Nine WordPress Plugins Expose Over 1.3 Million Sites To Exploits

Share on facebook
Share on google
Share on twitter
Share on linkedin

WordPress is an open-source content management system free of cost and also it developed in PHP that works in conjunction with a MySQL or MariaDB database. A plugin framework and a template system, known as Themes in WordPress, are among the features.

A WordPress plugin provides software that “plugs into” your WordPress website. Plugins may add new functionality to your site or enhance current functionality, allowing you to construct almost any type of website, from e-commerce stores to portfolio to directory sites.

Plugins might make minor modifications to your site or major ones, depending on their functionality. You might, for example, use a plugin to add a WhatsApp share button to your site or build an utterly bilingual site. For instance, if you own an e-commerce site, you might install a plugin to help with payment gateways or allow users to schedule appointments online.

There are additional plugins that may help you improve your contact forms, create stunning sliders, backup your site in case of data loss, and make email opt-in simple – among other things.

WordPress security researchers and the United States Government Vulnerability Database issued advisories about WordPress plugin vulnerabilities. Nine of the most popular plugins influence more than 1.3 million websites.

Over 1.3 million WordPress sites are vulnerable to exploits due to nine WordPress plugins.

See Also: 5 WordPress Plugins You Should Install Today!

Plugin for Header and Footer Code Management

The Header Footer Code Manager WordPress Plugin has a Reflected Cross-Site Scripting vulnerability, according to Wordfence security researchers. This plugin has been downloaded over 300,000 times.

In order to make the site vulnerable to a whole site takeover, the hacker must trick an administrator into clicking a link or performing another action.

plugin for header and footer code management

This plugin is used to upload code to websites because it affects a susceptible portion of WordPress sites. According to the experts, nefarious behaviors could include installing backdoors and harassing site visitors.

Publishers should upgrade the WordPress plugin to the latest up to version 4.0.7.

See Also: Google Publishes SEO Guide To HTTP Status Codes And DNS Errors

Database Backup for WordPress Security

Researchers at WPScan discovered a SQL Injection vulnerability in the Database Backup for WordPress plugin, which handles the most sensitive aspect of any WordPress installation, the database. This plugin has over 100,000+ installations.

The National Vulnerability Database recommends that publishers upgrade the Database Backup for the WordPress plugin to version 2.5.1 or higher. GiveWP – a donation plugin and fundraising platform for WordPress.

database backup for wordPress security

A Reflected Cross-Site Scripting vulnerability was discovered in the GiveWP Donation Plugin. Publishers are recommended to upgrade the plugin to or at the latest up to version 2.17.3.

 Ad Inserter – Ad Manager  & AdSense Ads (Free and Pro Versions)

WPScan discovered a vulnerability in the Ad Inserter – Ad Manager & AdSense Ads that might result in a Reflected Cross-Site Scripting attack. This plugin has over  200,000+ installations.

wordpress plugins

Publishers should upgrade to at the latest up to version 2.7.10. This plugin includes a vulnerability that might exploit through SQL injection.

See Also: Google Launching New Version Of PageSpeed Insights

The Popup Builder Plugin 

Many of the AJAX methods in the plugin do not check the user’s capabilities, consequently, it will lead to permission difficulties. The plugin has a method for determining the user’s capacity, but in these methods, it didn’t utilize. This plugin has over  200,000+ installations.

pop up builder plugin

Still, because it provides to all users regardless of their capabilities, any user can execute the susceptible AJAX methods as long as the nonce token is sent.

WordPress Download Manager Plugin

This plugin has a SQL Injection vulnerability that might lead to a Cross-Site Scripting attack. This plugin has over 100,000+ installations.

wordpress download manager plugin

Publishers should upgrade to the latest up to version 3.2.34.

WordPress Plugin Advanced Database Cleaner

Security researchers uncovered a flaw in this plugin that might result in a Reflected Cross-Site Scripting attack. This plugin has over 80,000+ installations.

wordpress plugin advanced database cleaner

Publishers should upgrade the plugin to the latest up to version 3.0.4.

See Also: Manage Unnatural Links By Manual Link Clean Up

GiveWP is a Donation Plugin and Fundraising Platform for WordPress

A Specular Cross-Site Scripting vulnerability was present in the GiveWP Donation Plugin. This plugin has over 100,000+ installations.

wordpress plugins

Publishers should upgrade the plugin to the latest version, 2.17.3.

See Also: Google Adds Author URL Property To Identify Authors Of Articles Uniquely

WordPress Content Copy Protection & No Right Click

Patchstack security researchers found this WordPress plugin and reported that it has a Cross-Site Request Forgery (CSRF) vulnerability. This plugin has over  100,000+ installations.

wordpress content copy protection

Publishers should upgrade to the latest up to version 3.4.5.

Anti-Malware Security and Brute-Force Firewall

This WordPress plugin also has a Specular Cross-Site Scripting vulnerability. An attacker would have to have administrative privileges to carry off the attack. Furthermore, this plugin has over  200,000+ installations.

Publishers should upgrade to at the latest up to version 4.20.94.

anti malware security

Many plugins were reported to contain vulnerabilities. However, these are some of the plugins.

All plugins will patch to address the issue, but it depends on the user to ensure they use the most recent versions to keep your websites and visitors secure.

Sign up for our Newsletter

Talk to Digital Expert Now!