Scroll Top

WP Security: 3 theme vulnerabilities in May 2019

By Csaba, Miklós WP Security WP SERVICES 17 June 2019

WP SECURITY: 3 THEME VULNERABILITIES IN MAY 2019

WP Security bulletin - May 2019

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in a premium WordPress theme identified and reported publicly in May 2019. As these vulnerabilities are disclosed, when you use one (or more) of these outdated themes (main theme, child theme) - your risking serious WordPress security breaches.

  • JobCareer | Job Board Responsive WordPress Theme
    • Stored XSS reported by QUIXSS (defcon.su). Bad input fields data filtering has been discovered in the «JobCareer | Job Board Responsive WordPress Theme».
      • WordPress Safety recommendation: immediately upgrade to version 2.5.1 to fix the vulnerability.
    • Traveler - Travel Booking WordPress Theme
      • Reflected & Stored XSS reported by QUIXSS (defcon.su). Weak security measures like no input & textarea fields data filtering has been discovered in the «Traveler - Travel Booking WordPress Theme».
        • WordPress Safety recommendation: immediately upgrade to version 2.7.2 to fix the vulnerability.
      • CarSpot – Automotive Car Dealer WordPress Classified Theme
        • Authenticated Stored XSS reported by QUIXSS (defcon.su). Bad input field data filtering has been discovered in the «CarSpot – Automotive Car Dealer WordPress Classified Theme». Current version of this Premium Theme is 2.1.5.
          • WordPress Safety recommendation: immediately upgrade to version 2.1.7 to fix the vulnerability.

        •  


Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

WP Security
Do you have any concerns with WP Security? Leave your thoughts in the comments below!

Related Posts

THEMES VULNERABILITY 2022
Disempowered WP Security: #1 WP themes vulnerability MAY 2022
11 May 2022
THEMES VULNERABILITY 2022
Disempowered WP Security: 9 WP themes vulnerability MAY 2021
14 Jun 2021
WP SECURITY
WP Security: 6 plugin vulnerabilities in February 2019

WP Security bulletin – February 2019 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious WordPress…

08 Mar 2019
IDENTITY ONLINE
Identified as New WP under 30 min

Your freshly installed, brand new WP is discovered faster than you imagine. Amazingly, even before you are informed. Find out how in this post. New WordPress installs are the main focus for smart hackers. The race to take over a fresh WP reached new epic heights. We live in a…

03 Aug 2017
F3 DEFACEMENT
Defaced Homepage Horrors

Highly obvious hacking. Because they can and because they have a message. And the message will be clearly visible on the homepage of your website. Mostly, hackers usually replace only the homepage with their own message. Replacing back the homepage to your old version is not the solution. You need…

04 Aug 2017
WP SECURITY
WP Security: 14 plugin vulnerabilities in March 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: NextGEN Gallery BYPASS reported by Dewhurst Security. In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. immediately upgrade to version 2.2.50 to fix the vulnerability Category Order and Taxonomy Terms Order A1: Injection…

02 Apr 2018
WP SECURITY PLUGIN VULNERABILITIES
66 WP Security Plugin Vulnerabilities AUG 2022
18 Aug 2022
THEMES VULNERABILITY 2022
Disempowered WP Security: 13 WP themes vulnerability APR 2021
19 May 2021
SOCIALENGINEERING
TOP Social Engineering approach statistics

Social engineering approaches further matured in both phishing and malware attacks, with increased geotargeted malware attacks. For all the known WordPress Security issues, these were the most identified types: BANKING TROJANS: This type of malware steals victims bank login credentials, usually by redirecting victims’ browser to a fake version of…

03 Aug 2018
THEMES VULNERABILITY 2022
WP Themes vulnerability APR 2023: 17 premium risks
03 Apr 2023
WP SECURITY
WP Security: plugin vulnerabilities October

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Content Timeline Multiple Blind SQL Injection reported by Jeroen (IT Nerdbox). One unauthenticated and two authenticated injections in the premium ‘Content Timeline’ WP plugin. Author contacted twice without any response. remove this plugin to fix vulnerabilities, as…

01 Nov 2017
WP SECURITY
WP Security: 6 plugin vulnerabilities in OCT 2018

WP Security bulletin – OCTOBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious…

31 Oct 2018
WP SECURITY PLUGIN VULNERABILITIES
43 WP Security Plugin Vulnerabilities NOV 2022
04 Nov 2022
THEMES VULNERABILITY 2022
WP Theme CVE NOV 2024: 18 Premium Hack risk
05 Nov 2024
CLOUD SERVICES
New Attack Vectors: CLOUD SERVICES

Social Engineering exploits More businesses are moving to the cloud, creating new kinds of risk. Analysing how attackers are getting access to this infrastructure—and how some users are inadvertently misusing it — provides critical insight into how to better protect against these new threats. The cloud and software-as-a-service (SaaS) apps…

13 Aug 2018
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.