CHICK TALK

Chicktastic Info Just for You!

Security Breaches, Hacks & Concerns – September 2019

by

Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in September 2019.

If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible.  In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.

Remember that outdated software is the number one reasons websites and devices get hacked.

WordPress Updates:

    WordPress version 5.2.3 was released on September 4th, 2019, to patch several potential security vulnerabilities.

WordPress Plugin Vulnerabilities:

    Advanced Access Manager
    Checklist
    Content Upgrades
    ECPay Logistics for WooCommerce
    Ellipsis Human Presence Technology
    Event Tickets
    LifterLMS
    Photo Gallery by 10Web
    Portrait-Archiv.com Photostore
    Qwizcards
    Search Exclude
    SlickQuiz
    Spryng Payments for WooCommerce

WordPress Theme Vulnerabilities:

    No WordPress Theme vulnerabilities were disclosed

Breaches From Around the Web

Jack Dorsey’s Twitter Account Was Hacked

Jack Dorsey, Twitter CEO, was a victim to a SIM swap attack. A SIM Swap is when an attacker works with your cell phone provider to port your telephone to a different phone. After taking over your phone number, the malicious actor can then receive your SMS two-factor codes.

phpMyAdmin Vulnerability

PHP version 4.9.0.1 is vulnerable to a new Cross-Site Request Forgery attack, and it is a Zero-day. The vulnerability will allow an attacker to trigger CSRF attack against a phpMyAdmin user deleting any server in the Setup page.

Thanks to iThemes for compiling this information!

[optin-monster-shortcode id=”yb8cjlx2u7mik93fvgvb”]

Show us some love!