Introducing Our Monthly WordPress Vulnerability Report

Delivering your website isn‘t the end of the road for us. Today, as a part of this strategy, we‘re pleased to introduce a monthly WordPress vulnerability report. At the start of each month, we‘ll cover plugin updates essential for our clients.

Monthly WordPress Vulnerability Report
Article by Dawid Zimny
I am particularly interested in web analytics. Knowing the way your visitors browse your website will help you improve their browsing experience and is crucial for converting them into clients.

In this issue:

  • Contact Form 7

Before we dive in, I invite you to watch the video made by our technical director to explain WordPress security in more detail.

The idea behind our report

We want to make you aware of the number of risks for websites that neglect maintenance. As a result, you will get the hang of an important part of our maintenance routine. Our report will let you know about the crucial security updates to WordPress and the plugins we use on our clients’ sites.

Keeping track of the security vulnerabilities is a gruelling task. Even if you know where to look for the release notes, reading them often isn‘t a walk in the park. Let‘s change that! We want to offer a comprehensive, easy-to-understand report. No redundant information, no confusing vocabulary. Each month you’ll learn what, when and why we have updated.

Closing words

The real responsibility starts the moment you make your website publicly available. Thus our service goes beyond the launch of it. We come across business owners who had their website built by an unprofessional agency or a freelancer, who has disappeared from the surface of the earth the minute after he received the final payment.

Raising awareness about the security risks of neglected websites is an important mission for us. We’re monitoring the vulnerabilities of WordPress plugins for our clients on a daily basis. Now we’ve decided to share our results with you.

Improving the security of individual websites will improve the security of the WordPress platform so we hope you’ll find this series useful and consequently learn how to keep your website safe and sound.

A preview from the first issue

Just as promised, here’s a preview from our inaugural “Monthly WordPress Vulnerability Report”.

Contact Form 7!

Problem
It escalated the permissions for the Contributor role due to a bug in the code. A logged-in user in the Contributor role could edit the contact forms. By default, the plugin reserves the edit permission for the users with Administrator and Editor roles.
Is it safe?
Fixed in version 5.0.4, released 04.08.2018.
Our recommendation
The plugin now reads the permissions for the Contributor role correctly. The security of the functionality that allowed you to send file attachments in replies to your visitors got improved. You can only specify file paths from within the secure wp-content directory of your website. As a result, a potential attacker is less likely to attach malicious files to the e-mails you send to your visitors.

Got Something To Share?

Your email address will not be published. Required fields are marked *