ShieldNotes #39: LiteSpeed Cache recurring vulnerability, and others; & WPLockout Solutions

November 4, 2024 by Paul G. | Security, ShieldNOTES

This week highlights security risks in popular plugins, focusing on a recurring high-severity LiteSpeed Cache vulnerability affecting millions, along with tips for fixing WordPress lockouts.

#1 – Popular Plugins with High Security Risk

This plugin is actively exploited, with serious vulnerabilities impacting over 6 million sites.

LiteSpeed Cache Plugin
Privilege Escalation; 8.1/10; Update to v6.5.2+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#2 – Popular Plugins with Lower Security Risk

The plugins below may not be considered high-severity risks, but they impact a significant number of sites.

FileOrganizer Plugin
Arbitrary File Upload; 7.5/10; Update to v1.1.0+

ReCaptcha Integration for WordPress Plugin
XSS; 7.1/10; Update to v1.2.6+

Element Pack Elementor Addons Plugin
XSS; 6.5/10; Update to v5.10.2+

Download Manager Plugin
XSS; 6.5/10; Update to v3.3.00+

Otter – Gutenberg Block Plugin
XSS; 5.9/10; Update to v3.0.5+

Forminator Plugin
IDOR; 5.3/10; Update to v1.36.1+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Security Flaws in Less Popular Plugins

While the plugins below have lower usage, they still carry serious security risks.

AI Power: Complete AI Pack
Arbitrary File Upload; 10/10; Update to v1.8.90+

BookingPress Plugin
SQL Injection; 8.5/10; Update to v1.1.17+

Subscribe to Comments Plugin
XSS; 7.1/10; Update to v2.3.1+

Easy Pricing Tables Plugin
XSS; 7.1/10; Update to v3.2.6+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#4 – Our Blog: Fast Fixes for WordPress Lockouts

Getting locked out of your WordPress site can be stressful, especially during important tasks. Don’t worry—quick, straightforward steps can restore your access in no time.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@speterson

Best Plug-in I use

Does exactly what it says it does and keeps me up to date and running smooth across all my wordpress sites. Highly recommended.

@nickfmc

all the best parts of other plugins

This Plugin takes the place of 4 other security plugins I was using in a super lightweight package! Also makes auto updates super easy to manage! Something we should all be doing these days

@markfloodlist

So far, so very good

I’ve tried several security plugins and Simple Security Firewall has been the best so far (installed it 2 weeks ago). In particular I like that: – It’s easy to set up and offers lots of control – It sends me an email to let me know exactly who is logging…

@mrsjessicasimpson

Being buried alive with constant hacker requests, to not being buried alive.

OK, from seeing at least 50 plus lockouts a day to none in 6 hours: is pretty damned good, and it’s all due to this Plugin. To originally combat the Hacker Bots that I was seeing in the “Limit Login Attempts Reloaded” logs, I ran a hapless plugin that changed…

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNotes #39: LiteSpeed Cache recurring vulnerability, and others; & WPLockout Solutions

#1 – Popular Plugins with High Security Risk

#2 – Popular Plugins with Lower Security Risk

#3 – Security Flaws in Less Popular Plugins

#4 – Our Blog: Fast Fixes for WordPress Lockouts

Best Plug-in I use

all the best parts of other plugins

So far, so very good

Being buried alive with constant hacker requests, to not being buried alive.

Leave a Comment Cancel reply

Related Stories

ShieldNotes #38: Many High-Risk Vulnerabilities For Popular Plugins

ShieldNOTES Ep#10: How We Host Our Site, Forminator XSS and CSS Email Phishing

ShieldNOTES Ep#32: LearnPress, Bit File & Other Severe Risks & WordPress Credentials Recovery Guide

ESSENTIAL WORDPRESS SECURITY NEWS