WP themes vulnerability JUL 2021
Be informed about the latest WordPress theme vulnerabilities, identified and reported publicly. With WP themes vulnerability JUL 2021, the consequences of a hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider our FREE security AUDIT.
Estimation of active WordPress installations that are susceptible to these attack types is hard. The case with themes is a bit different than with plugins. There are free / premium / white-label / bundled and whole-suite versions. Also, it is sadly extremely common, that themes are installed, but never used. As these files from publicly reported vulnerable themes are on your domain, it opens Pandora’s box from a security point of view.
The following cases made headlines PUBLICLY just last month in the WP themes vulnerability JUL 2021 category:
- Onair2: Radio Station WordPress Theme With Non-Stop Music Player – Unauthenticated RFI and SSRF
- OnAir2 is the most complete WordPress theme to create professional radio station websites, with non-stop music player, radio shows, schedule, podcasts, events calendar, eCommerce, donations and more.
- KenthaRadio – Addon for Kentha Music WordPress Theme To Add Radio Station and Schedule Functionality – Unauthenticated RFI and SSRF
- Boost your Kentha WordPress Theme with full radio station capabilities and transform your website in the perfect radio station.
- Newspaper – News & WooCommerce WordPress Theme – Reflected Cross-Site Scripting
- Newspaper is a WordPress theme that lets you write articles and blog posts with ease.
- WOOSTIFY PRO – CSRF Bypass
- Woostify is fully optimized to make your website at the smallest size and fastest loading time, even without any optimization applied at all.
- Workreap – Freelance Marketplace and Directory WordPress Theme – Missing Authorization Checks in Ajax Actions
- Workreap – Freelance Marketplace and Directory WordPress Theme – Multiple CSRF + IDOR Vulnerabilities
- Workreap – Freelance Marketplace and Directory WordPress Theme – Unauthenticated Upload Leading to RCE
- Workreap is a Freelance Marketplace WordPress theme with some exciting features and excellent code quality. It has been designed and developed after thorough research to cater the requirements of people interested in building freelance marketplace or other similar projects. The design is contemporary but at the same time it focuses on the usability, visual hierarchy and aesthetics to ensure easy navigation for the end users.
- NewsMag – Unauthenticated Reflected Cross-site Scripting (XSS)
- Newsmag is a clean and modern magazine, news or blog WordPress theme for magazines, news websites, blogs and others. It have 4 different blog page style. It is will make your website adaptable with any type of mobile devices. Your site will be adaptive when viewed on a smartphone or tablet. Fully Responsive, Customizable and Search Engine ( SEO ) Friendly Friendly WordPress Theme using Twitter Bootstrap 3, Microformats and Font Awesome icons. You can add Contact Form and Google Maps to contact page. You can also build custom front page to use 3 different block styles, post banner and slider as unlimited. The theme offers Widgetized Sidebar, four column Footer Widgets. You can add unlimted Widgets in each Sidebar and Footer Column. Theme Features: Advanced Custom Fields, Contact Form, Custom Front Page Settings, Custom Background Support, Custom Menu ( 3 Level on Header, 1 Level on footer ), Custom Colors, Google Fonts, Dynamic Widgets, Slider ( Responsive and Mobile Touch Friendly ), Featured Post Banner, Different Blog Page and Homepage Style, Redux Framework, Post Formats, Microformats, Responsive Video, Popular Posts Widgets. To learn more about the theme please go to the theme uri and read the documentation.Active installations: 10,000+
BRIEF: It is difficult to keep an eye on every disclosed WordPress theme vulnerability and compare that list to the variations of plugins and themes you have set up on your site. The same goes with the publicly reported WP themes vulnerability JUL 2021. Yet, keeping track of vulnerabilities is the difference between having a secure site versus one that hackers will easily make use of.
We’ve been involved in WordPress security for more than a decade. Auditing hundreds of hacked domains, we understand for a fact that outdated themes and plugins are the leading cause behind hacked WordPress. Like any other software application, WordPress themes and plugins develop vulnerabilities. To patch it, developers quickly launch an update. When site owners postpone or fail to implement updates, they leave their websites susceptible to a hack.
WP theme vulnerabilities Explained
Keep Your WordPress Updated! We can’t stress enough about the importance of security updates. You should have noticed that many hacks attacks that we mentioned in the earlier area were triggered due to outdated themes and plugins. It happens when there is a delay in updating the website. It leaves the site prone to a hack.
The impact of WP themes vulnerability JUL 2021:
The consequences of a hacked domains are ugly. You will experience some major backlash on your WordPress domain such as:
– A marked drop in search engine rankings for the keywords you’re targeting;
– High bounce rates as visitors are redirected to different websites;
– Wasted SEO efforts in the future;
– Wasted development costs due to the fact, that sometimes is cheaper to start from scratch, than solve an old problem;
- Search Engine Result Page blacklist/warnings on your domain, like:
- This site may be hacked
- Deceptive site ahead
- Hosting account suspensions
- Email providers blacklisting your domain
- High cleanup, recovery, damage control costs
- Major decline in your brand’s image, reputation
Probing attacks – 1st step for WP themes vulnerability JUL 2021
For the time being, the large bulk of these attacks appear to be information gathering attacks, created to identify whether a website has a vulnerable theme set up rather than to perform an exploit chain. The next steps are Remote Code Execution (RCE) leading to site takeover with these vulnerabilities. We highly advise upgrading as soon as possible.
WP themes vulnerability JUL 2021 identified – What should I do?
If your website is running any of these themes, it is critical to upgrade to the LATEST version IMMEDIATELY. If no patched version is available you will wish to momentarily change to another theme or use an active firewall software like owl WAF, that prevents these snooping or their real attacks. If you have made changes, modifications to these themes without the use of a child theme, you will want to download a backup copy of the present variation before updating. If anyone you know is running any of these themes, please share this post to guarantee they update their website also.