Security Breaches, Hacks & Concerns – October 2019
Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in October 2019.
If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible. In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.
Remember that outdated software is the number one reasons websites and devices get hacked.
- WordPress version 5.2.4 was released on October 14th, 2019, to patch several potential security vulnerabilities.
WordPress Plugin Vulnerabilities:
- About Author
- All In One WP Security & Firewall
- All In One SEO Pack
- Broken Link Checker
- Download Plugins and Themes from Dashboard
- EU Cookie Law
- Events Manager
- Export Users to CSV
- Fast Velocity Minify
- iThemes Sync
- Lara’s Google Analytics
- Popup Maker
- Sliced Invoices
- SoundPress Plugin
- SyntaxHighlighter Evolved
- WP Email Template
- WP HTML Mail
- Zoho CRM Lead Magnet Plugin
WordPress Theme Vulnerabilities:
Breaches From Around the Web
Hackers Using Gifs to Attack Drupal
Akami–a security research company–has noticed an increase in attacks embedding malicious codes inside .gif files. The good news is that Drupal patched this vulnerability more than a year ago. The bad news is that poorly maintained sites still haven’t been updated.
Signal Vulnerability Allows Hackers to Listen to Android Microphones
Google Project Zero recently disclosed a vulnerability in the messaging app Signal. The vulnerability can be used when calling someone’s phone using the Signal app. During the phone call, the hacker will need to press the mute button while the target’s phone is ringing. Pressing the mute button will force the target’s device to answer the call, allowing the attacker to eavesdrop on their mark.
Thanks to iThemes for compiling this information!