5 Risky WordPress Plugins 2016: Should Know Every Blogger

Guest Post by Mahe Karim

Buddy Can you remember Any Cyber War?

I Think You Have Heard or Have a Bit of Knowledge About Cyber War or Hacking.

Every Year Every Second There are many Site Being Hacked. You Can See live Attack’s From Norse.

And Maximum Site of The World build With WordPress CMS.Risky WordPress Plugins

Why WordPress?

Many Tech Expert Suggest You WordPress Because of its Easy, User Friendly Customization, No need to Know Coding, Many Useful Plugin.

Ok, are you running your site With WordPress and Their free Plugin?

Stop, there is a Bad News for you. There are many plugin vulnerable and it’s the cause of hacked. Yes, An Un updated Plugin is a mighty cause of being Hacked.

Technology Update, Day by Day, Hacker Update Their Brain, Skills Day by Day, So It’s So Many Important for You, Be a Smart Blogger .Most Of All Blogger and Tech Expert Will Suggest You Be Update with New Technology.

See how many WordPress user in The World

wordpress user worldwide

Source: Google.com

Since Few year, The Hacked Site number are growing numerously.

From My Research I saw that behind The Wall of Hacked WordPress site Backdated Plugin are Responsible mainly.

Before start the lesson just know a bit of knowledge,

What Is Plugin?

“A plugin is a piece of software containing a group of functions that can be added to a WordPress website – from wpbeginner

If your site is being an Android phone, plugins are just App for you Buddy.

How It Help To hack Your Site?

Plugin are just wrote by PHP code, after make a plugin few month later Security Expert, Hacker Try To Inject it with Malware script or they try to defeat it Anyhow.

When it will backdated it will more risky For You.

Solve?

How to Solve?Here it’s a Big Question “How to Solve IT? “

The Answer is That Just Update Your Self Day By Day.

You can update this Plugin from Your WordPress Dashboard. You can

Here Is a List of 5 Risky WordPress Plugin 2016 for You,

  1. Add This Sharing Buttons Plugin

AddThisAffect Version: <= 5.0.12

Security Hell: Authenticated Cross Site Scripting [XSS]

I write in First because Maximum Blogger Sure Use It J

Add This Plugin Is a Popular Social Sharing Plugin in WordPress CMS. Installed More Than 1+ Million WordPress User. It’s Share Your Content/Page in Social Media Easily. As a Result you get Huge Visitor. It will increase Your PA & DA. I saw Many Famous Blogger They are still Old Version.

Anyway, under <=5.0.12 Version All Those are injected by XSS Method. XSS Method is a Popular in Hacker Community .Older Version Can Breach Your Site Security Easily. So Be Aware about This Plugin .Try To Buy Premium Plugin. It will Automatic Update You.

Reference & How to Fixed It:

Look This Pic You will clear,reference and solution for adthis plugin

Go To Update and read this reference from these site. I hope it will clear you. In their site They Show result what’s the fixed version .Hope it will work.

  1. Jetpack Plugin

JetpackAffect Version: <=3.7.0

Security Hell:

  • RPC Access Control Bypass
  • Cross Site Scripting (XSS)
  • Unauthenticated Dom Cross Site Scripting (XSS)
  • Stored Cross Site Scripting (XSS)
  • Information Disclosure

Jetpack is a cool Plugin for every Smart Blogger. Many Lazy Blogger Don’t Update Their Plugin, WordPress and They Don’t Look to the Security Matter .But I saw many Legend Blogger Told about this important matter.

It offer to their client some cool and gorgeous feature like

  • Publicize
  • WordPress Stats
  • Sharing
  • Contact Form
  • Shortcode Embeds
  • Extra Sidebar Widgets
  • Enhanced Distribution

And so many extra Ordinary cool feature .But In Security Side, It’s vulnerable less than 3.7.0 version.

Reference & How to Fixed It:

I handover you a Big list of Jetpack Vulnerable Version Plugin. Haaa Haaa Ha Ha Ha It seems to be big But It’s Still needy For Your Site.reference and solution for jetpack plugin

Transfer Your Plugin from Those recommended version it will fixed. Now you are tense free from these Tense.

