Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in September 2019.

If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible.  In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.

Remember that outdated software is the number one reasons websites and devices get hacked.

WordPress Updates:

WordPress version 5.2.3 was released on September 4th, 2019, to patch several potential security vulnerabilities.

WordPress Plugin Vulnerabilities:

Advanced Access Manager

Checklist

Content Upgrades

ECPay Logistics for WooCommerce

Ellipsis Human Presence Technology

Event Tickets

LifterLMS

Photo Gallery by 10Web

Portrait-Archiv.com Photostore

Qwizcards

Search Exclude

SlickQuiz

Spryng Payments for WooCommerce

WordPress Theme Vulnerabilities:

No WordPress Theme vulnerabilities were disclosed

Breaches From Around the Web

Jack Dorsey’s Twitter Account Was Hacked

Jack Dorsey, Twitter CEO, was a victim to a SIM swap attack. A SIM Swap is when an attacker works with your cell phone provider to port your telephone to a different phone. After taking over your phone number, the malicious actor can then receive your SMS two-factor codes.

phpMyAdmin Vulnerability

PHP version 4.9.0.1 is vulnerable to a new Cross-Site Request Forgery attack, and it is a Zero-day. The vulnerability will allow an attacker to trigger CSRF attack against a phpMyAdmin user deleting any server in the Setup page.

Thanks to iThemes for compiling this information!

[optin-monster-shortcode id=”yb8cjlx2u7mik93fvgvb”]