ShieldNOTES Ep#26: Many High-Risk Plugins & our Blog: WordPress Backdoor Threats

August 12, 2024 by Paul G. | Security, ShieldNOTES

Another week with major high-risk vulnerabilities, alongside tips on WordPress backdoor threats, from our blog.

#1 – Vulnerable: GiveWP Plugin

High severity PHP Object Injection vulnerability.

How will I know I’m okay?
Upgrade ASAP to v3.14.2+

What’s the risk?
Severity risk 10/10 – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: MainWP Child Reports Plugin

CSRF on up to 90,000 sites.

How will I know I’m okay?
Upgrade ASAP to v2.2.1+

What’s the risk?
Severity risk 8.8/10 – an attacker can force privileged users to execute unwanted actions while authenticated.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: BookingPress Plugin

A lesser-known plugin but with a high Broken Authentication.

How will I know I’m okay?
Upgrade ASAP to v1.1.8+

What’s the risk?
Severity risk 10/10 – an attacker can access site without permission, steal data, or take over user accounts.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: LearnPress Plugin

SQL Injection vulnerability with 90,000 installs.

How will I know I’m okay?
Upgrade ASAP to v4.2.6.9.4+

What’s the risk?
Severity risk 8.5/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Cost Calculator Builder Plugin

Another critical SQL Injection risk.

How will I know I’m okay?
Upgrade ASAP to v3.2.16+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From our blog: WordPress Backdoor Threats

For effective site security, it’s vital to spot, remove, and prevent hidden backdoor risks that give hackers ongoing access.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@wordbin

great stuff

a lot of options but provided in handy and user friendly way

@pjblittle

Excellent support

I had a problem with an error generated by the Shield plugin – the support guys at OneDollarPlugin did a fantastic job of troubleshooting. They found the cause of the error to be bad code in another plugin, and they added some code to prevent the bad other plugin breaking…

@alfgago

Just great

I’ve tried and investigated most popular security plugins for WP and for me, this is the best, it’s easy to understand, easy to configure, has everything I wanted and works great. I use it on all of my sites, very good plugin.

@fznshaikh

Better than iThemes paid, Wordfence bloat.

This is the best security plugin I’ve come across. No unnecessary stuff which costs bad user experience. Sensible stuff and efficient. Much faster than Wordfence. Don’t know why iThemes even have a paid version. Thank you so much. Please keep free features always free.

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#26: Many High-Risk Plugins & our Blog: WordPress Backdoor Threats

#1 – Vulnerable: GiveWP Plugin

#2 – Vulnerable: MainWP Child Reports Plugin

#3 – Vulnerable: BookingPress Plugin

#4 – Vulnerable: LearnPress Plugin

#5 – Vulnerable: Cost Calculator Builder Plugin

#6 – From our blog: WordPress Backdoor Threats

great stuff

Excellent support

Just great

Better than iThemes paid, Wordfence bloat.

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#11: Some big vulnerabilities, & Wordfence vs Sucuri vs Shield

ShieldNOTES Ep#35: Millions of Sites Under Attack & Early Threat Detection Tips

ShieldNotes #39: LiteSpeed Cache recurring vulnerability, and others; & WPLockout Solutions

ESSENTIAL WORDPRESS SECURITY NEWS