In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
The WordPress 404 to 301 plugin (100,000+ active installations), fixed a broken access control vulnerability affecting version 3.0.7 and below.
The WordPress Flo Forms plugin (10,000+ installations) fixed a critical zero-day vulnerability affecting version 1.0.35 and below that could allow the attacker to take over the website and its database.
The WordPress WP Quick FrontEnd Editor plugin (1,000+ active installations) is prone to a broken access control vulnerability affecting version 5.5 and below that could lead to authenticated content injection, stored XSS and settings change.
The WordPress Kali Forms plugin (30,000+ active installations) fixed multiple vulnerabilities affecting version 2.1.2 and below.