This week’s vulnerabilities underscore the need to stay informed.

Don’t miss the notice about switching to PHP 7.4.

#1 – Vulnerable: MC4WP: Mailchimp Plugin

2+ million sites affected with malicious script injection.

How will I know I’m okay?
Upgrade ASAP to v4.9.17+

What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: Houzez Theme & Login Register Plugin

Unauthorised access escalation risk.

How will I know I’m okay?
Upgrade ASAP to v3.3.0+

What’s the risk?
Severity risk 8.8/10 – Privilege Escalation – an attacker can gain full access to a site by escalating their low user privileges.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#3 – Vulnerable: WCFM Marketplace Plugin

Plugin actively exploited with XSS but no official fix yet.

How will I know I’m okay?
No fix available yet; please replace or monitor for updates.

What’s the risk?
Severity risk 7.1/10 – XSS – allowing injection of malicious scripts into website that guests may execute.

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – WordPress Agency Summit 2024

A free online event starting this Friday, September 27th, will offer practical tips for building and optimizing fast, dynamic WordPress sites, covering topics like server optimization and security.

How can I get involved?
You can join the LiveStreams when they’re announced.

More Info →

#5 – Important Notice: Shield Security Will Require PHP 7.4+

Shield Security will soon need minimum PHP 7.4 to improve performance and take advantage of new PHP features, while continuing to support most users. Make sure to back up your site and talk to your web host about upgrading.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress