ShieldNOTES Ep#19: Recurring Vulnerability + Severely Critical + Monitor WP Activity

June 24, 2024 by Paul G. | Security, ShieldNOTES

This week, 1 plugin stands out due to its recurring vulnerability, alongside plugins with high severity issues that may need attention.

#1 – Vulnerable: Email Subscribers & Newsletters Plugin

A recurring SQL Injection vulnerability.

How will I know I’m ok?
Upgrade ASAP to v5.7.24+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: Shariff Plugin

Potentially 50.000 WP sites with a high risk of local file inclusion.

How will I know I’m okay?
Upgrade ASAP to v4.6.14+

What’s the risk?
Severity risk 9.8/10 – a malicious actor may include local files of the target website and show output on the screen!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

SQL injection vulnerability on up to 30.000 sites.

How will I know I’m okay?
Upgrade ASAP to v1.5.0+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: Salon Booking System Plugin

A less widely used plugin poses an extremely high security risk.

How will I know I’m okay?
Upgrade ASAP to v10.3+

What’s the risk?
Severity risk 10/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Custom Field Suite Plugin

PHP Object Injection vulnerability with no official fix.

How will I know I’m okay?
No fix available yet; please watch for updates.

What’s the risk?
Severity risk 8.8/10 – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From our blog: Track All Activity

Knowing what users and visitors are actually doing on your site is critical to monitoring your WP security.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@thefunnel

This plugin really helps me to protect my website

I recommend it to anyone who wants to have a more secure website.

@joelovrek

Truly the best security plugin I've tried

Reasons to use: It’s Free Stops xmlrpc.php attack which slows down your blog Login using two-factor authentication and IP address restriction, this is good because it verifies that it’s you that is logging in It has way more features, but for just these three, I can’t recommend it highly enough.

@olakay

Greet Tool

Works well and does what it’s supposed to do.

@allen_crawford

Brute Force Attacks

I really love this plug-in. Prior to its installation, we were getting hit by brute force attacks. Those no longer occur or if they are, we aren’t seeing them. Very easy to use and very effective plug-in

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#19: Recurring Vulnerability + Severely Critical + Monitor WP Activity

#1 – Vulnerable: Email Subscribers & Newsletters Plugin

#2 – Vulnerable: Shariff Plugin

#3 – Vulnerable: Themify – WooCommerce Product Filter Plugin

#4 – Vulnerable: Salon Booking System Plugin

#5 – Vulnerable: Custom Field Suite Plugin

#6 – From our blog: Track All Activity

This plugin really helps me to protect my website

Truly the best security plugin I've tried

Greet Tool

Brute Force Attacks

Leave a Comment Cancel reply

Related Stories

ShieldNotes #39: LiteSpeed Cache recurring vulnerability, and others; & WPLockout Solutions

ShieldNOTES Ep#6: Your Monday Morning Security Notes

A big week for vulnerabilities; REST API Security Tips; & ShieldPRO 20.1 Released

ESSENTIAL WORDPRESS SECURITY NEWS