For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
The Visual Composer plugin for WordPress (80,000+ active installations) fixed multiple stored XSS vulnerabilities affecting version 26.0 and below.
The WordPress Login/Signup Popup plugin, which has 10,000+ active installations, fixed a zero-day vulnerability affecting version 1.4 and below.
The Elementor Pro plugin for WordPress is prone to a critical zero-day vulnerability affecting version 2.9.3 and below.
Elementor Page Builder (4+ million installations), was prone to a broken access control vulnerability affecting version 2.9.7 and below that could lead to stored XSS vulnerability via SVG image upload.
Avada WordPress Theme (600,000 installations) fixed multiple critical vulnerabilities affecting version 6.2.2 and below.