This week spotlights hugely popular plugins being targeted, putting millions of sites at risk. Please apply patches ASAP.
We also share some tips on early threat detection and alerts, from our blog.
#1 – Widely-Used Plugins Under Attack
Each plugin below affects millions of sites and possibly yours, with known vulnerabilities, and are being actively exploited.
Update now to avoid potential risks.
LiteSpeed Cache Plugin
Path Traversal; 8.8/10; Update to v6.5.1+
ACF Plugin
Broken Access Control; 7.5/10; Update to v5.1.1+
Rank Math SEO Plugin
PHP Object Injection; 7.2/10; Update to v1.0.229+
MC4WP: Mailchimp Top Bar Plugin
XSS; 7.1/10; Update to v1.6.1+
Slider Revolution Plugin
XSS; 5.9/10; Update to v6.7.19+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Less Popular Plugins Exploited
The following are also actively exploited albeit less widely used. The 1st in the list is particularly severe.
YITH WooCommerce Ajax Search Plugin
SQL Injection; 9.3/10; Update to v2.8.7+
Broken Link Checker Plugin
XSS; 7.1/10; Update to v2.4.1+
FluentForm Plugin
XSS; 5.9/10; Update to v5.1.20+
SEOPress Plugin
XSS; 7.1/10; Update to v8.2+
Ultimate Member Plugin
XSS; 6.5/10; Update to v2.8.7+
Checkout Field Editor (Checkout Manager) for WooCommerce Plugin
XSS; 7.1/10; Update to v2.0.4+
Smart Custom 404 Error Page Plugin
XSS; 7.1/10; Update to v11.4.8+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our Blog: Real-Time Threat Detection with Custom Alerts
Being aware of threats is crucial as hackers improve their tactics. Custom security alerts detect suspicious actions, such as unauthorised logins and file changes, enabling quick responses and fewer false positives
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress