ShieldNOTES Ep#24: Many Critical Vulnerabilities; and a 361M Data Breach

July 29, 2024 by Paul G. | Security, ShieldNOTES

Several critical vulnerabilities published in the last week and a huge personal data breach to be aware of.

High risk arbitrary file upload vulnerability.

How will I know I’m okay?
Upgrade ASAP to v5.3.15+

What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: PowerPack Pro for Elementor Plugin

Site takeover risk.

How will I know I’m okay?
Upgrade ASAP to v2.10.15+

What’s the risk?
Severity risk 8.8/10 – an attacker can escalate their low-privileged account to gain higher privileges and take full control of the website.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: ListingPro Theme

Critical SQL Injection vulnerability with no official fix.

How will I know I’m okay?
No fix available yet; please watch for updates.

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: LiteSpeed Cache Plugin

CSRF with 5+ million installs.

How will I know I’m okay?
Upgrade ASAP to v6.3+

What’s the risk?
Severity risk 7.1/10 – an attacker can force privileged users to execute unwanted actions while authenticated.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Royal Elementor Addons Plugin

Potentially 400,000 sites with low severity but recurring XSS risk.

How will I know I’m okay?
Upgrade ASAP to v1.3.981+

What’s the risk?
Severity risk 6.5/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – 361M+ Unique Emails & Passwords Leaked

One of the largest data breaches in history was discovered, with 361 million unique emails, usernames, and passwords available for sale through a Telegram channel.

The compromised data includes major tech platforms like Gmail, Amazon, Netflix, PayPal, LastPass etc.

Editor Comment
Never re-use passwords; use a Password Manager; and turn-on Shield’s Pwned Password protection feature.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@mythicway

Great serurity

I like the security features. I have confidence that will all the features, none can access my admin.

@interdevuk

Very Useful plugin

@alecsatin

Comprehensive security, excellent and responsive support.

Smoothly operating plugin which increases confidence that your website won’t be hacked. It’s easy to turn on and off modules. Highly recommended.

@dogdays

Works very well

Thank you very much.

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#24: Many Critical Vulnerabilities; and a 361M Data Breach

#2 – Vulnerable: PowerPack Pro for Elementor Plugin

#3 – Vulnerable: ListingPro Theme

#4 – Vulnerable: LiteSpeed Cache Plugin

#5 – Vulnerable: Royal Elementor Addons Plugin