ShieldNOTES Ep#22: Recurring Vulnerabilities & No Fixes Available; & silentCAPTCHA

July 15, 2024 by Paul G. | Security, ShieldNOTES

Multiple plugins identified with recurring vulnerabilities including some no fixes. We also introduce our silentCAPTCHA technology.

#1 – Vulnerable: Modern Events Calendar Plugin

Arbitrary File Upload with 150,000 installs.

How will I know I’m okay?
Upgrade ASAP to v7.12.0+

What’s the risk?
Severity risk 8.8/10 – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: SEOPress Plugin

Widely used with recurring vulnerabilities.

How will I know I’m okay?
Upgrade ASAP to v7.9+

What’s the risk?
Severity risk 8.3/10 – PHP Object Injection – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: Unlimited Elements For Elementor Plugin

Another highly popular plugin with a recurring security risk.

How will I know I’m okay?
Upgrade ASAP to v1.5.113+

What’s the risk?
Severity risk 8.5/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: Premium Addons for Elementor Plugin

Potentially 700,000 sites with low severity but recurring XSS risk.

How will I know I’m okay?
Upgrade ASAP to v4.10.37+

What’s the risk?
Severity risk 6.5/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Plugins with Severe Security Risks Removed from wp.org

The plugins below have high severity risks but no official fixes and are being actively exploited. As a preventive measure, they were removed from wp.org.

If you run any of the following plugins, our recommendation is to remove them immediately:

WordPress Form Builder Plugin – Gutenberg Forms Plugin
Severity risk 10/10

Pie Register Plugin
Severity risk 9.9/10

Bit Form – Contact Form Plugin
Severity risk 9.1/10

Generate PDF using Contact Form 7 Plugin
Severity risk 9.6/10

Editor Comment
As a precaution, spend a few minutes each week reviewing your sites to catch problems early.

#6 – From Our Blog: silentCAPTCHA – Shield’s Defense Against WordPress Bots

Secure your WordPress sites from bots without user interaction or GDPR concerns.

More Info →

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@maryouli_com

nice plugin

recommended plugin that protect ur wordpress blog/website

@marmbrust

Easy To Set Up

It was really easy to set up. They have a dashboard interface that you need to click on – to turn each variable ON or OFF. You get to choose whether you want to have Login Protection, to lock down comments (one of the main ways that we get spammed),…

@pjblittle

Excellent support

I had a problem with an error generated by the Shield plugin – the support guys at OneDollarPlugin did a fantastic job of troubleshooting. They found the cause of the error to be bad code in another plugin, and they added some code to prevent the bad other plugin breaking…

@lenchezzz

Great security plugin! Easy to use and accessible support!

Thank you for this awesome plugin! All the reports you send us every week! All the settings are easy to understand and there are a lot of docs to explain them too. And always accessible support!

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#22: Recurring Vulnerabilities & No Fixes Available; & silentCAPTCHA

#1 – Vulnerable: Modern Events Calendar Plugin

#2 – Vulnerable: SEOPress Plugin

#3 – Vulnerable: Unlimited Elements For Elementor Plugin

#4 – Vulnerable: Premium Addons for Elementor Plugin

#5 – Plugins with Severe Security Risks Removed from wp.org

#6 – From Our Blog: silentCAPTCHA – Shield’s Defense Against WordPress Bots

nice plugin

Easy To Set Up

Excellent support

Great security plugin! Easy to use and accessible support!

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#10: How We Host Our Site, Forminator XSS and CSS Email Phishing

ShieldNOTES Ep#20: WP.org Supply Chain Attack; ACF & CF7 Vulnerabilities; Password Security

ShieldNOTES Ep#31: Recurring Lite Speed, Ninja Forms, & No-Fix Vulnerabilities

ESSENTIAL WORDPRESS SECURITY NEWS