Every month is full of interesting and useful WordPress News and Updates; the second half of May was yet again a period filled with news.
WordPress News and Updates
- Happy 18th Birthday WordPress! On the 27th of May, WordPress celebrated its 18th Birthday! And what a magnificent milestone this has been… Since its last birthday, the 40th release has been rolled out and WordPress now is powering over 40% of the web.
WordPress Plugin Vulnerabilities
During the last half of May, there were 13 Plugin Vulnerabilities spotted. These include:
- WP Super Cache. This popular WordPress plugin was detected with an Authenticated Remote Code Execution, a high-risk vulnerability affecting over 2 million sites. A patch was released and upgrading the Plugin to the latest version fixes the issue. Read more.
- Photo Gallery. This plugin was compromised with a medium risk vulnerability, an Authenticated Stored Cross-Site Scripting via Gallery Title. It affected over 300,000 WordPress sites and a patch was released fixing the issue. You will need to update the plugin to the latest version and you can read more about it here.
- Funnel Builder by CartFlows. Affecting over 200,000 websites, this plugin was hit with Authenticated Stored Cross-Site Scripting. A fix was released, and you can find out more details here.
- Instant Images. An Authenticated Stored Cross-Site Scripting & XFS vulnerability, affecting over 70,000 websites was detected and a patch was rolled out. Read more details about it here.
- Database Backup for WordPress. Over 60,000 WordPress sites were affected by an Authenticated Persistent Cross-Site Scripting. This medium risk issue was tackled with a patch released in the latest update. Read more.
Other WordPress Vulnerabilities:
- WP Statistics. Vulnerability: Unauthenticated SQL Injection (High). WordPress sites affected: 600,000+
- External Media. Vulnerability: Authenticated Arbitrary File Upload (Critical). WordPress sites affected: 8,000+
- Smooth Scroll Page Up/Down Buttons. Vulnerability: Authenticated Stored Cross-Site Scripting (Medium). WordPress sites affected: 5000+
- Weekly Schedule. Vulnerability: Authenticated Stored Cross-Site Scripting (Medium). WordPress sites affected: 600+
- CM Registration Pro. Vulnerability: PHP Object Injection (Medium). WordPress sites affected: 200+
WordPress Themes Vulnerabilities
- Car Repair Services. This WordPress theme was detected with a high-risk vulnerability, an Unauthenticated Reflected, patched in the latest version of it. Read more about it here.
With over 30 WordPress Plugin vulnerabilities affecting millions of websites in May, security should be your priority. WP! Republic can help you safeguard your online business by taking care of your WordPress site’s security and enhancing its performance.