ShieldNOTES Ep#26: Many High-Risk Plugins & our Blog: WordPress Backdoor Threats

August 12, 2024 by Paul G. | Security, ShieldNOTES

Another week with major high-risk vulnerabilities, alongside tips on WordPress backdoor threats, from our blog.

#1 – Vulnerable: GiveWP Plugin

High severity PHP Object Injection vulnerability.

How will I know I’m okay?
Upgrade ASAP to v3.14.2+

What’s the risk?
Severity risk 10/10 – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: MainWP Child Reports Plugin

CSRF on up to 90,000 sites.

How will I know I’m okay?
Upgrade ASAP to v2.2.1+

What’s the risk?
Severity risk 8.8/10 – an attacker can force privileged users to execute unwanted actions while authenticated.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: BookingPress Plugin

A lesser-known plugin but with a high Broken Authentication.

How will I know I’m okay?
Upgrade ASAP to v1.1.8+

What’s the risk?
Severity risk 10/10 – an attacker can access site without permission, steal data, or take over user accounts.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: LearnPress Plugin

SQL Injection vulnerability with 90,000 installs.

How will I know I’m okay?
Upgrade ASAP to v4.2.6.9.4+

What’s the risk?
Severity risk 8.5/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Cost Calculator Builder Plugin

Another critical SQL Injection risk.

How will I know I’m okay?
Upgrade ASAP to v3.2.16+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From our blog: WordPress Backdoor Threats

For effective site security, it’s vital to spot, remove, and prevent hidden backdoor risks that give hackers ongoing access.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@knight287

Great Plugin

Works well but after the recent update, the interface is messed up.

@kapkan

Thank you

Thank you for this great security application. I am using a cheap shared hosting (128 MB ram limit). I’ve tested all popular security plugins for wordpress. This is easy to use and fast. But, It could be better if there was a DOS/Flood protection…

@cartooncool

Just what I needed

It just works. I needed something easy to configure and this one fit the bill.

@clane_workforce

Awesome

Best security plugin and easiest to use!

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#26: Many High-Risk Plugins & our Blog: WordPress Backdoor Threats

#1 – Vulnerable: GiveWP Plugin

#2 – Vulnerable: MainWP Child Reports Plugin

#3 – Vulnerable: BookingPress Plugin

#4 – Vulnerable: LearnPress Plugin

#5 – Vulnerable: Cost Calculator Builder Plugin

#6 – From our blog: WordPress Backdoor Threats

Great Plugin

Thank you

Just what I needed

Awesome

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#11: Some big vulnerabilities, & Wordfence vs Sucuri vs Shield

ShieldNOTES Ep#30: Severe Risks, No-Fix Vulnerabilities & Tips for Theme Protection

ShieldNOTES Ep#6: Your Monday Morning Security Notes

ESSENTIAL WORDPRESS SECURITY NEWS