Everybody (including hackers) seemed to have been on vacation for the month of August. It was a relatively calm month. That’s just for issues uncovered, though so they all may pile up in September.
There were no core or theme vulnerabilities this month but plenty for plugins. All plugins with vulnerabilities are organized by active installations from most to least.
WordPress Plugin Vulnerabilities
The bulk of the issues in the WordPress ecosystem happened with plugins. That’s to be expected, though. Read up on this list to see if any plugins you use are on it.
Nextgen Gallery
There are 900,000+ active installations of this plugin and the vulnerability was fixed in version 3.2.11 so update immediately. You can learn more on the WP Vulnerability DB.
Popup Builder
This vulnerability was discovered last month (July) but patched earlier in August 2019. It has been fixed in version 3.45 and you can read up on it on this FortiGuard Labs blog post. It has 100,000+ active insallations according to the WordPress repository.
Woody Ad Snippets
The vulnerability pointed out in the NinTechNet blog were fixed in version 2.2.5. There were additional issues addressed in version 2.2.6 so you should update at least to that version. This plugin has 90,000+ active installations.
Give
There was a vulnerability in Give discovered and patched in July but disclosed this month, August 2019. It was patched in version 2.5.1 and the plugin has 60,000+ active installations. YOu can learn more about the vulnerability on this FortiGuard blog post.
WP SVG Icons
Update to version 3.2.3 or higher to fix the vulnerability in this plugin with 50,000+ active installations. Learn more about the vulnerability on this ZeroAuth blog post.
Shapepress DSGVO
The vulnerability was fixed in version 2.2.19 for this plugin with 40,000+ active installations. Learn more here.
Bold Page Builder
Update to version 2.3.2 or higher where the vulnerability was fixed for this plugin with 20,000+ active installations. See an overview of the vulnerability on the NinTechNet blog.
Import Export WordPress Users
A fix was included in version 1.3.2 and higher of this plugin with 20,000+ active installations. Learn more here.
WooCommerce Product Feed For Google, Facebook, eBay And Many More
Update to version 3.1.15 or higher which has fixes for the vulnerability of this plugin with 10,000+ active installations. Learn more about the vulnerability.
Cformsll
Update to version 15.0.2 or higher to fix this vulnerability of this plugin with 10,000+ active installations then learn more here.
PPOM for WooCommerce
Update to version 18.4 or greater to take care of this vulnerability for this plugin of 10,000+ active installations then learn more from the WP Vulnerability Database.
Simple 301 Redirects Addon Bulk Uploader
This plugin has 10,000+ active installations and the vulnerability was fixed in version 1.2.5 so updated to there or above. You can learn more about the vulnerability from this NinTechNet blog post.
Login Or Logout Menu Item
This vulnerability was outlined in this NinTechNet blog post and has been patched with version 1.2.0. The plugin has 10,000+ active installations.
WP Private Content Plus
Update to version 2.0 or higher to fix this vulnerability of this plugin with 8,000+ active installations then learn more about the vulnerability.
Coming Soon and Maintenance Mode
The vulnerability was detailed in the NinTechNet blog but has some vulnerabilities fixed in version 1.8.0 and more in version 1.8.2. There are 7,000+ active installations of this plugin.
Easy Property Listings
Update to version 3.4 or higher to fix this vulnerability in this plugin with 6,000+ active installations and then learn more about it here.
HandL UTM Grabber
Update to version 2.6.5 or higher where the vulnerability is fixed in this plugin of 4,000+ active installations. Learn more about the vulnerability here.
ND Booking
This vulnerability was patched in version 2.5 and was outlined on this NinTechNet blog post. The plugin currently has 3,000+ active installations.
JoomSport
This plugin has 2,000+ active installations and the vulnerability was fixed in version 3.4 so update to that version or higher. You can learn more here.
ND Learning
Update to version 4.8 or higher and then read up on this vulnerability on this NinTechNet blog post. The plugin has an active installation base of 2,000+.
ND Donations
The vulnerability was patched in version 1.4 and was outlined in the NinTechNet blog. It has 2,000+ active installations.
ND Travel
This vulnerability was fixed in version 1.7 with 1,000+ active installations. Information on the vulnerability can be found from NinTechNet blog or WP Vulnerability DB.
Travel Management
This vulnerability was patched in version 1.7 with more details on this NinTechNet blog post. The plugin has 1,000+ active installations.
ND Restaurant Reservations
With only 400+ active installations this one doesn’t reach many installations but it’s still important to update. Update to version 1.5 or greater to take care of the vulnerability and learn more about it from this NinTechNet blog post.
UserPro
This is a CodeCanyon plugin that has an active vulnerability that has not been fixed for this plugin with 19,093 sales. You can learn more here.
WordPress Theme Vulnerabilities
There were no WordPress themes with known vulnerabilities.
WordPress Core Vulnerabilities
The WordPress core hasn’t had a vulnerability since March of 2019. That’s a great record with no known security issues for so long.
Go WordPress!
It’s still a great idea to actively monitor and secure your WordPress installation. As always, the best way to do it is to have a good WordPress maintenance service monitoring your website every day.