Security Advisory: WordPress Vulnerabilities

June 04, 2021 Joe Klenotich

SUMMARY

Three recently disclosed vulnerabilities affect multiple versions of WordPress sites and one 3rd party plugin. WordPress has released Security Updates to remediate these vulnerabilities alongside an update from the developer for users of the “Fancy Product Designer” plugin.

IMPACTED SYSTEMS

  • WordPress version 5.7.1 (remediated in 5.7.2)
  • WordPress version 5.7 (remediated in 5.7.2)
  • WordPress version 5.6 through 5.6.3 (remediated in 5.6.4)
  • WordPress version 5.5.1 through 5.5.4 (remediated in 5.5.5)
  • “Fancy Product Designer” plugin version 4.6.9 (remediated with latest version)

REMEDIATION STEPS

To remediate CVE-2020-36326, and CVE-2018-19296, update to WordPress version 5.7.2, or another patched minor version listed above. To remediate CVE-2021-24370, navigate to https://codecanyon.net visit the “Fancy Product Designer” product page to re-download the plugin. Once downloaded, the patched version can be uploaded to your WordPress site.

MANAGED CLIENTS

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the remediation schedule. 

UNMANAGED CLIENTS

If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.

ADDITIONAL DETAILS

The vulnerabilities are documented in the following CVEs: CVE-2020-36326, CVE-2018-19296, CVE-2021-24370

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24370

https://wpscan.com/vulnerability/4cd46653-4470-40ff-8aac-318bee2f998d