ShieldNOTES Ep#27: Severe Vulnerabilities Exposed & Effective WordPress Malware Scanners, from our Blog

This week revealed several alarming vulnerabilities, including 1 with no official fix. We also highlight a blog article on reliable malware scanners.

#1 – Vulnerable: WooCommerce Social Login Plugin

Unauthorized access risk with 200,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v2.7.6+

What’s the risk?
Severity risk 10/10 – Broken Authentication – an attacker can access site without permission, steal data, or take over user accounts.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: Depicter Slider Plugin

Nearly 100,000 WP sites exposed to critical unrestricted file uploads.

How will I know I’m okay?
Upgrade ASAP to v3.1.2+

What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: Metform Elementor Contact Form Builder Plugin

Popular plugin with a serious unrestricted file uploads risk.

How will I know I’m okay?
Upgrade ASAP to v3.3.0+

What’s the risk?
Severity risk 9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: Ultimate Membership Pro Plugin

Site takeover risk with no official fix.

How will I know I’m okay?
No fix available yet; please monitor for updates.

What’s the risk?
Severity risk 9.4/10 – Privilege Escalation – an attacker can escalate their low-privileged account to gain higher privileges and take full control of the website.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Media Library Assistant Plugin

If you use this plugin, upgrade immediately.

How will I know I’m okay?
Upgrade ASAP to v3.19+

What’s the risk?
Severity risk 9.1/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From our blog: Reliable WordPress Malware Scanners

With threats on the rise, using a reliable malware scanner is more important than ever for keeping alert to site intrusions. We break down the top scanners for addressing vulnerabilities.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress