Several popular plugins have critical vulnerabilities – please apply patches ASAP. We also provide a WP updates guide on our blog, and a heads-up on a Black Friday webinar from our partner, Convesio.

#1 – Vulnerable: Multilingual CMS Plugin

With over 1+ million estimated installs, it’s widely used.

How will I know I’m okay?
Upgrade ASAP to v4.6.13+

What’s the risk?
Severity risk 9.9/10 – Remote Code Execution – an attacker can gain backdoor access to then take full control of the website!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: File Manager Pro Plugin

Another 1+ million WP sites exposed to critical unrestricted file uploads.

How will I know I’m okay?
Upgrade ASAP to v8.3.8+

What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: The Events Calendar Plugin

Potentially 700,000 sites with XSS risk.

How will I know I’m okay?
Upgrade ASAP to v6.5.2+

What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: AcyMailing SMTP Newsletter Plugin

High unauthorized file uploads risk.

How will I know I’m okay?
Upgrade ASAP to v9.8.0+

What’s the risk?
Severity risk 8.5/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable Reminder: LiteSpeed Cache Plugin

We sent a notice out about this last week, but with 5+ million installs, active exploitation is underway!

How will I know I’m okay?
Upgrade ASAP to v6.4.1+

What’s the risk?
Severity risk 9.8/10 – Privilege Escalation – an attacker can gain full access to a site by escalating their low user privileges.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – Black Friday/Cyber Monday Traffic Webinar

We’re soon to partner with Convesio (we’ve been hosting with them since the beginning of the year), to offer Shield Security to their web hosting clients.

BF/CM always comes around sooner than we think, and they’re offering a webinar to discuss Traffic Scaling over that period.

More Info →

#7 – From our blog: Guide to WordPress Security Updates

WordPress security updates are your digital armor – missing even 1 can turn a minor vulnerability into a major breach. Understanding security vulnerabilities, safe update practices, and automation of your security measures is crucial for better site protection.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress