Critical vulnerabilities in WordPress plugins – February 2021


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – February 2021

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Four vulnerabilities that were discovered in Ninja Forms

A plugin installed on over 1 million sites.

These vulnerabilities could allow attackers to intercept email, redirect site administrators, establish a Ninja Forms OAuth connection, and disconnect a Ninja Forms OAuth connection.

They consider these to be severe vulnerabilities that could ultimately lead to complete site takeover, therefore, Wordfence highly recommend updating to the fully patched version, 3.4.34.1, immediately.

Read full details

Tthree vulnerabilities in Responsive Menu

A WordPress plugin installed on over 100,000 sites.

These vulnerabilities could allow attackers to upload arbitrary files and ultimately achieve remote code execution and site takeover.

Wordfence considers all three patched flaws: medium and critical severity vulnerabilities. Therefore, highly recommended updating to the patched version, 4.0.4, immediately.

Read full details

Two vulnerabilities in NextGen Gallery

Including a critical Cross-Site Request Forgery (CSRF) leading to full Remote Code Execution (RCE). These vulnerabilities effect 800,000 WordPress sites.

NextGEN Gallery is a popular WordPress plugin designed to create highly responsive image galleries.

These vulnerabilities have been fully patched in version 3.5.0, and Wordfence strongly recommend that site owners immediately update to the latest version available at this time.

Read full details

A vulnerability in Contact Form 7 Style

A plugin installed on over 50,000 sites.

Please note that this is a separate plugin from “Contact Form 7” and is designed as an add-on to that plugin.

This vulnerability remains unpatched.

Wordfence strongly recommend deactivating and removing this plugin and finding a replacement as it no longer appears to be maintained by its developer.

Read full details

Wordfence offering free site cleanings & site security audits to public/state-funded schools worldwide.

With more students and teachers remotely connecting for education, the need for security awareness has never been greater. Malware infected websites pose a significant risk to students, teachers, parents and administrators. These risks include the breach of personal information, the risk of threat actors targeting children, and the disruption of learning and online services to students.

Wordfence is committed to helping public schools safely educate the next generation. Each Wordfence site cleaning and site security audit is valued at $490.

Read full details

All the best,

Luc

Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do 🙂

Add a Comment

You have to agree to the comment policy.