Article

Alert: WordPress Security Update - June 2025

Wordfence has released security updates for its WordPress plugin, fixing vulnerabilities that could be exploited by attackers to compromise system security.

Affected Systems:

The affected systems and versions include, but are not limited to:

WordPress Single Sign-On (SSO) – Multiple editions, with impacted versions up to 50.5.3, 40.5.3, 30.5.3, 48.5.3, 38.5.3, 28.5.3, and 18.5.3.
WP-DownloadManager: versions <= 1.68.10
Elementor Pro : versions <= 3.29.0
The Events Calendar : versions <= 6.13.2

Security Risks

The identified vulnerabilities in various WordPress plugins pose a serious threat, potentially allowing attackers to compromise affected systems and gain unauthorized control.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to

Update, as soon as possible, to the latest supported version for the WordPress LiteSpeed Cache plugin in order to address the vulnerability and effectively mitigate associated risks.

The WordPress plugin versions available for upgrade include, but are not limited to:

WordPress Single Sign-On (SSO) – Multiple editions, upgraded to versions 50.5.4 and above, 40.5.4 and above, 30.5.4 and above, 48.5.4 and above, 38.5.4 and above, 28.5.4 and above, and 18.5.4 and above.
WP-DownloadManager : Upgraded to version 1.68.11, or above.
Elementor Pro : Upgraded to version 3.29.1
The Events Calendar : Upgraded to version 6.13.2.1

Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

Wordfence Security Advisories

12 June 2025

More updates

12 June 2025

Alert: Microsoft Security Updates – June 2025

Microsoft has released security updates to address vulnerabilities in its software products.

09 June 2025

Alert: Cisco Security Updates - June 2025

Cisco has released security updates to address vulnerabilities in several of its products.

15 May 2025

Alert: Compiled Fortinet Security Updates – May 2025

Fortinet has released a security update addressing multiple vulnerabilities in its products.

15 May 2025

Alert: Microsoft Security Updates – May 2025

Microsoft has released security updates to address 72 vulnerabilities in its software.

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224

Wordfence has released security updates for its WordPress plugin, fixing vulnerabilities that could be exploited by attackers to compromise system security.

Affected Systems:

The affected systems and versions include, but are not limited to:

WordPress Single Sign-On (SSO)­ – Multiple editions, with impacted versions up to 50.5.3, 40.5.3, 30.5.3, 48.5.3, 38.5.3, 28.5.3, and 18.5.3.

WP-DownloadManager: versions <= 1.68.10

Elementor Pro : versions <= 3.29.0

The Events Calendar : versions <= 6.13.2

Security Risks

The identified vulnerabilities in various WordPress plugins pose a serious threat, potentially allowing attackers to compromise affected systems and gain unauthorized control.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to

Update, as soon as possible, to the latest supported version for the WordPress LiteSpeed Cache plugin in order to address the vulnerability and effectively mitigate associated risks.

The WordPress plugin versions available for upgrade include, but are not limited to:

WordPress Single Sign-On (SSO)­ – Multiple editions, upgraded to versions 50.5.4 and above, 40.5.4 and above, 30.5.4 and above, 48.5.4 and above, 38.5.4 and above, 28.5.4 and above, and 18.5.4 and above.

WP-DownloadManager : Upgraded to version 1.68.11, or above.

Elementor Pro : Upgraded to version 3.29.1

The Events Calendar : Upgraded to version 6.13.2.1

Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

Wordfence Security Advisories

WordPress Single Sign-On (SSO) – Multiple editions, with impacted versions up to 50.5.3, 40.5.3, 30.5.3, 48.5.3, 38.5.3, 28.5.3, and 18.5.3.

WordPress Single Sign-On (SSO) – Multiple editions, upgraded to versions 50.5.4 and above, 40.5.4 and above, 30.5.4 and above, 48.5.4 and above, 38.5.4 and above, 28.5.4 and above, and 18.5.4 and above.