For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
Improper input validation in the WordPress Controlled Admin Access plugin (8,000+ active installations) affecting version 1.5.5 and below could lead to privilege escalation.
The WordPress Flo Forms plugin (10,000+ installations) fixed a critical zero-day vulnerability affecting version 1.0.35 and below that could allow the attacker to take over the website and its database.
Many WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress Ultimate GDPR and CCPA Compliance Toolkit plugin, which has 6,000+ sales on Envato Market, was prone to a critical unauthenticated settings import and export vulnerability affecting version 2.4 and below that could allow an attacker to redirect traffic to a malicious site among other issues.
The WordPress uListing plugin (3,000+ active installations) fixed multiple critical vulnerabilities affecting version 1.6.6 and below.