ShieldNOTES Ep#3: Your Monday Morning Security Notes

March 4, 2024 by Paul G. | Security, ShieldNOTES

There’s been a few big vulnerabilities in the past week, and we’ve got a big WP event you might want to “plugin-to” 😉

#1 – Vulnerability: Ultimate Member Plugin

Scoring 9.3/10 in severity, over 200K+ installations, and going back all the way to 2020, it’s a big one!

How will I know I’m okay?
Upgrade the plugin to at least v2.8.3

Editor Comment
If you use ShieldPRO’s automatic upgrader for vulnerable plugins/themes, this will be done automatically for you.

More Info →

#2 – Vulnerability: Brizy Page Builder Plugin

Scoring a whopping 9.9/10 in severity, over 80K+ installations, it’s another big one!

How will I know I’m okay?
Upgrade the plugin to at least v2.4.41

Editor Comment
If you use ShieldPRO’s automatic upgrader for vulnerable plugins/themes, this will be done automatically for you.

More Info →

#3 – Vulnerability: Lightspeed Cache Plugin

With 5M+ installations, chances are high you have this running somewhere.

How will I know I’m okay?
Upgrade the plugin to at least v5.7.0.1

Editor Comment
If you use ShieldPRO’s automatic upgrader for vulnerable plugins/themes, this will be done automatically for you.

More Info →

#4 – All About TimThumb +Exclusive

You’ll have heard of timthumb – people still talk about it.

Why Is This Important?
Broad understanding of WP vulnerabilities, how they come about, and how much the ecosystem has matured is great to know!

Editor Comment
We even get a quote directly from Ben Gillock, the original TimThumb developer, for the piece!

More Info →

#5 – WordCamp Asia Kicks Off This Week

How can I get involved?
If you’re heading to the event you can usually join the LiveStreams when they’re announced.

Editor Comment
We won’t be at WC Asia, but we might see you at WCEU!

More Info →

Have a wonderful week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@rmaccue

A great tool from iControlWP

I manage over 25 wordpress based instances with the iControlWP tool and my life is so much better now with the Security Shield tool. Highly recommend using this product if you’re managing a wordpress site.

@sinou2014

Can’t live without it now

I’ve tried MANY products, but nothing quieted down the SPAM on our site in forms and forums like Shield! We gave it the 14-day free trial, and deactivated Akismet which didn’t really do the job. During the trial, we were still getting light SPAM come through, mainly in wpforo that…

@travisbarker

Great Plugin

Great plugin. Helpful online support that understands the customer. Lightweight and easy to configure.

@captzeanie2016

Works great

A very good plugin

Leave a Comment Cancel reply

Author

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

View Profile

Main Sections

#1 – Vulnerability: Ultimate Member Plugin
#2 – Vulnerability: Brizy Page Builder Plugin
#3 – Vulnerability: Lightspeed Cache Plugin
#4 – All About TimThumb +Exclusive
#5 – WordCamp Asia Kicks Off This Week

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#3: Your Monday Morning Security Notes

#1 – Vulnerability: Ultimate Member Plugin

#2 – Vulnerability: Brizy Page Builder Plugin

#3 – Vulnerability: Lightspeed Cache Plugin

#4 – All About TimThumb +Exclusive

#5 – WordCamp Asia Kicks Off This Week

A great tool from iControlWP

Can’t live without it now

Great Plugin

Works great

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#21: New Supply Chain Attack; Elementor Addon & WP Google Map Vulnerabilities; Hacker Security Guide

ShieldNOTES Ep#18: Critical XSS for WooCommerce; WCEU24&25

ShieldNOTES Ep#23: Numerous High Risk Vulnerabilities, and a closer look at SQL Injection 💉 Attacks

ESSENTIAL WORDPRESS SECURITY NEWS