Critical vulnerabilities in WordPress plugins – May 2023

Posted On May 19, 2023

To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – May 2023

Critical vulnerabilities in WordPress plugins – May 2023

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Vulnerability in Essential Addons for Elementor

A WordPress plugin with over one million active installations.

A patch was released for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access.

Over the past few days, we’ve seen millions of probing attempts for the plugin’s readme.txt file, which are likely to be attackers probing for the plugin to build a target site exploit list, along with over 6,900 blocked exploit attempts.

Considering how easily this vulnerability can be successfully exploited, we highly recommend all users of the plugin update ASAP to ensure their site is not compromised by this vulnerability.

Multiple Vulnerabilities Patched in Shield Security

A security plugin with over 50,000 installations.

One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into the same dashboard, which could also be used to exploit the first vulnerability in configurations where the unauthenticated technique was not viable.

These vulnerabilities have been fully patched in version 17.0.18 you should update to.

A vulnerability in Blubrry’s PowerPress plugin

Installed on more than 50,000 WordPress websites.

The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.

As always, it is recommended to update to the latest version as soon as possible.

About The Author

lucbizz

I’m Luc Dermul, a Belgian online entrepreneur living in “the big apple of Flanders” Antwerp

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Critical vulnerabilities in WordPress plugins – May 2023

Vulnerability in Essential Addons for Elementor

Multiple Vulnerabilities Patched in Shield Security

A vulnerability in Blubrry’s PowerPress plugin

Related Posts

Give yourself a KISS!

Advice on finding the right business mentor

Critical vulnerabilities in WordPress plugins – January 2023

About The Author

lucbizz

Add a Comment