{"id":159930,"date":"2024-04-29T10:53:14","date_gmt":"2024-04-29T09:53:14","guid":{"rendered":"https:\/\/getshieldsecurity.com\/?p=159930"},"modified":"2024-05-15T09:34:00","modified_gmt":"2024-05-15T08:34:00","slug":"shieldnotes-ep11","status":"publish","type":"post","link":"https:\/\/getshieldsecurity.com\/blog\/shieldnotes-ep11\/","title":{"rendered":"ShieldNOTES Ep#11: Some big vulnerabilities, &amp; Wordfence vs Sucuri vs Shield"},"content":{"rendered":"\n<p>Some critical vulnerabilities to review, and a head-to-head of security plugins from our blog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">#1 &#8211; Vulnerability: WordPress Automatic Plugin<\/h2>\n\n\n\n<p>If you use this plugin, upgrade immediately.<\/p>\n\n\n\n<p><strong>How will I know I&#8217;m okay?<\/strong><br>Upgrade to <em>v3.92.1+<\/em><\/p>\n\n\n\n<p><strong>What&#8217;s the risk?<\/strong><br>SQL injection with <strong>9.9<\/strong>\/10 severity allows any attacker to interact with your database.<\/p>\n\n\n\n<p>Editor Comment<br>Please use <a href=\"https:\/\/getshieldsecurity.com\/blog\/wordpress-plugin-vulnerability-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener\">ShieldPRO&#8217;s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n<p><a href=\"https:\/\/patchstack.com\/database\/vulnerability\/wp-automatic\/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability\" target=\"_blank\" rel=\"noreferrer noopener\">More Info \u2192<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">#2 &#8211; Vulnerability: WordPress Royal Elementor Addons Plugin<\/h2>\n\n\n\n<p>If you use this plugin, upgrade immediately.<\/p>\n\n\n\n<p><strong>How will I know I&#8217;m okay?<\/strong><br>Upgrade to <em>v1.3.95+<\/em><\/p>\n\n\n\n<p><strong>What&#8217;s the risk?<\/strong><br>Arbitary File Upload with <strong>8.2<\/strong>\/10 severity allows any attacker to upload a file to your site.<\/p>\n\n\n\n<p><strong>Editor Comment<\/strong><br>Please use <a href=\"https:\/\/getshieldsecurity.com\/blog\/wordpress-plugin-vulnerability-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener\">ShieldPRO&#8217;s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n<p><a href=\"https:\/\/patchstack.com\/database\/vulnerability\/royal-elementor-addons\/wordpress-royal-elementor-addons-and-templates-plugin-1-3-94-unauthenticated-limited-file-upload-vulnerability\" target=\"_blank\" rel=\"noreferrer noopener\">More Info \u2192<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">#3 &#8211; Wordfence vs Sucuri (vs Shield)<\/h2>\n\n\n\n<p>We&#8217;re often asked about how we compare to Wordfence and our response is usually something like, &#8220;We don&#8217;t&#8221;.<\/p>\n\n\n\n<p><strong>Which Security Plugin Is Best?<\/strong><br>Simple: the one that does what you need it to do.<\/p>\n\n\n\n<p><strong>What&#8217;s the difference?<\/strong><br>Each security service offers different features and takes a slightly different approach. We believe in prevention over cure, and logging over constant alerts.<\/p>\n\n\n\n<p>We&#8217;ve done a bit of a diff between 2 of the most popular security plugins and then provided a bit of a comparison with Shield.<\/p>\n\n\n\n<p><a href=\"https:\/\/getshieldsecurity.com\/blog\/wordfence-vs-sucuri\/\" target=\"_blank\" rel=\"noreferrer noopener\">More Info \u2192<\/a><\/p>\n\n\n\n<p>Thanks for reading, and have a great week!<\/p>\n\n\n\n<p><strong>Paul Goodchild<\/strong><br><em>Shield Security for WordPress<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some critical vulnerabilities to review, and a head-to-head of security plugins from our blog.<\/p>\n","protected":false},"author":27,"featured_media":157238,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[153,201],"tags":[69],"class_list":["post-159930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-wordpress-solutions","category-shieldnotes","tag-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/159930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/comments?post=159930"}],"version-history":[{"count":2,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/159930\/revisions"}],"predecessor-version":[{"id":159933,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/159930\/revisions\/159933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media\/157238"}],"wp:attachment":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media?parent=159930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/categories?post=159930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/tags?post=159930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}