The biggest vulnerability by install size this week is definitely WooCommerce, but there are some other serious vulnerabilities out there, too.
#1 – Vulnerable: WooCommerce Plugin Vulnerability
Cross Site Scripting (XSS) with 7+ million installs.
How will I know I’m ok?
Upgrade to v8.9.3+
What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Vulnerable: WP Staging Pro Plugin Vulnerability
A risk of local file inclusion.
How will I know I’m okay?
Upgrade ASAP to v5.6.1+
What’s the risk?
Severity risk 7.5/10 – a malicious actor may include local files of the target website and show output on the screen!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Vulnerable: Dokan Pro Plugin
Potentially 50,000 WP sites with serious SQL injection vulnerability.
How will I know I’m okay?
Upgrade ASAP to v3.11+
What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Vulnerable: Blog2Social Plugin
SQL Injection vulnerability on up to 60,000 sites.
How will I know I’m okay?
Upgrade ASAP to v7.4.2+
What’s the risk?
Severity risk 8.5/10 – SQL Injection – an attacker can directly interact with your WP database!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#5 – From our blog: Cannot modify header information error
This article outlines how you can work to fix the error we sometimes see: “cannot modify header information”, in WordPress.
#6 – WordCamp Europe 2024
WCEU24 was last week and you can catch up on the latest videos here.
It was announced that WCEU25 will be held in Basel, Switzerland, next year!
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
