ShieldNOTES Ep#30: Severe Risks, No-Fix Vulnerabilities & Tips for Theme Protection

We’re highlighting high risk plugins, 2 severe no-fix vulnerabilities, and tips on protecting your themes, from our blog.

#1 – Vulnerable: Betheme Theme

300,000+ sites at risk of code execution with no official fix.

How will I know I’m okay?
No fix available yet; please monitor for updates.

What’s the risk?
Severity risk 8.5/10 – PHP Object Injection – an attacker can inject and execute malicious objects within a PHP application.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: Memberpress Plugin

A well-known plugin with script injection threat.

How will I know I’m okay?
Upgrade ASAP to v1.11.30+

What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: Beaver Builder Plugin

Another popular plugin with XSS threat.

How will I know I’m okay?
Upgrade ASAP to v2.8.3.6+

What’s the risk?
Severity risk 6.5/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – Vulnerable: Tutor LMS Pro Plugin

Unauthorized access risk with 90,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v2.7.3+

What’s the risk?
Severity risk 7.1/10 – Broken Access Control – unauthorised users can access sensitive data to perform higher-level actions.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#5 – Vulnerable: Super Testimonials Plugin

A lesser-known plugin but with a critical XSS and no official fix.

How will I know I’m okay?
No fix available yet; please monitor for updates.

What’s the risk?
Severity risk 9.8/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#6 – From our blog: Protect Your Theme from Threats

Themes can improve your site’s appearance but might also bring threats. Choosing secure themes and protecting your site is crucial to avoid vulnerabilities and ensure strong security.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress