A few big vulnerabilities were published in the last week, with LearnPress and Bit File having the most severe.
We’ve written a helpful blog article about securing default WordPress credentials and recovering access.
#1 – Vulnerable: LearnPress Plugin
Critical unauthenticated SQL injection.
How will I know I’m okay?
Upgrade ASAP to v4.2.7.1+
What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can directly interact with your WP database!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Vulnerable: Bit File Manager Plugin
Unauthorised file uploads risk.
How will I know I’m okay?
Upgrade ASAP to v6.5.6+
What’s the risk?
Severity risk 9.9/10 – Arbitrary File Upload – an attacker can upload any type of file to your site, including backdoors that could gain further access.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Vulnerable: Stream Plugin
Unauthorized action execution threat.
How will I know I’m okay?
Upgrade ASAP to v4.0.2+
What’s the risk?
Severity risk 8.8/10 – CSRF – an attacker can force privileged users to execute unwanted actions while authenticated.
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Vulnerable: Backuply Plugin
SQL injection risk with 200,000+ installs.
How will I know I’m okay?
Upgrade ASAP to v1.3.5+
What’s the risk?
Severity risk 7.6/10 – SQL Injection – an attacker can directly interact with your WP database!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#5 – From our blog: Default WordPress Credentials & Recovery
WordPress uses “admin” as the default username, making sites vulnerable to attacks. It’s crucial to change this and use strong, unique passwords. If access is lost, WordPress offers several recovery options.
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
