ShieldNOTES Ep#23: Numerous High Risk Vulnerabilities, and a closer look at SQL Injection 💉 Attacks

July 22, 2024 by Paul G. | Security, ShieldNOTES

Super-critical vulnerabilities discovered in several popular plugins.

#1 – Vulnerable: Brizy – Page Builder Plugin

Arbitrary File Upload with 80,000 installs.

How will I know I’m okay?
Upgrade ASAP to v2.4.45+

What’s the risk?
Severity risk 9.9/10 – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: BookingPress Plugin

Another high risk arbitrary file upload vulnerability…

How will I know I’m okay?
Upgrade ASAP to v1.1.6+

What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: HUSKY Plugin

Unauthenticated SQL injection!

How will I know I’m okay?
Upgrade ASAP to v1.3.6.1+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: FV Flowplayer Video Player Plugin

Another high-risk SQL injection risk.

How will I know I’m okay?
Upgrade ASAP to v7.5.47.7212+

What’s the risk?
Severity risk 8.5/10 – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Profile Builder & Profile Builder Pro Plugins

Site takeover risk.

How will I know I’m okay?
Upgrade ASAP to v3.11.9+

What’s the risk?
Severity risk 9.8/10 – an attacker can escalate their low-privileged account to gain higher privileges and take full control of the website.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From Our Blog: SQL Injection Attacks

There are 2 SQL injection vulnerabilities in our round-up today – they present serious risks to your site, so if you want to understand them a bit more, read on using the link below.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@cpinho

Great Plugin, maybe the best around here for free!

I’ve tested and used several security plugins. But Shield was indeed the elected one. The free version is really complete and goes beyond the basic features. It covers almost all the needs i need. Realy great! Look forward for introduction of new features!

@femmdi2012

Good plugin, easy to setup

Very nice plugin for more WordPress security. Works well in combination with Sucuri Security . What would be nice is to be able to add multiple languages for the custom messages of the spamfilter, e.g. when working with plugins like polylang or wpml. Keep up the good work!

@setmefreepc

Best of the best firewall plugin

This is the best security plugin for wordpress…Thank you developer

@fadhlul

It Works!

The plugin works as claimed.

Leave a Comment Cancel reply

Author

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

View Profile

Main Sections

#1 – Vulnerable: Brizy – Page Builder Plugin
#2 – Vulnerable: BookingPress Plugin
#3 – Vulnerable: HUSKY Plugin
#4 – Vulnerable: FV Flowplayer Video Player Plugin
#5 – Vulnerable: Profile Builder & Profile Builder Pro Plugins
#6 – From Our Blog: SQL Injection Attacks

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#23: Numerous High Risk Vulnerabilities, and a closer look at SQL Injection 💉 Attacks

#1 – Vulnerable: Brizy – Page Builder Plugin

#2 – Vulnerable: BookingPress Plugin

#3 – Vulnerable: HUSKY Plugin

#4 – Vulnerable: FV Flowplayer Video Player Plugin

#5 – Vulnerable: Profile Builder & Profile Builder Pro Plugins

#6 – From Our Blog: SQL Injection Attacks

Great Plugin, maybe the best around here for free!

Good plugin, easy to setup

Best of the best firewall plugin

It Works!

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#19: Recurring Vulnerability + Severely Critical + Monitor WP Activity

ShieldNOTES Ep#13: Yoast Vulnerability, A Reminder, Fake E-Commerce & Free Page Builder Summit

ShieldNOTES Ep#6: Your Monday Morning Security Notes

ESSENTIAL WORDPRESS SECURITY NEWS