3 Zero-Days of WordPress Plugins on the Net Put Thousands of WordPress at Risk

What is a Zero-Day? Quoting the security company Panda Security:

One zeroday attack or zero-day attack is an attack against an application or system that aims to execute malicious code thanks to the knowledge of vulnerabilities unknown to the public or the manufacturer.

Deciphering what a Zero-Day means, from the Wordfence security blog, they inform us that there are currently three very popular plugins that are in this situation:

  • Appointments by WPMU Dev (fixed in version 2.2.2)
  • Flickr Gallery by Dan Coulter (fixed in version 1.5.3)
  • RegistrationMagic-Custom Registration Forms by CMSHelpLive (fixed in version 3.7.9.3)

It is given the category of Zero-Day since these three plugins were vulnerable and were being used by the “bad guys” without anyone knowing anything, neither users nor developers.

Thanks to the Wordfence security team, it was discovered that these three plugins were creating havoc on the network, since they include a shell that allows the attacker to seize the attacked WordPress and access all its files to manipulate them at will.

Currently the three companies or developers responsible for these plugins have been notified and all three already have a security update that corrects these vulnerabilities.

If you are a user of any of these plugins, our recommendation is that you update as soon as possible to avoid further complications.

Today, at 7:00 p.m. in Spain, Antonio Postigo @hoystreaming and Pedro Santos @hostfusion, we will tell you everything that happens with this matter, in addition to our usual sections, security, updates and news about the community, such as:

  • Regenerate Thumbnails plugin surpasses 5 million downloads
  • Gutenberg launches its version 1.2 without even knowing that it will replace React
  • Most popular plugin updates

You can see the program live in this same post.

WordPress News in Spanish, every Tuesday and Thursday, at 7:00 p.m. live, with Antonio Postigo @hoystreaming and Pedro Santos @hostfusion

All the videos from previous programs are available in the WordPress News section in Spanish and also in our Podcast.

An original idea of Host-Fusion.Com your provider hosting para WordPress trustworthy and HoyStreaming.comYour digital window to the world.

20% discount on WordPress hosting at Host-Fusion.com