Critical vulnerabilities in WordPress plugins – January 2023
To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.
One reason is that they report regularly on critical vulnerabilities of plugins you might use.
There are few available, although my preference goes to Wordfence.
Critical vulnerabilities in WordPress plugins – January 2023
The Wordfence Threat Intelligence team found sofar these vulnerabilities:
A missing authorization vulnerability in Blog2Social
A plugin installed over 70.000 sites that allows users to set up post sharing to various social networks.
As part of the plugin’s functionality, there are some more advanced settings that can be managed.
Unfortunately, this was implemented insecurely making it possible for authenticated attackers to update these settings even without the authorization to do so.
It is strongly recommended updating to version 6.9.12 or higher of Blog2Social to ensure that your site is protected against any exploits targeting this vulnerability.
Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium
A plugin with over 50,000 installations.
This vulnerability allows unauthenticated attackers to upload executable files to WordPress sites running a vulnerable version of the plugin. This allows attackers to place a back door, obtain Remote Code Execution, and take over the site.
It's highly recommended updating to the latest version of the plugin.
Wordfence launched an entirely free vulnerability database API and web interface, available for commercial use.
There is no delay on how quickly we add vulnerabilities to this free database. As soon as a vulnerability is disclosed, we add it. There is also no limitation on the use of this data, other than an attribution requirement for vulnerabilities sourced from MITRE, and an attribution requirement for our own vulnerabilities. Each vulnerability record includes the data you need to provide this attribution on your user interface.
Our hope is that hosting companies, software developers and security providers will turn this data into free and commercial security products that will improve the security of the WordPress community. By giving the data away for free, and allowing commercial use, we are acting as a catalyst for innovation in the vulnerability scanning space. Individual developers no longer have an expensive barrier to entry if they want to implement a new kind of vulnerability scanning software for the community. It is our hope that this database will foster innovation in the WordPress security space and improve the security of the WordPress community as a whole. - by Wordfence
You can find the free vulnerability database on their website.
All the best,
Luc
Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment, or subscribe to my newsletter (and enjoy my gift to you). I thank you if you do. 😉
About The Author
lucbizz
I’m Luc Dermul, a Belgian online entrepreneur living in “the big apple of Flanders” Antwerp