WordPress store owners, beware! Three popular e-commerce plugins – Paid Memberships Pro, Easy Digital Downloads, and Survey Maker – had security vulnerabilities from December 2022 until recently. These vulnerabilities, known as SQL injection attacks, could have allowed hackers to inject malicious code and potentially steal sensitive data or even take control of websites.
The affected plugins are Paid Memberships Pro (with over 100,000 installs), Easy Digital Downloads (over 50,000 installs), and Survey Maker (over 3,000 installs). Thankfully, the good news is that all three plugins have released updates that patch these vulnerabilities. Updating to the latest versions is crucial: Paid Memberships Pro (version 2.9.8), Easy Digital Downloads (version 3.1.0.4), and Survey Maker (version 3.1.2).
This incident highlights the importance of keeping your WordPress plugins up-to-date. Security researcher Joshua Martinell discovered the vulnerabilities and responsibly reported them to the plugin developers in December 2022. The developers deserve credit for acting quickly and releasing patches within days or weeks.
Remember, prompt patching of vulnerabilities is essential for website security. Make sure to regularly update all your WordPress plugins and core software to minimize security risks and protect your online store.
