Security Breaches, Hacks & Concerns – September 2019
Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in September 2019.
If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible. In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.
Remember that outdated software is the number one reasons websites and devices get hacked.
- WordPress version 5.2.3 was released on September 4th, 2019, to patch several potential security vulnerabilities.
WordPress Plugin Vulnerabilities:
- Advanced Access Manager
- Content Upgrades
- ECPay Logistics for WooCommerce
- Ellipsis Human Presence Technology
- Event Tickets
- Photo Gallery by 10Web
- Portrait-Archiv.com Photostore
- Search Exclude
- Spryng Payments for WooCommerce
WordPress Theme Vulnerabilities:
- No WordPress Theme vulnerabilities were disclosed
Breaches From Around the Web
Jack Dorsey’s Twitter Account Was Hacked
Jack Dorsey, Twitter CEO, was a victim to a SIM swap attack. A SIM Swap is when an attacker works with your cell phone provider to port your telephone to a different phone. After taking over your phone number, the malicious actor can then receive your SMS two-factor codes.
PHP version 18.104.22.168 is vulnerable to a new Cross-Site Request Forgery attack, and it is a Zero-day. The vulnerability will allow an attacker to trigger CSRF attack against a phpMyAdmin user deleting any server in the Setup page.
Thanks to iThemes for compiling this information!