ShieldNOTES Ep#17: Critical Vulnerabilities; More+ Elementor vulnerabilities; WP 2FA; and WCEU 2024

June 10, 2024 by Paul G. | Security, ShieldNOTES

Lots of Elementor related vulnerabilities again this week, alongside some really severe discoveries and some that haven’t even been patched, yet.

#1 – Vulnerable: Email Subscribers & Newsletters Plugin Vulnerability

SQL injection with 90,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v5.7.21+

What’s the risk?
Severity risk 9.3/10 – SQLi – an attacker can directly access your database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: More Elementor Plugins

Unlimited Elements For Elementor (SQLi)
Upgrade to v1.5.110; Severity 8.5; Info

Qi Addons For Elementor (XSS)
Upgrade to v1.7.3; Severity: 8.5; Info

Prime Slider (XSS)
Upgrade to 3.14.8; Severity: 6.5; Info

Royal Elementor Addons (XSS)
Upgrade to 1.3.977; Severity: 6.5; Info

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Vulnerable: WooCommerce Amazon Affiliates

Multiple critical vulnerabilities.

How will I know I’m okay?
There is no patch and the vendor hasn’t appeared to respond to the vulnerabilities.

What’s the risk?
Severity risk 9.6/10 – SQL Injection and other – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: ARForms Plugin

Major 10/10 vulnerability, with 9,500 installs.

How will I know I’m okay?
Upgrade ASAP to v6.6+

What’s the risk?
Severity risk 10/10 – Remote Code Execution – an attacker can gain backdoor access to take full site control!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – From our blog: All About 2FA

This article outlines all you need to know about 2FA and WordPress.

More Info →

#6 – WordCamp Europe 2024

Date: 13-15 June 2024

Location: Torino, Italy

There’s always a lot going on at WordCamp Europe and this year’s event will be no different. From the many talks taking place across the three days, to the chance to educate yourself by attending one of the many hands-on sessions and workshops plus networking with all the attendees.

I’m going to be heading down to WCEU for a couple of days, so if you’re going to be about and want to finally put a real-life face to the name, let me know! See you there!

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@adpronaugle

GREAT JOB

This plugin worked really well for me. Thanks

@dstephen828

Keep Your Site Safe

Don’t have to think about this Plugin – works great in the background. Haven’t had any support issues.

@rhatomi

Secure my site worried free

It helps me to secure my site that had been hacked two times by Russian fools

@vipteam

I feel guarded and protected

This is my experience: I have used Wordfence Security almost from its beginning on all of my websites. It worked perfectly until a few months ago. From lightweight plugin that turns into a monster. Plugin wants to write to the WP installation, even on the server side in php.ini. With…

Leave a Comment Cancel reply

Author

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

View Profile

Main Sections

#1 – Vulnerable: Email Subscribers & Newsletters Plugin Vulnerability
#2 – Vulnerable: More Elementor Plugins
#3 – Vulnerable: WooCommerce Amazon Affiliates
#4 – Vulnerable: ARForms Plugin
#5 – From our blog: All About 2FA
#6 – WordCamp Europe 2024

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#17: Critical Vulnerabilities; More+ Elementor vulnerabilities; WP 2FA; and WCEU 2024

#1 – Vulnerable: Email Subscribers & Newsletters Plugin Vulnerability

#2 – Vulnerable: More Elementor Plugins

#3 – Vulnerable: WooCommerce Amazon Affiliates

#4 – Vulnerable: ARForms Plugin

#5 – From our blog: All About 2FA

#6 – WordCamp Europe 2024

GREAT JOB

Keep Your Site Safe

Secure my site worried free

I feel guarded and protected

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#27: Severe Vulnerabilities Exposed & Effective WordPress Malware Scanners, from our Blog

ShieldNOTES Ep#15: Fluent Forms & Memberpress Vulnerabilities; All about XML-RPC; Google Recommends WP 6.5

ShieldNOTES Ep#21: New Supply Chain Attack; Elementor Addon & WP Google Map Vulnerabilities; Hacker Security Guide

ESSENTIAL WORDPRESS SECURITY NEWS