Several security updates have come out this week in the world of WordPress. As always, we reach out directly to clients whose websites are affected by these specific issues. If your organization has a RED security package, these updates have already been applied to your website.
Easy WP SMTP
Some websites use this plugin, one of several similar plugins, to send emails – anything from order confirmations to confirmations to a visitor who has submitted a form to security alerts to your webmaster.
The vulnerability in version 1.3.9 of this plugin, responsibly disclosed by NinTechNet, would allow an attacker to register admin accounts, and then the floor is open to all sorts of other attacks, from SEO spam to email spam, from malicious redirects to defacing the website, and more.
The vulnerability has been patched in the latest version, 126.96.36.199.
Social Warfare is a plugin designed for helping your website visitors share your content across different social media, which can help build traffic to your website.
A cross-site scripting (XSS) vulnerability was discovered in version 3.5.x, which allowed any site visitor to overwrite settings on the website and insert malicious scripts.
The plugin’s creators promptly patched this vulnerability in version 3.5.3.
Bonus Security Alert – Facebook Passwords
This one isn’t WordPress-related, but with the popularity of Facebook and its use for your business, it’s still of interest to many of us.
It was recently disclosed that Facebook stored millions of passwords in human-readable format. At this point, Facebook insists these were only available internally and they have no indication of misuse. Nonetheless, they’ll be alerting users whose account passwords were available in this manner. We encourage you to change your password whether or not you receive such a message from Facebook.
As we shared recently on our own Facebook page, it’s the unfortunate truth that many developers are not security-minded. For your own website, choose developers who have your website’s security in mind. For other websites like Facebook, keep up with security alerts and make sure to follow good password practices like not re-using passwords, using secure passwords, and using a password manager.