Patchstack Weekly: Critical WordPress Vulnerabilities And Log4j
Hi Coffigniezâ, it's another week of Patchstack Weekly update. Now you can also find Patchstack Weekly from Spotify.
Patchstack Weekly is hosted and written by Robert from the Patchstack team.
It will give you weekly important information about vulnerabilities and also a little extra - something new to learn.
Image Hover Effects Ultimate
Vulnerability: Authentication Bypass (in versions <= 9.6.1) Fixed in version: 9.6.2 Number of sites affected: 20,000+ CVSS 3.0 score: 9.8 (Critical - Can be exploited remotely without any authentication.)
All in One SEO Pack
Vulnerability: Authenticated Privilege Escalation Fixed in version: 4.1.5.3 Number of sites affected: 3+ million CVSS 3.0 score: 9.9 (Critical - Requires subscriber or higher role user authentication.)
The Plus Addons for Elementor Pro
Vulnerability: Unauthenticated SQL Injection (SQLi) Fixed in version: 5.0.7 Number of sites affected: 50,000+ CVSS 3.0 score: 7.3 (High - Can be exploited remotely without any authentication.)
If you are using any of the mentioned plugins, you need to update it to the latest version as soon as possible. Websites with Patchstack installed are protected from the security issues mentioned below.
In this week's session, Rober talks about the Log4j issue and how it has affected the world: "That's right, they wrote code to break into insecure systems and fix the problem." ð
