{"id":163595,"date":"2024-08-12T14:12:16","date_gmt":"2024-08-12T13:12:16","guid":{"rendered":"https:\/\/getshieldsecurity.com\/?p=163595"},"modified":"2024-08-13T09:12:31","modified_gmt":"2024-08-13T08:12:31","slug":"shieldnotes-ep26","status":"publish","type":"post","link":"https:\/\/getshieldsecurity.com\/blog\/shieldnotes-ep26\/","title":{"rendered":"ShieldNOTES Ep#26: Many High-Risk Plugins & our Blog: WordPress Backdoor Threats"},"content":{"rendered":"\n

Another week with major high-risk vulnerabilities, alongside tips on WordPress backdoor threats, from our blog.<\/p>\n\n\n\n

#1 – Vulnerable: GiveWP Plugin<\/h2>\n\n\n\n

High severity PHP Object Injection vulnerability.<\/p>\n\n\n\n

How will I know I’m okay?<\/strong>
Upgrade ASAP to v3.14.2+<\/p>\n\n\n\n

What’s the risk?<\/strong>
Severity risk 10<\/strong>\/10 – an attacker can inject and execute malicious objects within a PHP application.<\/p>\n\n\n\n

Editor Comment<\/strong>
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

#2 – Vulnerable: MainWP Child Reports Plugin<\/h2>\n\n\n\n

CSRF on up to 90,000 sites.<\/p>\n\n\n\n

How will I know I’m okay?<\/strong>
Upgrade ASAP to v2.2.1+<\/p>\n\n\n\n

What’s the risk?<\/strong>
Severity risk 8.8<\/strong>\/10 – an attacker can force privileged users to execute unwanted actions while authenticated.<\/p>\n\n\n\n

Editor Comment<\/strong>
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

#3 – Vulnerable: BookingPress Plugin<\/h2>\n\n\n\n

A lesser-known plugin but with a high Broken Authentication.<\/p>\n\n\n\n

How will I know I’m okay?<\/strong>
Upgrade ASAP to v1.1.8+<\/p>\n\n\n\n

What’s the risk?<\/strong>
Severity risk 10<\/strong>\/10 – an attacker can access site without permission, steal data, or take over user accounts.<\/p>\n\n\n\n

Editor Comment<\/strong>
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

#4 – Vulnerable: LearnPress Plugin<\/h2>\n\n\n\n

SQL Injection vulnerability with 90,000 installs.<\/p>\n\n\n\n

How will I know I’m okay?<\/strong>
Upgrade ASAP to v4.2.6.9.4+<\/p>\n\n\n\n

What’s the risk?<\/strong>
Severity risk 8.5<\/strong>\/10 – SQL Injection – an attacker can interact with your WP database directly!<\/p>\n\n\n\n

Editor Comment<\/strong>
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

#5 – Vulnerable: Cost Calculator Builder Plugin<\/h2>\n\n\n\n

Another critical SQL Injection risk.<\/p>\n\n\n\n

How will I know I’m okay?<\/strong>
Upgrade ASAP to v3.2.16+<\/p>\n\n\n\n

What’s the risk?<\/strong>
Severity risk 9.3<\/strong>\/10 – SQL Injection – an attacker can interact with your WP database directly!<\/p>\n\n\n\n

Editor Comment<\/strong>
Please use ShieldPRO’s auto-upgrade feature<\/a> for vulnerable plugins.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

#6 – From our blog: WordPress Backdoor Threats<\/h2>\n\n\n\n

For effective site security, it\u2019s vital to spot, remove, and prevent hidden backdoor risks that give hackers ongoing access.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

Thanks for reading, and have a great week!<\/p>\n\n\n\n

Paul Goodchild<\/strong>
Shield Security for WordPress<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Another week with major high-risk vulnerabilities, alongside tips on WordPress backdoor threats, from our blog.<\/p>\n","protected":false},"author":27,"featured_media":161171,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[153,201],"tags":[69],"class_list":["post-163595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-wordpress-solutions","category-shieldnotes","tag-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/163595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/comments?post=163595"}],"version-history":[{"count":5,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/163595\/revisions"}],"predecessor-version":[{"id":163601,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/163595\/revisions\/163601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media\/161171"}],"wp:attachment":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media?parent=163595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/categories?post=163595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/tags?post=163595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}