Critical vulnerabilities in WordPress plugins


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin. 

One of the reasons is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference go to Wordfence.

Already this month 

Several critical vulnerabilities found in the WP Lead Plus X WordPress plugin.

This plugin is installed on over 70,000 sites.

The Wordfence blog has full technical details, along with what to do if you use this plugin.

A vulnerability discovered in the Accordion plugin which allows attackers to inject malicious scripts.

The Wordfence blog has full technical details, along with what to do if you use this plugin.

Wordfence discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker

A WordPress plugin installed on over 100,000 sites. 

This plugin has now been closed for download. They strongly recommend deactivating and removing this plugin.

A high-severity vulnerability discovered in the Widget Settings Importer/Exporter plugin.

WordPress plugin team removed the plugin from the official WordPress.org plugin repository.

There is currently no fix for this high-severity security issue and indications are that the plugin will remain unpatched.

The Wordfence blog has full technical details, along with what to do if you use this plugin.

My advice

If you use one of these plugins, take action recommended by Wordfence to keep your website safe from hackers.

Check on a daily base your plugins for an update, it takes only a few minutes to do so and will save you tons of headaches and hours of work to fix security issues. 

All the best,

Luc

If you find this article informative, share it with your friends and/or leave a comment/question below

Add a Comment

You have to agree to the comment policy.