A fresh set of serious WordPress plugin vulnerabilities has been flagged, and a few of them don’t have a fix yet.

Several Widely Used Plugins Have Critical Flaws Right Now

Security researchers have identified a batch of plugin vulnerabilities ranging from arbitrary file upload and SQL injection to privilege escalation, some of it serious enough to give an attacker significant access to a site. Several of these flaws already have patches available. A few do not, which changes what the right response looks like.

Any WordPress site is only as secure as the plugins running on it. A single vulnerable plugin, even one that seems minor, is often all it takes for an attacker to get in.

What to Do

  • Check your site’s active plugin list. Most sites run more plugins than the owner remembers installing.
  • Update anything with a fix available right away, don’t wait for a convenient time.
  • For plugins with no fix yet, removing or replacing them is the safer move rather than waiting and hoping.

If you’re not sure what’s currently installed on your site or whether any of it is affected, having someone check for you takes the guesswork out of it.

Source: Shield Security