Feedback

WordPress Vulnerability Report #15 – November 2019

#Uncategorised

29th November 2019

With only two vulnerabilities recorded, November 2019 could be one of the safest months since we launched WordPress Vulnerability Report. However, a security issue within an incredibly popular site management plugin, Jetpack, could affect millions of websites. Learn how to keep your site secure.

Our goal is to make the Web secure and transparent for everyone. If you have questions regarding our report, don’t hesitate to contact us.

We also offer professional security monitoring – including plugin monitoring, offsite backups, and much more. Learn more about our WordPress security and maintenance services and subscribe to our newsletter for monthly updates on WordPress vulnerabilities.

Secure business website – WordPress core and plugin vulnerabilities

Learn why we launched the WordPress Vulnerability Report in the video message from our Technical Director, Tomasz Lisiecki.

If you’re looking for more information, please read our introductory article.

SASSY SOCIAL SHARE 3.3.3 – CROSS-SITE SCRIPTING (XSS)

Problem
A frequent issue with WordPress plugins, the lack of proper code and/or input sanitisation, causes this plugin to render text input as HTML.

Is it safe?
Remote attackers can perform a variety of malicious actions, including changing the appearance of a website, perform phishing attacks to steal sensitive data, and more.

Our recommendation
Update to the plugin version 3.3.4 or higher, which fixes the vulnerability.

Level of warning
Low

JETPACK 5.1-7.9 – VULNERABILITY IN SHORTCODE EMBED CODE

Problem
An unspecified vulnerability in the way Jetpack processes embed code was reported this month.

Is it safe?
The issue affects all versions since 5.1, released in July 2017. There were no mentions of successful attacks using this vulnerability so far, but now it was brought to life, the risk is much higher.

Our recommendation
Update to the latest release of your Jetpack version. They have released security updates to all 29 versions since 5.1, including the latest release, 7.9.1. If you’re running an older version of the plugin, we highly recommend upgrading to 7.9.1 to avoid other possible security issues.

Level of warning
Moderate

Here’s What You Should Do Next

If you’d like us to work on your website to increase your profits, please get in touch. No matter where you are in the world.

Talk to us

If you are a little unusure whether we are a good fit for each other, head over to this page to learn about our typical clients.

See who we work with

Do you want profit?

Download these FREE resources and optimise your website for conversions.

Included in our resources:

  • Discover how to optimise your website for conversions and grow your business.
  • Learn how to optimise your website using modern SEO techniques.
  • Find out ways of making your website profitable to your business.
  • Plus email notifications of industry insights, tools and tips to help your business grow.

We will never sell, rent or trade your personal information with anyone. Pinky promise.