Redirection for CF7 and WP Crontrol take centre stage in this week’s plugin threat landscape.

Ever had a heart-stopping ‘Oops! Deleted!’ moment with WordPress content? Our recovery blog has your back.

Keep all plugins up to date, especially the top-listed one scoring a 8/8 on the risk scale.

Redirection for Contact Form 7 Plugin
PHP Object Injection; 8.8/10; Update to v3.2.5+

WP Crontrol Plugin
SSRF; 6.5/10; Update to v1.19.2+

WPC Smart Quick View for WooCommerce Plugin
XSS; 6.5/10; Update to v4.2.2+

Templately Plugin
Sensitive Data Exposure; 4.9/10; Update to v3.2.8+

GiveWP Plugin
Broken Access Control; 4.3/10; Update to v4.6.1+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Less widely distributed plugins and themes with much greater problems—two unpatched can cause serious damage if ignored.

Fluent Support – Support Ticket Plugin
Privilege Escalation; 9.8/10; No fix; Remove/or replace.

Jobmonster Theme
Broken Authentication; 9.8/10; Update to v4.8.0+

Simpler Checkout Plugin
Broken Authentication; 9.8/10; Removed from wp.org; No fix; Remove/or replace.

Case Theme User Plugin
Broken Authentication; 9.8/10; Update to v1.0.4+

Golo Theme
Broken Authentication; 9.8/10; Update to v1.7.1+

Organic Beauty Theme
PHP Object Injection; 9.8/10; No fix; Remove/or replace.

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: Recover Deleted WordPress Posts and Pages

Recovering deleted WordPress pages and posts lost due to a plugin issue, malware, or mistake is easier than you think — check out these solutions.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress