14 WP Security Plugin Vulnerabilities MAY 2022 Threat

WP Security Plugin Vulnerabilities MAY 2022

Be informed about the latest WP Security Plugin Vulnerabilities MAY 2022 Threat Case Study, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on any WordPress Security or WordPress Hosting. Contact us for our WP/Woo Security audit

A jaw-dropping approximated 1.543.000+ active WordPress sites are circumvented by WP Security Plugin Vulnerabilities MAY 2022, as security relies on these measures. It is a whooping -70% DECREASE compared to last month. The estimated number can increase with premium versions and/or closed versions, as they are private purchases.

Furthermore, the initial estimation can multiply if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.

If you are serious about your business, then you need to pay attention to the WordPress Security best practices. In this post, we will share all the latest WordPress plugin vulnerability reports to help you protect your website against hackers and malware. The following cases made headlines PUBLICLY just last month in the WP Security Plugin Vulnerabilities MAY 2022 category:



• ULeak Security & Monitoring Plugin – Stored Cross-Site Scripting (XSS) vulnerability
  • This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• SiteGround Security – Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability
• SiteGround Security – Authentication Bypass via 2-Factor Authentication Setup vulnerability
  • Active installations: 400,000+

---

• All In One WP Security & Firewall – Authenticated Arbitrary Redirect / Reflected XSS vulnerability
  • Active installations: 1+ million

---

• BulletProof Security – Stored Cross-Site Scripting (XSS) vulnerability
  • Active installations: 50,000+

---

• Page Restriction WordPress (WP) – Protect WP Pages/Post – Stored Cross-Site Scripting (XSS) vulnerability
  • Active installations: 600+

---

• OOPSpam Anti-Spam – SQL Injection (SQLi) vulnerability
  • Active installations: 50+

---

• Ad Invalid Click Protector (AICP) – Cross-Site Request Forgery (CSRF) vulnerability
• Ad Invalid Click Protector (AICP) – Reflected Cross-Site Scripting (XSS) vulnerability
• Ad Invalid Click Protector (AICP) – Arbitrary Ban Deletion via CSRF
  • Active installations: 20,000+

---

• Wbcom Designs – WordPress System Log – Arbitrary Plugin Installation, Activation and Deactivation vulnerability
  • This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Import and export users and customers – Stored Cross-Site Scripting (XSS) vulnerability
  • Active installations: 70,000+

---

• RSFirewall! – IP Block Bypass vulnerability
  • Active installations: 2,000+

---

• Easily Generate Rest API Url – Stored Cross-Site Scripting (XSS) vulnerability
  • This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• MicroPayments – Paid Author Subscriptions, Content, Downloads, Membership – Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
  • Active installations: 100+

---

• Advanced uploader – Arbitrary File Upload vulnerability
  • This plugin has been closed as of March 28, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Turn off all comments – Reflected Cross-Site Scripting (XSS) vulnerability
  • This plugin has been closed as of April 19, 2022 and is not available for download. This closure is temporary, pending a full review.

---

Why do you need updated security?

A WordPress Security plugin provides many valuable functions, but at its most basic, a WordPress security plugin protects your website from attacks during the time it is vulnerable. WordPress Security is a subject of big relevance for every single internet site proprietor. Google blacklists ~ daily 10,000+ internet domains for malware as well as ~ weekly 50,000 for phishing.

Even if your website starts protected, in time it will certainly come to be much less and less protected. It’s important to secure on your own from hackers who are continuously seeking vulnerabilities within the popular WordPress CMS.

Once hackers find and exploit these vulnerabilities, then developers will patch those holes and release an update for their users. However, there’s a time gap of weeks or even months, between the time when the vulnerability is exploited and the patch is provided. During this time you’re exposed.

What is Vulnerability Knowledge?

As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.

Can MY WordPress be hacked?

“No System Is Safe” and also WordPress is not an exemption. WordPress simply BY ITSELF is very secure. Stats reveal that 41% of hacked WordPress websites get hacked through WordPress hosting vulnerabilities, 29% through a theme, 22% through a plugin, and also 8% as a result of weak passwords. The Security of your site is only as good as the foundation it’s running on. That’s why it’s important to audit existing Security measures already in place, such as WP Security Plugin Vulnerabilities MAY 2022.

MANAGED WP/Woo Security: WP Security Plugin Vulnerabilities MAY 2022 | Case Study Related Posts