  1. CommentLuv Plugin

CommentLuv PluginAffect Version: From 2.92.3 Older

Security Hell: Cross Site Scripting Vulnerability

There is controversial talk about CommentLuv Some Blogger Tag It’s a Worthy some Blogger Never Recommended It J but I think it can be good stuff for your blog. CommentLuv Premium Version are available 3 types of Site J

It just furniture of your blog and capture your viewer’s & reader’s comment

Reference & How to Fixed It:

CommentLuv Topic was shared in many international Blog .And in cyber war many site hacked for this Un Update Plugin, I repeat again XSS Hacking method is very popular in Hacker Community.reference and solution for commentluv plugin

So Next Time Be Careful about This and I suggest try to Its Premium version that will Enhanced your blog efficient. And it’s really awesome.

  1. WP Super Cache

WP Super CacheAffect Version: 1.4.4 from Older

Security Hell:

  • Remote Code Execution
  • URI XSS on searchengine.php, domain-mapping.php , wptouch.php , badbehaveiour.php and Many
  • Persistant Cross- Site Scripting (XSS)
  • Cross Site Scripting – XSS
  • PHP Object Injection

I check many popular Blogger I surprised that these blogs are affected by it. Please Bloggers Check This and Take a Relax.

If it affected your site, you can be hacked in many way, more than 10+ way have for hack you. In picture I will show you at a Glance, How it deface your site. You See The Security Hell , Here RCE – Remote Code Execution is a Method That Who are Newbie in Hacking they try To use this method  Hope You will check your site.

Reference & How to Fixed It: reference and solution for wp super cache plugin

See Huge list Of Vulnerability of this Plugin. I Hope You all guys Clear it From This Epic Hot Picture 😀

  1. Ad Inserter

Ad Inserter - Risky WordPress PluginAffect Version: <=1.5.5

Security Hell:

  • CSRF
  • XSS
  • Authenticated XSS

I know many blogger AND AdSense publishers Use This Easy Plugin. But Bro You Have To Concern in Security Issue. It’s So Needy Plugin for Newbie Blogger and AdSense Publisher. Update It and Stay With Their Awesome Stuff.

You can put Many Famous Ad Service like Google AdSense, InfoLinks, ClickBank and also Amazon.com Ad.

Reference & How to Fixed It:

reference and solution for ad inserter pluginIt Have total 3 Major Vulnerable. It’s CSRF, XSS. Keep Update Your

Mind and I repeat Be Update .An You Must Have to know XSS and CSRF Based Knowledge.

Some Talk

I research, check on many famous blog. It’s my hobby work as an Information Security System Engineer J it’s my Hobby Not Job.

I alert many Indian, Bangladeshi blogger J any way … Let’s come to the main point ….

Before Downloading any plugins to your site, you should make sure that you’re downloading this from Official WordPress Site. It’s secure site no chance to add Malware, Virus, Trojan infected Plugin.

If you uninstall any Useless plugin Pleases Remove from your cPanel from also.

If you want to be a professional Blogger, Affiliate Marketer or AdSense Publisher, you must be take a strong step on Security Hell. See Facebook, YouTube They invest Huge money in Security. As a Startup Company or blogger you have to just update in hacking knowledge .In western Country, Many Blogger GO to Security Research/Engineer for treatment their site J

Not only Western Country, Recently Our Indian Sub Continental Blogger doing also.

Ok Best of Luck!! Allah Hafiz.

Author Bio:

Mahe Karim is A Tech Entrepreneur, Tech blogger, SEO Researcher Who works On Symantec Lab, LLC. You can stay with him On About.

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I agree to have my personal information transfered to MailChimp ( more information )

I will never give away, trade or sell your email address. You can unsubscribe at any time.

2 Comments

Leave a Reply

CommentLuv badge

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker. Otherwise, it will tough for us to run and maintain the blog.

Refresh
This Domain Is For Sale!Buy Now!