What's Up With WordPress This Time?
September 24, 2021
2 min 2 sec read
These days, WordPress (WP) can't catch a break from bug-related incidents. In August, a nasty WordPress bug found in the SEOPress plugin put 100,000 sites at risk
. This month, one very popular plugin for forms outdid last month's bug by adding a zero and a comma to the new number of WP sites at risk.
Vulnerabilities were found in the Ninja Forms plugin, affecting over 1 million site owners
. Wordfence's Threat Intelligence team started looking into the Ninja Forms plugin and discovered weaknesses in its security.
They realized there were flaws in the plugin's code, which made it possible to leak sensitive data. Not only that, there was a weak spot in the REST-API endpoint, allowing any authenticated user (like an attacker) to trigger bulk email actions.
An attacker could socially engineer their way into launching convincing phishing email campaigns. Posing as a real person, they could craft realistic-looking emails with personalized subjects and body text to get whatever information they'd like.
Another thing that Wordfence's Threat Intelligence team found is that any registered user could export every form that had been submitted on a WP website. An attacker could pull all the sensitive data to send their own phishing emails.
Now, Ninja Forms has been patched to resolve these security issues as of Sept. 22nd, and now WP users have to remember to manually update this plugin
. Imagine all those WP users with this plugin who don't know about this security vulnerability. And there are many other concerns related to WordPress as we explain below.
You know it's bad when you've got dedicated blogs called, "The Ultimate Guide to Fixing and Troubleshooting the Most Common WordPress Errors (70+ Issues)
" and similar articles being made to help WP site owners.
The blog says it's practically impossible to know every potential WP error and that's just using the platform itself. Adding more WP plugins adds to the complications of having to keep track of updating them or knowing if they're outdated. That further adds to the frustrations, costs, and time loss to maintain WP plugins and their websites.
So what does one do with all these WordPress concerns, security risks, and having to keep track of all the plugins and their required updates? The simple answer: use a platform that doesn't rely on plugins. Does one exist you ask? It does and it's called WebFindYou.
WebFindYou is the combination of WordPress, plus Shopify, plus Mail Chimp, plus Hootsuite, plus any necessary SEO plugin you can think of, plus pretty much every other tool you could possibly need to maximize leads, sales, and conversions to implement digital marketing. But better yet, WebFindYou is all those other guys, but at a fraction of the cost, and it greatly simplifies the implementation of True Digital Marketing since it provides sequential steps you just need to follow.
So ditch the plugins and switch your website over to WebFindYou. Check out this video going over exactly what you get with WebFindYou
to learn about our powerful All-in-One Digital Marketing Technology.