ShieldNOTES Ep#23: Numerous High Risk Vulnerabilities, and a closer look at SQL Injection 💉 Attacks

Super-critical vulnerabilities discovered in several popular plugins.

#1 – Vulnerable: Brizy – Page Builder Plugin

Arbitrary File Upload with 80,000 installs.

How will I know I’m okay?
Upgrade ASAP to v2.4.45+

What’s the risk?
Severity risk 9.9/10 – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: BookingPress Plugin

Another high risk arbitrary file upload vulnerability…

How will I know I’m okay?
Upgrade ASAP to v1.1.6+

What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: HUSKY Plugin

Unauthenticated SQL injection!

How will I know I’m okay?
Upgrade ASAP to v1.3.6.1+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: FV Flowplayer Video Player Plugin

Another high-risk SQL injection risk.

How will I know I’m okay?
Upgrade ASAP to v7.5.47.7212+

What’s the risk?
Severity risk 8.5/10 – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Profile Builder & Profile Builder Pro Plugins

Site takeover risk.

How will I know I’m okay?
Upgrade ASAP to v3.11.9+

What’s the risk?
Severity risk 9.8/10 – an attacker can escalate their low-privileged account to gain higher privileges and take full control of the website.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From Our Blog: SQL Injection Attacks

There are 2 SQL injection vulnerabilities in our round-up today – they present serious risks to your site, so if you want to understand them a bit more, read on using the link below.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress