Three WordPress Plugin Vulnerabilities
The guys at WordFence are hard at work fighting several new threats. Here is the info direct from their Blog:
Wordfence 2015 Update and Three Plugin Vulnerabilities You Should Know About
2015 is going to be an exciting year for WordPress publishers. WordPress growth continues to accelerate and the focus this year is on security. The large install base that WordPress has makes it a very attractive target for hackers to find and exploit zero day vulnerabilities.
At Wordfence we are working hard to continue providing protection, early detection and excellent site performance when you install Wordfence on your WordPress website. To that end we now have two US based customer service representatives, Tim and Brian, dedicated to our open source forums who are providing a high level of support to our free customers and continue to give our paid customers priority in our Premium ticketing system. We also have a new Wordfence core developer, Matt based out in Maine, who has already started to check in his first few improvements. Wordfence has some exciting product announcements due later this quarter so watch this space.
Now on to business. Unfortunately cybersecurity did not take a break over the holiday season and so here is a quick roundup of the most important current vulnerabilities we’re tracking and that you should be aware of:
The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability. This was fixed in version 2.5 which was released on 30 December. Please upgrade immediately. (plugin is popular with over 200,000 downloads)
The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you’re using this plugin. (plugin has approximately 20,000 downloads)
The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you’re using this plugin. (plugin has approximately 20,000 downloads)
Please upgrade immediately if you are using any of these plugins.
Wishing you a prosperous 2015!
~The Wordfence Team
It’s critical for you to check your website even if you do not have the above plugins. WordPress is the number one target of Hackers, so get busy and tighten up your security! Good Luck and Happy blogging!