The Ninja Technologies Network
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
The WordPress Advanced Shipment Tracking for WooCommerce (50,000+ active installations) fixed a critical vulnerability affection version 3.2.4.1 and below.
The WordPress Frontend File Manager plugin (2,000+ active installations) fixed multiple critical vulnerabilities affecting version 18.2 and below that could lead to content injection, privilege escalation, stored XSS, arbitrary file upload among several other issues.
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress PWA for WP and AMP plugin (20,000+ active installations) fixed a critical broken access control vulnerability affecting version 1.7.32 and below that could lead to arbitrary file upload and remote code execution.
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.