ShieldNOTES Ep#17: Critical Vulnerabilities; More+ Elementor vulnerabilities; WP 2FA; and WCEU 2024

Lots of Elementor related vulnerabilities again this week, alongside some really severe discoveries and some that haven’t even been patched, yet.

#1 – Vulnerable: Email Subscribers & Newsletters Plugin Vulnerability

SQL injection with 90,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v5.7.21+

What’s the risk?
Severity risk 9.3/10 – SQLi – an attacker can directly access your database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: More Elementor Plugins

Unlimited Elements For Elementor (SQLi)
Upgrade to v1.5.110; Severity 8.5; Info

Qi Addons For Elementor (XSS)
Upgrade to v1.7.3; Severity: 8.5; Info

Prime Slider (XSS)
Upgrade to 3.14.8; Severity: 6.5; Info

Royal Elementor Addons (XSS)
Upgrade to 1.3.977; Severity: 6.5; Info

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Vulnerable: WooCommerce Amazon Affiliates

Multiple critical vulnerabilities.

How will I know I’m okay?
There is no patch and the vendor hasn’t appeared to respond to the vulnerabilities.

What’s the risk?
Severity risk 9.6/10 – SQL Injection and other – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: ARForms Plugin

Major 10/10 vulnerability, with 9,500 installs.

How will I know I’m okay?
Upgrade ASAP to v6.6+

What’s the risk?
Severity risk 10/10 – Remote Code Execution – an attacker can gain backdoor access to take full site control!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – From our blog: All About 2FA

This article outlines all you need to know about 2FA and WordPress.

More Info →

#6 – WordCamp Europe 2024

Date: 13-15 June 2024

Location: Torino, Italy

There’s always a lot going on at WordCamp Europe and this year’s event will be no different. From the many talks taking place across the three days, to the chance to educate yourself by attending one of the many hands-on sessions and workshops plus networking with all the attendees.

I’m going to be heading down to WCEU for a couple of days, so if you’re going to be about and want to finally put a real-life face to the name, let me know! See you there!

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress