Security Breaches, Hacks & Concerns – June 2019
Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in June 2019.
If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible. In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.
Remember that outdated software is the number one reasons websites and devices get hacked.
WordPress Plugin Vulnerabilities:
- ACF: Better Search
- Advanced Woo Search
- Affiliates Manager
- CP Contact Form with PayPal
- Crelly Slider
- Deny All Firewall
- Easy Digital Downloads
- Facebook for WooCommerce
- Import users from CSV with meta
- LionScripts: IP Blocker Lite
- Messenger Customer Chat
- Paid Memberships Pro
- Real Estate Manager
- Related YT Videos
- Seo by Rank Math
- Share This Image
- Shortlinks by Pretty Links
- Sina Extension for Elementor
- Support Board
- User Email Verification for WooCommerce
- WebP Express
- Widget Logic
- WordPress Download Manager
- WP Google Maps
- WP Statistics
WordPress Theme Vulnerabilities:
Breaches From Around the Web
Evernote Web Clipper Chrome Extension
The Evernote Web Clipper Chrome extension is vulnerable to a Universal XSS attack. The vulnerability could allow an attacker to gain access to personal emails, social media data, and other personal information.
NASA Gets Hacked
An unauthorized Raspberry Pi device that was connected to the Jet Propulsion Laboratory servers was compromised. After successfully attacking the Raspberry Pi device the hackers were able to gain access to other systems, including the Deep Space Network array of radio telescopes.
Netflix Finds Linux and FreeBSD Vulnerabilities
Netflix discovered and disclosed three vulnerabilities. The two Linux and one FreeBSD are all TCP based denial of service attacks.
Thanks to iThemes for compiling this information!