WordPress 5.7.1 is now available!
This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.
Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.
Joomla! CMS versions 3.0.0 - 3.9.25
Upgrade to version 3.9.26
Impact: Low
Severity: Low
CVE Number: CVE-2021-26031
Versions: 3.0.0 - 3.9.25
Exploit type: LFI
Reported Date: 2021-01-03
Fixed Date: 2021-04-13
Inadequate filters on module layout settings could lead to an LFI.
Joomla! CMS versions 3.0.0 - 3.9.25
Upgrade to version 3.9.26
Project: Fast Autocomplete
Version: 8.x-1.7, 8.x-1.6, 8.x-1.5, 8.x-1.4, 8.x-1.3, 8.x-1.2, 8.x-1.1, 8.x-1.0
Date: 2021-March-17
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass
Matt Mullenweg of WordPress community has announced the release of WordPress 5.7 “Esperanza” today on March 2, 2021.
“Esperanza” is named in honor of Esperanza Spalding, a modern musical prodigy. Her path as a musician is varied and inspiring—learn more about her and give her music a listen!
WordPress 5.6.2 is now available!
This maintenance release includes 5 bug fixes. These bugs affect WordPress version 5.6.1, so you’ll want to upgrade.
Date: Wednesday, Jan 27th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-001
CVE ID: CVE-2020-36193
Vulnerability: Third Party Libraries
Versions affected: Backdrop Core 1.18.x versions prior to 1.18.1, Backdrop Core 1.17.x versions prior to 1.17.6
Backdrop versions 1.16 and prior do not receive security coverage.The Backdrop project uses the pear Archive_Tar library, which has released a security update that impacts Backdrop. For more information please see:
Project: Subgroup
Version: 1.0.x-dev
Date: 2021-January-27
Security risk: Less critical 9∕25
Vulnerability:Access bypassThis module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree.
Project: Open Social
Versions: 8.x-9.x-dev, 8.x-8.x-dev
Date: 2021-January-27
Security risk: Moderately critical 12∕25
Vulnerability: Access bypassThe optional Social Auth Extra module enables you to use the single sign-on methods provided by Open Social e.g. Facebook, LinkedIn, Google and Twitter.
Project: Open Social
Versions: 8.x-9.x-dev, 8.x-8.x-dev
Date: 2021-January-27
Security risk: Moderately critical 10∕25
Vulnerability: Access bypassThe Social User Export module enables users within Open Social to create an export of users and download this to a CSV file.