Many vulnerabilities were published in the last week, with Fluent Forms having the most severe.
We get asked about XML-RPC a lot, so we wrote a helpful blog article to break it all down for you (see below)
#1 – Vulnerable: Fluent Forms
Critical site-takeover vulnerability with 400,000+ installs.
How will I know I’m okay?
Upgrade ASAP to v5.1.17+
What’s the risk?
Severity risk 9.8/10 – privilege escalation – an attacker can raise the privileges of an account and take full site control!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Vulnerable: Memberpress
How will I know I’m okay?
Upgrade ASAP to v1.11.30+
What’s the risk?
XSS allowing injection of malicious scripts into website that guests may execute.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – From our blog: All About Securing XML-RPC
This article outlines all you might want to know about XML-RPC and how you can use Shield to lock it down without interrupting normal site functionality.
#4 – Google & Bing Recommend WP 6.5 Upgrade
WordPress 6.5 includes support for the ‘lastmod‘ element in sitemap files. This feature improves crawl efficiency and reduces server load.
If Google doesn’t need to repeatedly crawl your site, that’s a great thing!
