New WordPress plugin and theme vulnerabilities were disclosed during the first half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-april-2020-part-1/
On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations. This flaw allowed an authenticated attacker with minimal, subscriber-level permissions to import and activate custom widgets containing arbitrary JavaScript into a site with the plugin installed. We reached out […]
More info:
https://www.wordfence.com/blog/2020/04/unpatched-high-severity-vulnerability-in-widget-settings-importer-exporter-plugin/
