Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in July 2019.

If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible.  In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.

Remember that outdated software is the number one reasons websites and devices get hacked.

WordPress Plugin Vulnerabilities:

Ad Inserter

Adaptive Images for WordPress

AdRotate Banner Manager

Advanced Contact form 7 DB

All-in-One WP Migration

Appointment Booking Calendar

Appointment Hour Booking

Blog2Social: Social Media Auto Post & Scheduler

Category Specific RSS feed Subscription

Coming Soon Page & Maintenance Mode

Contact Form & SMTP Plugin for WordPress

Contact Form 7 Dynamic Text Extension

Email Subscribers & Newsletters

Everest Forms

Essential Real Estate

File Manager

FV Flowplayer Video Player

Gallery PhotoBlocks

Icegram

LiveChat

Newsletters

Ocean Extra

One Click SSL

OneSignal – Web Push Notifications

Photo Gallery by 10Web

Simple Membership

Slimstat Analytics

Ultimate Member

WooCommerce

WordPress Ultra Simple Paypal Shopping Cart

WP Google Maps

WP Like Button

WP Statistics

WPS Hide Login

Visitors Traffic Real Time Statistics

Yoast SEO

WordPress Theme Vulnerabilities:

Zoner – Real Estate WordPress Theme

Breaches From Around the Web

Agent Smith Android Malware

The Agent Smith malware gained its name by replacing portions of other Android apps code with its code. The Malware doesn’t attempt to harvest any user data. Instead, it forces the apps it hacked to show more ads and then takes credit for showing the ads to collect the revenue.

Apple disables Walkie Talkie on the Apple Watch

Apple disclosed a vulnerability on the Apple Watch Walkie Talkie app. Apple disabled the app to patch the vulnerability that allows an attacker to eavesdrop on conversations. It is important to note that Apple said there is no evidence that the vulnerability has ever been exploited.

Capital One Data Breach Compromises 100 Million+

Paige “Erratic” Thompson—a former AWS employee—hacked an AWS sever storing Capital One customer information. Once the hacker that is known as Erratic gained access to the server, she was able to obtain information on over 100 million Capital One Customers.

Zoom

The video conference company Zoom had a vulnerability on the macOS version of their app. The vulnerability would allow a malicious website to force a Zoom user to join a Zoom call.

Thanks to iThemes for compiling this information!

[optin-monster-shortcode id=”yb8cjlx2u7mik93fvgvb”]