Monthly WordPress Security Roundup [October 2020]

Hello everyone, it’s Kanishk again from Astra Security – bringing you another edition of the Monthly WordPress Security Roundup for October 2020. Today we’ll discuss the introduction of new WordPress v5.6 features, core changes, recent vulnerabilities found in WP plugins and themes, and some other security issues. So, let’s get straight into the news.

WordPress 5.6 to introduce new features

Last month WordPress released its 5.5.1 maintenance version with some bug fixes and core changes and is already planning for its next major release WordPress 5.6 on targeted release date 08th December 2020. 

WordPress 5.6 will be the third major release of the year 2020 which aims to include nav menu block, automatic updates for major core releases, widget editing and Customizer support in core, PHP 8 support, and update Gutenberg to the latest release version. It is also set to introduce Application Passwords for REST API Authentication.

Good news for people whose sites are running on WordPress’ latest version 5.5.1. There are no new WordPress core vulnerabilities disclosed in October 2020.

Vulnerabilities discovered in WordPress plugins

1. SQL Injection in Loginizer plugin

• Loginizer security plugin for WP that protects websites from brute force attacks has a SQL injection vulnerability in versions below 1.6.4. 
• This plugin is installed on over 1 million WordPress sites. By exploiting the SQLi in this plugin hackers can obtain the site’s access and harm your site.
• The patched version of this plugin is above v1.6.4.
• Last week WordPress forced an auto-update for this plugin for over 1 million sites.

2. Cross-site Scripting (XSS) in WPBakery plugin

• WPBakery WordPress page builder plugin has an Authenticated Stored cross-site scripting vulnerability in its <= version 6.4 that can allow hackers to modify user privileges and even plant backdoors in the compromised sites.
• This plugin is currently installed on over 4 million WordPress sites. 
• The updated and fully patched version of this plugin is above v6.4.1

3. Stored XSS in PostGrid and Team Showcase plugin

• PostGrid < v2.0.73 and Team Showcase < v1.22.16 WP plugins have high severity stored cross-site scripting vulnerability that can allow attackers to perform unauthenticated shortcode execution.
• The fully patched versions of these plugins are Post Grid v2.0.73 and Team Showcase 1.22.16.

4. Authenticated Arbitrary File Upload in PowerPress plugin

• PowerPress, a postcarding plugin for WordPress has an authenticated arbitrary file upload vulnerability in below version 8.3.8. If exploited, this vulnerability can allow attackers to upload arbitrary files, such as PHP, leading to remotely execute code on the victim’s site.
• This vulnerability is patched in PowerPress WP plugin version 8.3.8.

5. Unauthenticated SQLi in Advanced Booking Calendar plugin

• Advanced Booking Calendar WordPress plugin below version 1.6.2 has an unauthenticated SQL injection (SQLi) vulnerability. 
• The flaw is fixed in the >= v1.6.3 version of the plugin.

6. Authenticated WP Options Change in TI WooCommerce Wishlist plugin

• TI WooCommerce Wishlist WordPress plugin below version 1.21.12 has Authenticated WP Options Change security vulnerability that can allow an authenticated attacker to take over access of a victim WordPress website and its database.
• It is recommended to update your plugin immediately if you are using version 1.21.11 or below.

Vulnerabilities discovered in WordPress themes

1. Reflected Cross-Site Scripting (XSS) in GreenMart theme

• GreenMart, a WooCommerce WordPress theme <= version 2.4.2 has a high-severity reflected XSS vulnerability.
• The vulnerability is patched in its latest version 2.4.3

2. Unauthenticated Function Injection in multiple WordPress themes

15 WordPress themes have a similar Unauthenticated Function Injection vulnerability that can allow hackers to infect your WordPress website with malware. 

Here is the list of the affected themes and respective fixed versions:

1. Shapely – fixed in version 1.2.9
2. NewsMag – fixed in version 2.4.2
3. Activello – fixed in version 1.4.2
4. Illdy – fixed in version 2.1.7
5. Allegiant – fixed in version 1.2.6
6. Newspaper X – fixed in version 1.3.2
7. Pixova Lite – fixed in version 2.0.7
8. Brilliance – fixed in version 1.3.0
9. MedZone Lite – fixed in version 1.2.6
10. Regina Lite – fixed in version 2.0.6
11. Transcend – fixed in version 1.2.0
12. Affluent – fixed in version 1.1.2
13. Bonkers – fixed in version 1.0.6
14. Antreas – fixed in version 1.0.7
15. Naturemag Lite – No known fix

Make sure to update to the latest version if you are running any of the above-mentioned WordPress themes or plugins.

Websites, plugins and themes that are protected by Astra Security’ Firewall are already secured against vulnerabilities such as XSS, RCE, CSRF, arbitrary file upload & deletion, sensitive data exposure, and SQL injection.

That does it for this month’s WordPress Security Roundup. Stay safe from any unanticipated attack and be aware of the security vulnerabilities and latest patches. From all of us here at Astra Security, have a great month ahead and we’ll catch you up next time.

Astra Security Suite – WordPress Security Plugin Can Help Secure Your Site

Astra Security Suite, WordPress security plugin, is the go-to security suite for your WordPress website. With Astra Security Suite, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats. This means you can get rid of other security plugins & let Astra Security take care of it all.

Source: Security Feed