WordPress Vulnerability Report #16 – December 2019 & Yearly Rewind
WordPress 5.3 security issues are in the spotlight of the last Vulnerability Report of 2019. While our list of “best-in-class” plugins remained unaffected, we’ve noticed vulnerabilities in two popular plugins with over 160,000 installations combined. Discover why you should update to WordPress 5.3.1 as soon as possible, and the dangers of using the older versions of “301 Redirects - Easy Redirect Manager” and “GDPR Cookie Compliance”.
In this issue:
- WordPress 3.7-5.3 - Access Control Issue
- WordPress 3.7-5.3 - Cross-Site Scripting (XSS) in Links
- WordPress 3.7-5.3 - Cross-Site Scripting (XSS) in Block Editor
- 301 Redirects - Easy Redirect Manager 2.40 - Multiple Vulnerabilities
- GDPR Cookie Compliance 4.0.2 - Authenticated Settings Manipulation
2019 was the first full calendar year for WordPress Vulnerability Report. The 12 issues covered 48 vulnerabilities in the most popular plugins and the core of WordPress.
Throughout the year we’ve monitored over 100 unique plugins. 79 of these are on our “best-in-class” list and are monitored regularly as part of the Report and our monthly WordPress maintenance service.
We’ve also reported critical vulnerabilities in over two dozen popular second choice plugins, like Easy Redirect Manager and GDPR Cookie Compliance in this issue.
In 2020 the Vulnerability Report is here to stay. If you’d like to be the first one to know about new issues, subscribe to our newsletter which also includes weekly articles from our expert on how to run a profitable business website.
Our goal is to make the Web secure and transparent for everyone. If you have questions regarding our report, don’t hesitate to contact us.
We also offer professional security monitoring – including plugin monitoring, offsite backups, and much more. Learn more about our WordPress security and maintenance services and subscribe to our newsletter for monthly updates on WordPress vulnerabilities.
Secure business website – WordPress core and plugin vulnerabilities
Learn why we launched the WordPress Vulnerability Report in the video message from our Technical Director, Tomasz Lisiecki.
If you’re looking for more information, please read our introductory article.