plugins — LowEndSpirit DEV

WordPress Plugins and Themes vulnerability: March Edition

vyas — Tue, 01 Mar 2022 22:54:14 +0000

This is the Motherload

https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a

From the post

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.

Attack on ~ 1.5 Mn WordPress Sites

vyas — Fri, 10 Dec 2021 17:46:47 +0000

https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/

Check the themes and plugins in the list. If present. maybe disable!

The affected plugins and their versions are:

PublishPress Capabilities
Kiwi Social Plugin
Pinterest Automatic
WordPress Automatic

The targeted Epsilon Framework themes are:

Shapely
NewsMag
Activello
Illdy
Allegiant
Newspaper X
Pixova Lite
Brilliance
MedZone Lite
Regina Lite
Transcend
Affluent
Bonkers
Antreas
NatureMag Lite – No patch available

Among the top 10 attack machines have
Contabo and OVH ips

( I had read 1.9 Mn sites elsewhere, the bleeping computer link mentions 1.6 Mn. Updated the title)

Any Direct Admin Backup Plugins that supports Debian

sweatbar — Wed, 30 Dec 2020 13:40:29 +0000

Hello folks,

Do you know any backup plugins for Direct Admin that supports FTP Backups which runs on Debian 10 ?
JetBackup - Not Supported
Dabackup- No remote ftp backup