See how DefendWP protects your website even if vulnerable plugins are installed.
Plugin: Loco Translate < 2.5.4
Vulnerability: The plugin mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated “translator” users being able to inject PHP code into files ending with .php in web-accessible locations.
DefendWP protects your website by identifying if PHP code or a PHP file is being added through POST calls or forms maliciously.
Plugin: Booster for WooCommerce ˂=7.0.0
Vulnerability: Unauthorized modification of data due to a missing capability check on the ‘manage_options’ function. This makes it possible for authenticated attackers with Shop Manager privileges to update arbitrary site options.
DefendWP protects your website by blocking non-admin users from updating the wp_options table.
Plugin: REST API TO MiniProgram <= 126.96.36.199
Vulnerability: The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users, such as subscriber to call and delete arbitrary attachments.
DefendWP protects your website by preventing an unauthenticated user from deleting media attachments.
Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5
Vulnerability: The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if administrator’s email is known.
DefendWP protects your website by blocking the admin user login if they log in without entering a password.