Latest WordPress July 2020 Part 2 Security Updates
Here is the latest Vulnerability Roundup as reported by iThemes Security, one of the leading WordPress Security plugins. If you have any of these plugins or themes, you will want to login to your WordPress admin panel and go to plugins and update to the latest version to patch the vulnerability.
July 2020 Part 2 Security Updates for Core WordPress
No WordPress core updates.
July 2020 Part 2 Security Updates for Plugins
- Powie’s WHOIS Domain Check – Versions below 0.9.33 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 0.9.33.
- Wise Chat – Versions below 2.8.4 have a CSV Injection vulnerability. The vulnerability is patched, and you should update to version 2.8.4.
- Knight Lab Timeline – versions below 3.7.0.0 are using an outdated version of the TimelineJS library which could Lead to Stored XSS vulnerability. The vulnerability is patched, and you should update to version 3.7.0.0.
- Page Builder: KingComposer – versions below 2.9.5 have an Unauthenticated Reflected Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 2.9.5.
- SRS Simple Hits Counter – versions below 1.1.0 have an Unauthenticated Blind SQL Injection vulnerability. The vulnerability is patched, and you should update to version 1.1.0.
- WP-Live Chat by 3CX – versions below 8.2.0 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 8.2.0.
- Newsletter – versions below 6.7.7 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 6.7.7 .
- Form Maker by 10Web – versions below 1.13.40 have an Authenticated Reflected XSS vulnerability. The vulnerability is patched, and you should update to version 1.13.40.
- SendPress Newsletters – versions below 1.20.7.13 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 1.20.7.13.
- Email Verification for WooCommerce – versions below 1.8.2 have a Loose Comparison to Authentication Bypass vulnerability. The vulnerability is patched, and you should update to version 1.8.2.
- All in One SEO Pack – versions below 3.6.2 have an Authenticated Stored Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 3.6.2.
- JobSearch WP Job Board – versions below 1.5.5 have an Unauthenticated Reflected Cross-Site Scripting vulnerability. The vulnerability is patched, and you should update to version 1.5.5.
- Email Subscribers & Newsletters – versions below 4.5.1 have an Authenticated SQL injection in es_newsletters_settings_callback() and a Cross-site Request Forgery in send_test_email() vulnerabilities.
July 2020 Updates for Theme
There have been no WordPress theme vulnerabilities disclosed in the second half of July.
Weekly Updates
You need to log into your WordPress admin site at least once a week to ensure all of your files are updated to the latest version. Outdated code is the No.1 reason sites get hacked.
If you are not comfortable with running these updates, then feel free to reach out to us, and we can work with you to make sure your site is backed up regularly and up to date on all of your code with one of our monthly care plans.
Also, if you want to get this Vulnerability Roundup when they are published, fill out the form below and you will receive an email anytime we publish an update.