Menu
Our foundational approach blocks malicious attempts to exploit the top 14 (and growing) most-common vulnerability types instead of addressing each vulnerability separately.
Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.5
Vulnerability: The improper credential validation on the plugin allows unauthenticated attackers to escalate privileges if the administrator’s email is known.
Normal approach: Fix the improper credential validation
DefendWP approach: Block the admin user login if they log in without entering a password.
Plugin: Booster for WooCommerce ˂=7.0.0
Vulnerability: Unauthorized modification of data due to a missing capability check on the ‘manage_options’ function. This makes it possible for authenticated attackers with Shop Manager privileges to update arbitrary site options.
Normal approach: Fix the missing capability check on the ‘manage_options’ function.
DefendWP approach: Block all non-admin users from updating the wp_options table.
Plugin: Loco Translate < 2.5.4
Vulnerability: The plugin mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated “translator” users being able to inject PHP code into files ending with .php in web-accessible locations.
Normal approach: Fix the improper data handling
DefendWP approach: Block all PHP code or a PHP file that is being added through POST calls or forms maliciously.
Plugin: REST API TO MiniProgram <= 4.6.8.1
Vulnerability: The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users, such as subscribers to call and delete arbitrary attachments.
Normal approach: Implement proper authorization checks
DefendWP approach: Block all unauthenticated users from deleting media attachments.
A foundational approach to defending your WordPress websites, even with vulnerable plugins and themes installed.
108 W. 13th Street,
Suite 100, Wilmington,
DE 19801
By the same team behind InfiniteWP and WP Time Capsule.