Security Advisory: WordPress Vulnerabilities
Three recently disclosed vulnerabilities affect multiple versions of WordPress sites and one 3rd party plugin. WordPress has released Security Updates to remediate these vulnerabilities alongside an update from the developer for users of the “Fancy Product Designer” plugin.
- WordPress version 5.7.1 (remediated in 5.7.2)
- WordPress version 5.7 (remediated in 5.7.2)
- WordPress version 5.6 through 5.6.3 (remediated in 5.6.4)
- WordPress version 5.5.1 through 5.5.4 (remediated in 5.5.5)
- “Fancy Product Designer” plugin version 4.6.9 (remediated with latest version)
To remediate CVE-2020-36326, and CVE-2018-19296, update to WordPress version 5.7.2, or another patched minor version listed above. To remediate CVE-2021-24370, navigate to https://codecanyon.net visit the “Fancy Product Designer” product page to re-download the plugin. Once downloaded, the patched version can be uploaded to your WordPress site.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the remediation schedule.
If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
The vulnerabilities are documented in the following CVEs: CVE-2020-36326, CVE-2018-19296, CVE-2021-24370