ShieldNOTES Ep#22: Recurring Vulnerabilities & No Fixes Available; & silentCAPTCHA

July 15, 2024 by Paul G. | Security, ShieldNOTES

Multiple plugins identified with recurring vulnerabilities including some no fixes. We also introduce our silentCAPTCHA technology.

#1 – Vulnerable: Modern Events Calendar Plugin

Arbitrary File Upload with 150,000 installs.

How will I know I’m okay?
Upgrade ASAP to v7.12.0+

What’s the risk?
Severity risk 8.8/10 – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: SEOPress Plugin

Widely used with recurring vulnerabilities.

How will I know I’m okay?
Upgrade ASAP to v7.9+

What’s the risk?
Severity risk 8.3/10 – PHP Object Injection – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: Unlimited Elements For Elementor Plugin

Another highly popular plugin with a recurring security risk.

How will I know I’m okay?
Upgrade ASAP to v1.5.113+

What’s the risk?
Severity risk 8.5/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: Premium Addons for Elementor Plugin

Potentially 700,000 sites with low severity but recurring XSS risk.

How will I know I’m okay?
Upgrade ASAP to v4.10.37+

What’s the risk?
Severity risk 6.5/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Plugins with Severe Security Risks Removed from wp.org

The plugins below have high severity risks but no official fixes and are being actively exploited. As a preventive measure, they were removed from wp.org.

If you run any of the following plugins, our recommendation is to remove them immediately:

WordPress Form Builder Plugin – Gutenberg Forms Plugin
Severity risk 10/10

Pie Register Plugin
Severity risk 9.9/10

Bit Form – Contact Form Plugin
Severity risk 9.1/10

Generate PDF using Contact Form 7 Plugin
Severity risk 9.6/10

Editor Comment
As a precaution, spend a few minutes each week reviewing your sites to catch problems early.

#6 – From Our Blog: silentCAPTCHA – Shield’s Defense Against WordPress Bots

Secure your WordPress sites from bots without user interaction or GDPR concerns.

More Info →

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@vollerworld

Such a great plugin! Auto updates rule!

Love the way i can control auto-updates with this plugin! Adds to the safety and security of all my sites!

@studioexcel

Excellent plugin, phenomenal customer service

The funny thing about high quality plugins is that they just work. You install and forget them. Shield gives you a ton of options but it does a lot of thinking for you so it’s basically a plug and play plugin. Highly recommended. And when I needed to reach out…

@dcstorm2012

Great Plugin

Lots of options, highly effective haven’t had any issues so far. I use it on all my clients sites.

@cynderella

Does What it Says and Well

Wonderful plugin…..just wanted to thank you!!!

Leave a Comment Cancel reply

Author

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

View Profile

Main Sections

#1 – Vulnerable: Modern Events Calendar Plugin
#2 – Vulnerable: SEOPress Plugin
#3 – Vulnerable: Unlimited Elements For Elementor Plugin
#4 – Vulnerable: Premium Addons for Elementor Plugin
#5 – Plugins with Severe Security Risks Removed from wp.org
#6 – From Our Blog: silentCAPTCHA – Shield’s Defense Against WordPress Bots

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#22: Recurring Vulnerabilities & No Fixes Available; & silentCAPTCHA

#1 – Vulnerable: Modern Events Calendar Plugin

#2 – Vulnerable: SEOPress Plugin

#3 – Vulnerable: Unlimited Elements For Elementor Plugin

#4 – Vulnerable: Premium Addons for Elementor Plugin

#5 – Plugins with Severe Security Risks Removed from wp.org

#6 – From Our Blog: silentCAPTCHA – Shield’s Defense Against WordPress Bots

Such a great plugin! Auto updates rule!

Excellent plugin, phenomenal customer service

Great Plugin

Does What it Says and Well

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#14: ACF & JetPack Vulnerabilities, Japanese Keyword Hack from our Blog, & SSH Security

ShieldNOTES Ep#10: How We Host Our Site, Forminator XSS and CSS Email Phishing

ShieldNOTES Ep#29: Several Critical Vulnerabilities on Millions of Sites & Early Black Friday Webm

ESSENTIAL WORDPRESS SECURITY NEWS