulnerabilities, but it’s constantly strongly advised to update or even delete vulnerable plugins from your own site.

Is your WordPress web site secured? Take a glance at how exactly to secure your WordPress site here.

If you’re a WordPress plugin programmer read how to secure plugins from an attackers’ perspective or even contact assistance@webarxsecurity.com and have for a plugin safety audit.

What will be the biggest problems for freelancers and electronic agencies in 2020? Browse the Website Security Survey Report 2020 to learn.

EventON

WordPress virtual occasion calendar plugin.

Vulnerability: Cross-web site scripting (XSS) vulnerability
Fixed in edition: no known repair
Amount of websites affected: 50 000+

Read more concerning the WordPress vulnerability here.

Wibar

Wibar is a style that is created for winery/vineyard sites, online wine shops, wines restaurants and much more.

Vulnerability: Cross-web site scripting (XSS)
Fixed in version: no known repair
Quantity of websites affected: 200+

Authenticated Stored Cross-Web site Scripting (XSS) vulnerability discovered simply by Ilca Lucian Florin within WordPress Wibar superior theme (versions <= 1.1.8).

We were unable to get information regarding the patched edition of the premium theme.

Read more concerning the WordPress vulnerability here.

Age Gate

This plugin enables you to set a restriction on which content can been seen or restricted in line with the age of an individual.

Vulnerability: URL redirection to untrusted web site (‘Open up Redirect’) vulnerability
Fixed in version: no known repair
Amount of websites affected: 20 000+

URL Redirection to Untrusted Web site (‘Open up Redirect’) vulnerability found by Ilca Lucian Florin inside WordPress WordPress Age group Gate plugin (versions <= 2.13.4).

We were unable to locate a patched version of the plugin.

Read more concerning the WordPress vulnerability here.

Events Manager

Events Manager can be an event registration plugin for WordPress.

Vulnerability: SQL injection (SQLi) vulnerability
Fixed in version: 5.9.8
Number of sites affected: 100 000+

Update the WordPress Events Manager plugin to the most recent available version (at the very least 5.9.8).

Read concerning the WordPress vulnerability here.

Vulnerability: Cross-site scripting (XSS) vulnerability
Fixed in version: 5.9.8
Number of sites affected: 100 000+

Read concerning the WordPress vulnerability here.

WordPress Vulnerability News – Conclusion

WordPress sites are increasingly being hacked and infected each day. Some statistics say that about 30,000 websites are infected with some form of malware daily. Every public website is really a resource available on the web and for that reason it’s a target. It’s vital that you understand that when your website can be acquired to the general public, it immediately becomes a target. 

It may take just days from the disclosed plugin vulnerability to a full-scale attack campaign. Attacks in this nature are nearly always automated. In order to fight back, you’ve got a small time window to do this. In such instances, web application firewalls have critical importance.

Always keep your plugins updated. When possible, enable automatic updates. If you work with the mentioned plugins, you will need to update it with the latest version at the earliest opportunity.

WebARX web application firewall gets virtual patches which are distributed automatically on the list of sites when vulnerabilities are discovered. Threat intelligence and prevention are our main focus and therefore our firewall engine is updated on a regular basis.

Websites with WebARX firewall installed are protected from the security issues mentioned in this specific article. If you’re not protecting your WordPress site against plugin vulnerabilities yet go and start free of charge here.

Frequently asked wuestions about WordPress vulnerability

How do I understand easily have a vulnerable WordPress plugin on my site?

The ultimate way to know would be to monitor your website for vulnerabilities. WebARX offers you a synopsis and monitoring panel where you get the chance to gain a complete overview of the proceedings with your sites. You can even enable auto-updates for vulnerable plugins and receive notifications if the sites you manage are outdated or at an increased risk.

How to select a WordPress security tool?

This can require some critical thinking as much of the providers offer 100% security. This may never be promised. Whenever choosing, make certain the security provider supplies a managed web application firewall with virtual patches and active support.

Where can I learn easily have vulnerable plugins on my site?

WebARX shows all of the software and plugin vulnerabilities once you’ve installed it on your own site. It helps one to always be together with vulnerabilities, with protection and updates.

Does installing many WordPress plugins negatively affect security?

There is absolutely no rule of thumb on what many plugins you ought to have on your own site, but if you opt to add functionality to your website using plugins, you need to closely monitor available updates.

As said – a huge selection of WordPress sites get hacked each day. Statistics say that 98% of hacking incidents happen due to outdated plugins and themes. We recommend utilizing the auto-update feature on vulnerable plugins and installing a managed web application firewall that sends automatic virtual patches to your sites.

If you’ve got a lot of plugins you need to strongly contemplate using WebARX to safeguard your sites.

How many websites are hacked each day?

Normally 30 000 new websites are hacked each day. These 30 000 sites are often legitimate smaller businesses sites, which are unwittingly distributing malware.

“@context”: “https://schema.org”,
“@type”: “FAQPage”,
“mainEntity”: [

“@type”: “Question”,
“name”: “How do you know easily have a vulnerable WordPress plugin on my site?”,
“acceptedAnswer”:
“@type”: “Answer”,
“text”: “The ultimate way to know would be to monitor your website for vulnerabilities. WebARX offers you a synopsis and monitoring panel where you get the chance to gain a complete overview of the proceedings with your sites. You can even enable auto-updates for vulnerable plugins and receive notifications if the sites you manage are outdated or at an increased risk.”

,
“@type”: “Question”,
“name”: “Choosing a WordPress security tool?”,
“acceptedAnswer”:
“@type”: “Answer”,
“text”: “This can require some critical thinking as much of the providers offer 100% security. This may never be promised. Whenever choosing, make certain the security provider supplies a managed web application firewall with virtual patches and active support.”

,
“@type”: “Question”,
“name”: “Where may i find out easily have vulnerable plugins on my site?”,
“acceptedAnswer”:
“@type”: “Answer”,
“text”: “WebARX shows all of the software and plugin vulnerabilities once you’ve installed it on your own site. It helps one to always be together with vulnerabilities, with protection and updates.”

,
“@type”: “Question”,
“name”: “Does installing many WordPress plugins negatively affect security?”,
“acceptedAnswer”:
“@type”: “Answer”,
“text”: “There is absolutely no rule of thumb on what many plugins you ought to have on your own site, but if you opt to add functionality to your internet site using plugins, you need to closely monitor available updates.

As said – a huge selection of WordPress sites get hacked each day. Statistics say that 98% of hacking incidents happen due to outdated plugins and themes. We recommend utilizing the auto-update feature on vulnerable plugins and installing a managed web application firewall that sends automatic virtual patches to your sites.

If you’ve got a lot of plugins you need to strongly contemplate using WebARX to safeguard your sites.”

,
“@type”: “Question”,
“name”: “Just how many websites are hacked each day?”,
“acceptedAnswer”:
“@type”: “Answer”,
“text”: “Typically 30 000 new websites are hacked each day. These 30 000 sites are often legitimate smaller businesses sites, which are unwittingly distributing malware.”

]

The post WordPress Vulnerability News, December 2020 appeared first on WebARX.

About the author 

WP Maintain Support Protect

You may also like

Who Attacked SolarWinds and just why WordPress Users Have to know

Who Attacked SolarWinds and just why WordPress Users Have to know

SolarWinds and offer Chain Attacks: Could this happen to WordPress?

SolarWinds and offer Chain Attacks: Could this happen to WordPress?

WordPress Hardening: 18 Methods to Harden Security of one’s Website

WordPress Hardening: 18 Methods to Harden Security of one’s Website
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!