There’s another supply chain attack with WP.org plugins affected.<\/p>\n\n\n\n
CSRF with 100,000 installs.<\/p>\n\n\n\n
How will I know I’m okay?<\/strong> What’s the risk?<\/strong> Editor Comment<\/strong> More Info \u2192<\/a><\/p>\n\n\n\n Widely used plugin with a critical Privilege Escalation vulnerability.<\/p>\n\n\n\n How will I know I’m okay?<\/strong> What’s the risk?<\/strong> Editor Comment<\/strong> More Info \u2192<\/a><\/p>\n\n\n\n Potentially 300,000 WP sites with severe security risk.<\/p>\n\n\n\n How will I know I’m okay?<\/strong> What’s the risk?<\/strong> Editor Comment<\/strong> More Info \u2192<\/a><\/p>\n\n\n\n Not a hugely popular plugin, but it poses a high risk.<\/p>\n\n\n\n How will I know I’m okay?<\/strong> What’s the risk?<\/strong> Editor Comment<\/strong> More Info \u2192<\/a><\/p>\n\n\n\n Polyfill.js – a widely used JavaScript library – has been exploited by hackers with malicious code that can lead to Cross-Site Scripting (XSS) risk and steal user data, manipulate site actions, and redirect visitors to malicious sites.<\/p>\n\n\n\n These plugins below are known to embed scripts from the affected domains and should be updated to the latest version or removed:<\/p>\n\n\n\n Amelia<\/a><\/strong> WP User Frontend<\/a><\/strong> Product Customer List for WooCommerce<\/a><\/strong> Editor Comment<\/strong> Bad guys never sleep, and neither should we. We guide you through easy steps to defend your site and keep it secure.<\/p>\n\n\n\n
Upgrade ASAP to v3.2.8+<\/p>\n\n\n\n
Severity risk 8.3<\/strong>\/10 – an attacker can force privileged users to execute unwanted actions while authenticated.<\/p>\n\n\n\n
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n#2 – Vulnerable: Ultimate Addons for Elementor Plugin<\/h2>\n\n\n\n
Upgrade ASAP to v1.36.32+<\/p>\n\n\n\n
Severity risk 8.8<\/strong>\/10 – an attacker can escalate their low-privileged account to gain higher privileges and take full control of the website.<\/p>\n\n\n\n
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n#3 – Vulnerable: WP Google Map Plugin<\/h2>\n\n\n\n
Upgrade ASAP to v4.6.2+<\/p>\n\n\n\n
Severity risk 8.5<\/strong>\/10 – SQL Injection – an attacker can interact with your WP database directly!<\/p>\n\n\n\n
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n#4 – Vulnerable: UsersWP Plugin<\/h2>\n\n\n\n
Upgrade ASAP to v1.2.11+<\/p>\n\n\n\n
Severity risk 9.3<\/strong>\/10 – SQL Injection – an attacker can interact with your WP database directly!<\/p>\n\n\n\n
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n#5 – Plugins Affected by Polyfill Supply Chain Attack<\/h2>\n\n\n\n
No official fix available. Remove it for now.<\/p>\n\n\n\n
Upgrade to v4.0.8+<\/p>\n\n\n\n
Upgrade to v3.1.7+<\/p>\n\n\n\n
As a precautionary measure, take a few minutes each week to perform a review of your sites<\/a> to catch issues early.<\/p>\n\n\n\n#6 – From our blog: Secure your site from hackers<\/h2>\n\n\n\n