Several popular plugins have critical vulnerabilities – please apply patches ASAP. We also provide a WP updates guide on our blog, and a heads-up on a Black Friday webinar from our partner, Convesio.
#1 – Vulnerable: Multilingual CMS Plugin
With over 1+ million estimated installs, it’s widely used.
How will I know I’m okay?
Upgrade ASAP to v4.6.13+
What’s the risk?
Severity risk 9.9/10 – Remote Code Execution – an attacker can gain backdoor access to then take full control of the website!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Vulnerable: File Manager Pro Plugin
Another 1+ million WP sites exposed to critical unrestricted file uploads.
How will I know I’m okay?
Upgrade ASAP to v8.3.8+
What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Vulnerable: The Events Calendar Plugin
Potentially 700,000 sites with XSS risk.
How will I know I’m okay?
Upgrade ASAP to v6.5.2+
What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Vulnerable: AcyMailing SMTP Newsletter Plugin
High unauthorized file uploads risk.
How will I know I’m okay?
Upgrade ASAP to v9.8.0+
What’s the risk?
Severity risk 8.5/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#5 – Vulnerable Reminder: LiteSpeed Cache Plugin
We sent a notice out about this last week, but with 5+ million installs, active exploitation is underway!
How will I know I’m okay?
Upgrade ASAP to v6.4.1+
What’s the risk?
Severity risk 9.8/10 – Privilege Escalation – an attacker can gain full access to a site by escalating their low user privileges.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#6 – Black Friday/Cyber Monday Traffic Webinar
We’re soon to partner with Convesio (we’ve been hosting with them since the beginning of the year), to offer Shield Security to their web hosting clients.
BF/CM always comes around sooner than we think, and they’re offering a webinar to discuss Traffic Scaling over that period.
#7 – From our blog: Guide to WordPress Security Updates
WordPress security updates are your digital armor – missing even 1 can turn a minor vulnerability into a major breach. Understanding security vulnerabilities, safe update practices, and automation of your security measures is crucial for better site protection.
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
