Feedback

WordPress Vulnerability Report #12 – August 2019

#Uncategorised

30th August 2019

The August 2019 issue marks the first anniversary of WordPress Vulnerability Report. For the 12th month in a row, our team has monitored the WordPress core and over 100+ popular plugins. Learn which ones are currently a threat to your site.

Our goal is to make the Web secure and transparent for everyone. If you have questions regarding our report, don’t hesitate to contact us.

We also offer professional security monitoring – including plugin monitoring, offsite backups, and much more. Learn more about our WordPress security and maintenance services.

Secure business website – WordPress core and plugin vulnerabilities

Learn why we launched the WordPress Vulnerability Report in the video message from our Technical Director, Tomasz Lisiecki.

If you’re looking for more information please read our introductory article.

POPUP BUILDER – SQL INJECTION

Problem
A function in the Subscribers Table is vulnerable to SQL injection.

Is it safe?
Attackers with access to the Subscribers Table can execute malicious database queries, which can lead to a full website takeover.

Our recommendation
Upgrade to at least version 3.45.

Level of warning
Moderate

WP SVG ICONS – CROSS-SITE REQUEST FORGERY

Problem
The contents of file uploads aren’t verified properly. Uploading a zipped PHP file will lead to its extraction, executing malicious code remotely, without direct access to the site.

Is it safe?
The attack can affect not only the website but also compromise data on your local machine.

Our recommendation
The vulnerability was patched in version 3.2.3 and you should update the plugin.

Level of warning
High

NEXTGEN GALLERY – SQL INJECTION

Problem
In some cases, gallery display can malfunction and open up the possibility to execute SQL queries.

Is it safe?
The vulnerability exposes the database, allowing the attacker to take full control of a website.

Our recommendation
Update the plugin to at least version 3.2.11 as soon as possible.

Level of warning
High

Here’s What You Should Do Next

If you’d like us to work on your website to increase your profits, please get in touch. No matter where you are in the world.

Talk to us

If you are a little unusure whether we are a good fit for each other, head over to this page to learn about our typical clients.

See who we work with

Do you want profit?

Download these FREE resources and optimise your website for conversions.

Included in our resources:

  • Discover how to optimise your website for conversions and grow your business.
  • Learn how to optimise your website using modern SEO techniques.
  • Find out ways of making your website profitable to your business.
  • Plus email notifications of industry insights, tools and tips to help your business grow.

We will never sell, rent or trade your personal information with anyone. Pinky promise.