ShieldNOTES Ep#15: Fluent Forms & Memberpress Vulnerabilities; All about XML-RPC; Google Recommends WP 6.5

May 27, 2024 by Paul G. | Security, ShieldNOTES

Many vulnerabilities were published in the last week, with Fluent Forms having the most severe.

We get asked about XML-RPC a lot, so we wrote a helpful blog article to break it all down for you (see below)

#1 – Vulnerable: Fluent Forms

Critical site-takeover vulnerability with 400,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v5.1.17+

What’s the risk?
Severity risk 9.8/10 – privilege escalation – an attacker can raise the privileges of an account and take full site control!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: Memberpress

How will I know I’m okay?
Upgrade ASAP to v1.11.30+

What’s the risk?
XSS allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – From our blog: All About Securing XML-RPC

This article outlines all you might want to know about XML-RPC and how you can use Shield to lock it down without interrupting normal site functionality.

More Info →

WordPress 6.5 includes support for the ‘lastmod‘ element in sitemap files. This feature improves crawl efficiency and reduces server load.

If Google doesn’t need to repeatedly crawl your site, that’s a great thing!

More Info →

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@re7ox

Superb!

I’ve defaulted to using Simple Firewall on all my sites. After having issues with hacking and other problems with the openness of Word Press, this plugin has become a main component of all my Word Press builds. Easy to setup, superb control and excellent support.

@goxone

Seems effective

Simpler to use than some other plugins and seems to do the job. Nice little plugin!

@knight287

Great Plugin

Works well but after the recent update, the interface is messed up.

@poro

Functional security plug-in

This is on of my favourite security plugin for WordPress. Works well so far.

Leave a Comment Cancel reply

Author

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

View Profile

Main Sections

#1 – Vulnerable: Fluent Forms
#2 – Vulnerable: Memberpress
#3 – From our blog: All About Securing XML-RPC
#4 – Google & Bing Recommend WP 6.5 Upgrade

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#15: Fluent Forms & Memberpress Vulnerabilities; All about XML-RPC; Google Recommends WP 6.5

#1 – Vulnerable: Fluent Forms

#2 – Vulnerable: Memberpress